-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use pypiorg instead #52
Conversation
274661f
to
e655e64
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, I saw you were looking for a review of this. As far as integrating w/ the new PyPI, this looks good to me!
Thanks @di! Perhaps something like this: if args.algorithm != 'sha256' and args.algorithm not in digests:
print("Your preferred algorithm isn't available in the JSON. It has to be computed for every file and every file needs to be downloaded. Are you sure you can't use 'sha256'?") ...or something like that. |
@peterbe Makes sense. You might want to try to shell out to |
@di Yeah, I saw some scary noise about that in other pypi issues today. The difference between 9.0.1 and 9.0.2 broke for some people. |
@peterbe Yeah, it would be a big change, but one you're probably going to have to make soon. I'm not totally sure what you mean about getting the "right" |
@di If you install Perhaps it doesn't matter. All we're asking this |
@peterbe Could always invoke it with I have some ideas about making a |
Do you mean to change this line to |
Ah, no, I'm saying instead of shelling out to subprocess.call(['pip', 'hash', ...]) you would do subprocess.call(['python', '-m', 'pip', 'hash', ...]) |
Blogged about it: https://www.peterbe.com/plog/hashin-0.12.0 |
@di What version of Python does that require? I think |
@peterbe It was added in Python 2.5: https://www.python.org/dev/peps/pep-0338/ |
Seems to work in theory (and unit tests).
Changes:
https://pypi.python.org/pypi/<package>/json
it useshttps://pypi.org/pypi/<package>/json
instead.sha256
digest included already for every release. So if the chosen algorithm issha256
we can just extract it from the JSON instead of having to download the file and runpip
on it.