Edits your requirements.txt by hashing them in
Project description
Helps you write your requirements.txt with hashes so you can install with pip install --require-hashes -r ...
If you want to add a package or edit the version of one you’re currently using you have to do the following steps:
Go to pypi for that package
Download the .tgz file
Possibly download the .whl file
Run pip hash downloadedpackage-1.2.3.tgz
Run pip hash downloadedpackage-1.2.3.whl
Edit requirements.txt
This script does all those things. Hackishly wonderfully so.
A Word of Warning!
The whole point of hashing is that you vet the packages that you use on your laptop and that they haven’t been tampered with. Then you can confidently install them on a server.
This tool downloads from PyPI (over HTTPS) and runs pip hash on the downloaded files.
You still need to check that the packages that are downloaded are sane.
You might not have time to go through the lines one by one but you should be aware that the vetting process is your responsibility.
Installation
This is something you only do or ever need in a development environment. Ie. your laptop:
pip install hashin
How to use it
Suppose you want to install futures. You can either do this:
hashin futures
Which will download the latest version tarball (and wheel) and calculate their pip hash and edit your requirements.txt file.
Or you can be specific about exactly which version you want:
hashin "futures==2.1.3"
Suppose you don’t have a requirements.txt right there in the same directory you can do this:
hashin "futures==2.1.3" stuff/requirementst/prod.txt
If there’s not output. It worked. Check how it edited your requirements files.
Runnings tests
Simply run:
python setup.py test
Debugging
To avoid having to install hashin just to test it or debug a feature you can simply just run it like this:
touch /tmp/whatever.txt python hashin.py --verbose Django /tmp/whatever.txt
History
This program is a “fork” of https://pypi.python.org/pypi/peepin peepin was a companion to the program peep https://pypi.python.org/pypi/peep/ but the functionality of peep has been put directly into pip as of version 8.
Version History
- 0.1
First, hopefully, working version.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
