Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide wheel distribution on PyPI #38

Open
edmorley opened this issue Jul 19, 2017 · 2 comments
Open

Provide wheel distribution on PyPI #38

edmorley opened this issue Jul 19, 2017 · 2 comments

Comments

@edmorley
Copy link

edmorley commented Jul 19, 2017
edited
Loading

Hi!

Please could this package also by made available as a wheel on PyPI?
https://pypi.python.org/pypi/promise/2.0.2

Wheels have the following advantages:

  • Faster installation time
  • Allows the wheel cache to work even when using the new pip hash-checking mode
  • Allows tools to statically inspect the package metadata without having to execute untrusted code.
  • ...and more - see: http://pythonwheels.com

This package is pure Python and supports both Python 2 and 3, so in theory could be distributed as a "universal wheel":
https://packaging.python.org/tutorials/distributing-packages/#wheels

...however I notice that there's some __builtin__ vs builtins workaround going on here:

promise/setup.py

Lines 4 to 9 in 5177e53

if sys.version_info[0] < 3:
import __builtin__ as builtins
else:
import builtins
builtins.__SETUP__ = True

...which I believe means separate wheels have to be generated for each of Python 2 and 3.

The Python packaging guide recommends using Twine to upload packages:
https://packaging.python.org/tutorials/distributing-packages/#uploading-your-project-to-pypi

As such, the steps for building/uploading a new release are then:

$ pip2 install -U twine setuptools wheel
$ pip3 install -U setuptools wheel
$ rm -rf dist/ build/
$ python2 setup.py sdist bdist_wheel
# Work around https://bitbucket.org/pypa/wheel/issues/147/bdist_wheel-should-start-by-cleaning-up
$ rm -rf build/
$ python3 setup.py bdist_wheel
$ twine upload dist/*

The PyPI package listing will then display three entries for the new release, one with type "Source" and two of type "Python Wheel" (one for each of Python 2 and 3).

Many thanks :-)
@edmorley
Copy link
Author

Hi!

I noticed that the latest release (2.1) now includes a wheel for Python 2:
https://pypi.python.org/pypi/promise/2.1

I don't suppose the Python 3 wheel could also be uploaded? :-)

@PawelLipski
Copy link

+1 for this one... as long as promise is only available as sdist and not as a bdist_wheel, we can't just use pip install --only-binary :all:... which is in turn a great mitigation for arbitrary code execution inherent to sdists. See https://github.com/mschwager/0wned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edmorley @PawelLipski