Get or build wheels for isolated installation of a Python package
Project description
wheel-getter
What's the problem?
I want to install (locally authored) Python packages on servers that (for security and other reasons) can't retrieve packages from PyPI or that (for security reasons) don't have compilers and other development tools installed. And I want to be sure that the same packages are installed as in my development or staging environment, identified by a hash checksum.
My workflows are based on uv, which is fast and has other advantages in
comparison to pip, pip-tools and other “legacy” tools. Unfortunately uv
doesn't (yet?) offer an export of wheels (like pip wheel) that were
downloaded or locally built. AFAICT uv doesn't even cache downloaded wheel
but just their contents (which makes copying / hardlinking them into venv's
faster).
How can wheel-getter help?
This tool reads uv's lockfile and downloads the same wheels that uv has used for the current project. The lockfile contains checksums for these wheels; they are checked against the downloaded files.
For locally built wheels the lockfile has “sdist” information with URLs and
checksums for the source archives. The wheel-getter tool retrieves these
archives, invokes uv build and grabs the resulting wheels.
For these freshly made wheels some metadata is added to the wheel directory, containing file size and checksum so that the wheels can be verified.
Can wheel-getter guarantee workflow security?
No. Use it at your own risk.
How can I install this tool?
The easiest way is uv tool install wheel-getter; there are plenty of
alternatives, of course.
How should I use wheel-getter?
It is recommended to cd into the base directory of your project where your
pyproject.toml file lives, after having locked and synced (and tested) the
project. Then invoke wheel-getter, specifying the Python version unless it's
the one that executes wheel-getter itself:
wheel-getter --python=3.11
If all is well, all required wheels should be collected in the wheels
subdirectory (or the output directory specified by --wheelhouse).
Please note that no wheels are built for packages installed as editable; you should build them as usual and copy them to the “wheelhouse” yourself.
Since this tool has only been tested and used under Linux, there can (and will) be problems with other OSes.
If you find a bug or want to improve this tool …
… you are welcome to write a bug report or, preferably, supply a PR. Please be aware, though, that I may be slow (but willing) to respond; my primary concern is that this tool works for me, and I probably haven't run into lots of edge and corner cases.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wheel_getter-0.1.0.tar.gz.
File metadata
- Download URL: wheel_getter-0.1.0.tar.gz
- Upload date:
- Size: 18.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b8b4d8e665ea46870bee9d690a9f39b890b27e6696d8a9faf74d9bda57493a7d
|
|
| MD5 |
a6a23b7f2522b1bd55b14ef5b9aa2178
|
|
| BLAKE2b-256 |
19a4054e54c00260cf440ad12afdfc6bdca4c40c6d8ec6e65d51c4bc2134d82e
|
File details
Details for the file wheel_getter-0.1.0-py3-none-any.whl.
File metadata
- Download URL: wheel_getter-0.1.0-py3-none-any.whl
- Upload date:
- Size: 21.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fa88e6927c69ded54b10bb79eee37a0e909f312daaeaa8c4c7cb7117bec92376
|
|
| MD5 |
c39cf637ee83c95f65d9ee8b087db215
|
|
| BLAKE2b-256 |
b127a41fc35042c418dfa19a6d91cab4166c1e1bb043724ed4f390d364c6573d
|
