Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add pip-compile and hash support for security/reproducibility #496

Merged
merged 2 commits into from
Oct 11, 2020
Merged

add pip-compile and hash support for security/reproducibility #496

merged 2 commits into from
Oct 11, 2020

Conversation

mflaxman
Copy link
Contributor

@mflaxman mflaxman commented Oct 9, 2020

I'm running into a strange bug in #476, and I suspect that broken versioning is at play (though I'm not certain) so I decided to add this to specter, especially since it is very good for security. Read more about --require-hashes here.

I updated the steps for pip to first install from requirements.txt and then second install -e . as this seems to be the best practice for validating those hashes on build (kind of hackey).

@mflaxman
Copy link
Contributor Author

mflaxman commented Oct 9, 2020

Foiled by my own blackifier being down! This does indeed pass locally:

$ black . --check
All done! ✨ 🍰 ✨
64 files would be left unchanged.

@mflaxman
Copy link
Contributor Author

mflaxman commented Oct 9, 2020

Black is now fixed in #497

Once that is merged this should pass.

@mflaxman mflaxman mentioned this pull request Oct 9, 2020
Closed
@mflaxman
Copy link
Contributor Author

Black passes again, this is ready to merge! (Don't know how to get TravisCI to run)

@k9ert
Copy link
Collaborator

k9ert commented Oct 11, 2020

Thank you very much! This is really awesome PR. I didn't knew that this is possible and also haven't understood all implications but this is definitely very usefull. I tested the branch and the pip-installation worked. So this LGTM, i'd merge.
@ben-kaufman and @stepansnigirev please confirm, at least one of you!

@stepansnigirev
Copy link
Collaborator

Looks good to me!

@stepansnigirev stepansnigirev merged commit 2a7e6ae into cryptoadvance:master Oct 11, 2020
@k9ert k9ert mentioned this pull request Oct 17, 2020
Merged
@k9ert k9ert mentioned this pull request Nov 13, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stepansnigirev stepansnigirev stepansnigirev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mflaxman @k9ert @stepansnigirev