Skip to main content

Edits your requirements.txt by peep-hashing them

Project description

======
Peepin
======

.. image:: https://travis-ci.org/peterbe/peepin.svg?branch=master
:target: https://travis-ci.org/peterbe/peepin

This tool makes it easier to update your strict "peep-ready"
``requirements.txt`` file.

If you want to add a package or edit the version of one you're currently
using you have to do the following steps:

1. Go to pypi for that package
2. Download the .tgz file
3. Possibly download the .whl file
4. Run `peep hash downloadedpackage-1.2.3.tgz`
5. Run `peep hash downloadedpackage-1.2.3.whl`
6. Edit requirements.txt

This script does all those things.
Hackishly wonderfully so.

A Word of Warning!
==================

The whole point of peep is that you vet the packages that you use
on your laptop and that they haven't been tampered with. Then you
can confidently install them on a server.

This tool downloads from PyPI (over HTTPS) and runs ``peep hash``
on the downloaded files.

You still need to check that the packages that are downloaded
are sane.

You might not have time to go through the lines one by one
but you should be aware that the vetting process is your
responsibility.

Installation
============

This is something you only do or ever need in a development
environment. Ie. your laptop::

pip install peepin

How to use it
=============

Suppose you want to install ``futures``. You can either do this::

peepin futures

Which will download the latest version tarball (and wheel) and
calculate their peep hash and edit your ``requirements.txt`` file.

Or you can be specific about exactly which version you want::

peepin "futures==2.1.3"

Suppose you don't have a ``requirements.txt`` right there in the same
directory you can do this::

peepin "futures==2.1.3" stuff/requirementst/prod.txt

If there's not output. It worked. Check how it edited your
requirements files.

Runnings tests
==============

Simply run:

python setup.py test


Ode to Erik Rose
================

Just in case you didn't know;
`peep <https://github.com/erikrose/peep>`_ is awesome.
It makes it possible to confidently leave
third-party packages to be installed on the server without needing to
be checked into some sort of "vendor" directory.

Having said that, if you don't care about security or repeatability.
Then Erik is just a dude with a goatee.

Version History
===============

0.10
* If you had lines like `http://github.com/some.zip#egg=package` in
the requirements the editing of lines got confused.

0.9
* setup.py installs argparse if you're on python 2.6

0.8
* Avoid editing the requirements file if no packages are found, fixed #3

0.7
* Ability to download binary URLs

0.6
* Works in python 2.6, 2.7, 3.3 and 3.4

0.5
* Fix for multi-version packages like Django

0.4
* Be verbose about downloaded files

0.3
* Regression

0.2
* --verbose option

0.1
* Works

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

peepin-0.10.tar.gz (5.5 kB view details)

Uploaded Source

Built Distributions

peepin-0.10-py3-none-any.whl (6.9 kB view details)

Uploaded Python 3

peepin-0.10-py2-none-any.whl (6.9 kB view details)

Uploaded Python 2

File details

Details for the file peepin-0.10.tar.gz.

File metadata

  • Download URL: peepin-0.10.tar.gz
  • Upload date:
  • Size: 5.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for peepin-0.10.tar.gz
Algorithm Hash digest
SHA256 772be87b4caf95a12b6a972ca08f8f0dad0d9e98b58285eea074b29916d16531
MD5 aeb9cf1d0eba8e6ee501e85f17ddd203
BLAKE2b-256 5806deaf946df16478d4e523223ac2bc5a056f3d8bd2822488a5961d5ff4187a

See more details on using hashes here.

File details

Details for the file peepin-0.10-py3-none-any.whl.

File metadata

File hashes

Hashes for peepin-0.10-py3-none-any.whl
Algorithm Hash digest
SHA256 3220774722f7dc2fb886bc2c8a37c5bd78a7579d7a5a0c1e6ab1b68888d86d74
MD5 4522171b9a4e9b2f27d21488c2f9e8f8
BLAKE2b-256 e3d9aa78ab2603b8b2909fee48565fb08269c103a24a71bd251734cea77bfbe6

See more details on using hashes here.

File details

Details for the file peepin-0.10-py2-none-any.whl.

File metadata

File hashes

Hashes for peepin-0.10-py2-none-any.whl
Algorithm Hash digest
SHA256 1f4a9a85d725acada4d73d2f9038713a47954294397ed0fd2eead76454b1b31c
MD5 0a4b0da9f36476a47d0044625ebbbc19
BLAKE2b-256 488f7b1ce22d39eaf5653fbe3741907922f49b71f15203912a2a288f8c298ba0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page