Edits your requirements.txt by peep-hashing them
Project description
======
Peepin
======
.. image:: https://travis-ci.org/peterbe/peepin.svg?branch=master
:target: https://travis-ci.org/peterbe/peepin
This tool makes it easier to update your strict "peep-ready"
``requirements.txt`` file.
If you want to add a package or edit the version of one you're currently
using you have to do the following steps:
1. Go to pypi for that package
2. Download the .tgz file
3. Possibly download the .whl file
4. Run `peep hash downloadedpackage-1.2.3.tgz`
5. Run `peep hash downloadedpackage-1.2.3.whl`
6. Edit requirements.txt
This script does all those things.
Hackishly wonderfully so.
A Word of Warning!
==================
The whole point of peep is that you vet the packages that you use
on your laptop and that they haven't been tampered with. Then you
can confidently install them on a server.
This tool downloads from PyPI (over HTTPS) and runs ``peep hash``
on the downloaded files.
You still need to check that the packages that are downloaded
are sane.
You might not have time to go through the lines one by one
but you should be aware that the vetting process is your
responsibility.
Installation
============
This is something you only do or ever need in a development
environment. Ie. your laptop::
pip install peepin
How to use it
=============
Suppose you want to install ``futures``. You can either do this::
peepin futures
Which will download the latest version tarball (and wheel) and
calculate their peep hash and edit your ``requirements.txt`` file.
Or you can be specific about exactly which version you want::
peepin "futures==2.1.3"
Suppose you don't have a ``requirements.txt`` right there in the same
directory you can do this::
peepin "futures==2.1.3" stuff/requirementst/prod.txt
If there's not output. It worked. Check how it edited your
requirements files.
Runnings tests
==============
Simply run:
python setup.py test
Ode to Erik Rose
================
Just in case you didn't know;
`peep <https://github.com/erikrose/peep>`_ is awesome.
It makes it possible to confidently leave
third-party packages to be installed on the server without needing to
be checked into some sort of "vendor" directory.
Having said that, if you don't care about security or repeatability.
Then Erik is just a dude with a goatee.
Version History
===============
0.10
* If you had lines like `http://github.com/some.zip#egg=package` in
the requirements the editing of lines got confused.
0.9
* setup.py installs argparse if you're on python 2.6
0.8
* Avoid editing the requirements file if no packages are found, fixed #3
0.7
* Ability to download binary URLs
0.6
* Works in python 2.6, 2.7, 3.3 and 3.4
0.5
* Fix for multi-version packages like Django
0.4
* Be verbose about downloaded files
0.3
* Regression
0.2
* --verbose option
0.1
* Works
Peepin
======
.. image:: https://travis-ci.org/peterbe/peepin.svg?branch=master
:target: https://travis-ci.org/peterbe/peepin
This tool makes it easier to update your strict "peep-ready"
``requirements.txt`` file.
If you want to add a package or edit the version of one you're currently
using you have to do the following steps:
1. Go to pypi for that package
2. Download the .tgz file
3. Possibly download the .whl file
4. Run `peep hash downloadedpackage-1.2.3.tgz`
5. Run `peep hash downloadedpackage-1.2.3.whl`
6. Edit requirements.txt
This script does all those things.
Hackishly wonderfully so.
A Word of Warning!
==================
The whole point of peep is that you vet the packages that you use
on your laptop and that they haven't been tampered with. Then you
can confidently install them on a server.
This tool downloads from PyPI (over HTTPS) and runs ``peep hash``
on the downloaded files.
You still need to check that the packages that are downloaded
are sane.
You might not have time to go through the lines one by one
but you should be aware that the vetting process is your
responsibility.
Installation
============
This is something you only do or ever need in a development
environment. Ie. your laptop::
pip install peepin
How to use it
=============
Suppose you want to install ``futures``. You can either do this::
peepin futures
Which will download the latest version tarball (and wheel) and
calculate their peep hash and edit your ``requirements.txt`` file.
Or you can be specific about exactly which version you want::
peepin "futures==2.1.3"
Suppose you don't have a ``requirements.txt`` right there in the same
directory you can do this::
peepin "futures==2.1.3" stuff/requirementst/prod.txt
If there's not output. It worked. Check how it edited your
requirements files.
Runnings tests
==============
Simply run:
python setup.py test
Ode to Erik Rose
================
Just in case you didn't know;
`peep <https://github.com/erikrose/peep>`_ is awesome.
It makes it possible to confidently leave
third-party packages to be installed on the server without needing to
be checked into some sort of "vendor" directory.
Having said that, if you don't care about security or repeatability.
Then Erik is just a dude with a goatee.
Version History
===============
0.10
* If you had lines like `http://github.com/some.zip#egg=package` in
the requirements the editing of lines got confused.
0.9
* setup.py installs argparse if you're on python 2.6
0.8
* Avoid editing the requirements file if no packages are found, fixed #3
0.7
* Ability to download binary URLs
0.6
* Works in python 2.6, 2.7, 3.3 and 3.4
0.5
* Fix for multi-version packages like Django
0.4
* Be verbose about downloaded files
0.3
* Regression
0.2
* --verbose option
0.1
* Works
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
peepin-0.10.tar.gz
(5.5 kB
view details)
Built Distributions
peepin-0.10-py3-none-any.whl
(6.9 kB
view details)
peepin-0.10-py2-none-any.whl
(6.9 kB
view details)
File details
Details for the file peepin-0.10.tar.gz.
File metadata
- Download URL: peepin-0.10.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
772be87b4caf95a12b6a972ca08f8f0dad0d9e98b58285eea074b29916d16531
|
|
| MD5 |
aeb9cf1d0eba8e6ee501e85f17ddd203
|
|
| BLAKE2b-256 |
5806deaf946df16478d4e523223ac2bc5a056f3d8bd2822488a5961d5ff4187a
|
File details
Details for the file peepin-0.10-py3-none-any.whl.
File metadata
- Download URL: peepin-0.10-py3-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3220774722f7dc2fb886bc2c8a37c5bd78a7579d7a5a0c1e6ab1b68888d86d74
|
|
| MD5 |
4522171b9a4e9b2f27d21488c2f9e8f8
|
|
| BLAKE2b-256 |
e3d9aa78ab2603b8b2909fee48565fb08269c103a24a71bd251734cea77bfbe6
|
File details
Details for the file peepin-0.10-py2-none-any.whl.
File metadata
- Download URL: peepin-0.10-py2-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1f4a9a85d725acada4d73d2f9038713a47954294397ed0fd2eead76454b1b31c
|
|
| MD5 |
0a4b0da9f36476a47d0044625ebbbc19
|
|
| BLAKE2b-256 |
488f7b1ce22d39eaf5653fbe3741907922f49b71f15203912a2a288f8c298ba0
|
