======
hashin
======
.. image:: https://github.com/peterbe/hashin/workflows/Python/badge.svg
:target: https://github.com/peterbe/hashin/actions
.. image:: https://badge.fury.io/py/hashin.svg
:target: https://pypi.python.org/pypi/hashin
Helps you write your ``requirements.txt`` with hashes so you can
install with ``pip install --require-hashes -r ...``
If you want to add a package or edit the version of one you're currently
using you have to do the following steps:
1. Go to pypi for that package
2. Download the ``.tgz`` file
3. Possibly download the ``.whl`` file
4. Run ``pip hash downloadedpackage-1.2.3.tgz``
5. Run ``pip hash downloadedpackage-1.2.3.whl``
6. Edit ``requirements.txt``
This script does all those things.
Hackishly wonderfully so.
A Word of Warning!
==================
The whole point of hashing is that you **vet the packages** that you use
on your laptop and that they haven't been tampered with. Then you
can confidently install them on a server.
This tool downloads from PyPI (over HTTPS) and runs ``pip hash``
on the downloaded files.
You should check that the packages that are downloaded
are sane and not tampered with. The way you do that is to run
``hashin`` as normal but with the ``--verbose`` flag. When you do that
it will print where it downloaded the relevant files and those
files are not deleted. For example::
$ hashin --verbose bgg /tmp/reqs.txt
https://pypi.python.org/pypi/bgg/json
* Latest version for 0.22.1
* Found URL https://pypi.python.org/packages/2.7/b/bgg/bgg-0.22.1-py2-none-any.whl
* Re-using /var/folders/1x/2hf5hbs902q54g3bgby5bzt40000gn/T/bgg-0.22.1-py2-none-any.whl
* Hash e5172c3fda0e8a42d1797fd1ff75245c3953d7c8574089a41a219204dbaad83d
* Found URL https://pypi.python.org/packages/source/b/bgg/bgg-0.22.1.tar.gz
* Re-using /var/folders/1x/2hf5hbs902q54g3bgby5bzt40000gn/T/bgg-0.22.1.tar.gz
* Hash aaa53aea1cecb8a6e1288d6bfe52a51408a264a97d5c865c38b34ae16c9bff88
* Editing /tmp/reqs.txt
You might not have time to go through the lines one by one
but you should be aware that the vetting process is your
responsibility.
Installation
============
This is something you only do or ever need in a development
environment. Ie. your laptop::
pip install hashin
How to use it
=============
Suppose you want to install ``futures``. You can either do this::
hashin futures
Which will download the latest version tarball (and wheel) and
calculate their pip hash and edit your ``requirements.txt`` file.
Or you can be specific about exactly which version you want::
hashin "futures==2.1.3"
You can also specify more than one package at a time::
hashin "futures==2.1.3" requests
Suppose you don't have a ``requirements.txt`` right there in the same
directory you can specify ``--requirements-file``::
hashin futures --requirements-file=stuff/requirements/prod.txt
By default ``sha256`` hashes are used, but this can be overridden using the
``--algorithm`` argument::
hashin futures --algorithm=sha512
If there's no output, it worked. Check how it edited your
requirements file.
Filtering releases by Python version
====================================
Some requirements have many releases built for different versions of Python and
different architectures. These hashes aren't useful in some cases, if those
wheels don't work with your project. ``hashin`` can filter on the Python
version to skip these extraneous hashes.
For example, the ``cffi`` package offers wheels built for many versions of
CPython from 2.6 to 3.5. To select only one of them, you can use the
``--python-version`` option::
hashin "cffi==1.5.2" --python-version 3.5
If you need to support multiple versions, you can pass this option multiple
times::
hashin "cffi==1.5.2" --python-version 2.7 --python-version 3.5
``hashin`` will expand these Python versions to a full list of identifers that
could be found on PyPI. For example, ``3.5`` will expand to match any of
``3.5``, ``py3``, ``py3.5``, ``py2.py3``, or ``cp3.5``. You can also specify
these exact identifiers directly, if you need something specific.
The ``source`` release is always automatically included. ``pip`` will use
this as a fallback in the case a suitable wheel cannot be found.
Dry run mode
============
There are some use cases, when you maybe don't want to edit your ``requirements.txt``
right away. You can use the ``--dry-run`` argument to show the diff, so you
can preview the changes to your ``requirements.txt`` file.
Example::
hashin --dry-run requests==2.19.1
Would result in a printout on the command line::
--- Old
+++ New
@@ -0,0 +1,3 @@
+requests==2.19.1 \
+ --hash=sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1 \
+ --hash=sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a
PEP-0496 Environment Markers
============================
Requirements can use `PEP-0496`_ style specifiers (e.g. like
``cffi==1.5.2; python_version >= '3.4'``) and these will be passed
through when re-writing the ``requirements.txt`` file. ``hashin`` doesn't
parse the specifiers themselves and will take anything after the
semicolon. If you are using ``python_version`` you will still need to
pass appropriate options if you don't want every available hash.
An example of this might be::
hashin "pywin32-ctypes ; sys_platform == 'win32'"
which will result it something like this in the ``requirements.txt`` file::
pywin32-ctypes==0.1.2; sys_platform == 'win32' \
--hash=sha256:4820b830f42e6889d34142bcd07b3896018c3620d8c31f5e13b72caf1f4d1d0f
And if you want to limit it to certain Python versions, here's an example::
hashin "cffi==1.5.2; python_version >= '3.4'" -p 3.4 -p 3.5
.. _`PEP-0496`: https://www.python.org/dev/peps/pep-0496/
Using as a Python library
=========================
Everything you can do with ``hashin`` on the command line you can do
in running Python too. For example::
import hashin
from pprint import pprint
pprint(hashin.get_package_hashes('Django'))
This will print out::
{'hashes': [{'hash': 'fbc7ffaa45a4a67cb45f77dbd94e8eceecebe1d0959fe9c665dfbf28b41899e6',
'url': 'https://pypi.python.org/packages/41/c1/68dd27946b03a3d756b0ff665baad25aee1f59918891d86ab76764209208/Django-1.11b1-py2.py3-none-any.whl'}],
'package': 'Django',
'version': '1.11b1'}
Or with specific version, algorithm and certain Python versions::
import hashin
from pprint import pprint
pprint(hashin.get_package_hashes(
'Django',
version='1.10',
algorithm='sha512',
python_versions=('3.5',)
))
Local development
=================
After you have cloned the project, created a virtual environment and run:
pip install -e ".[dev]"
Now, to run it you can use the installed executable ``hashin`` and do things
like::
touch /tmp/reqs.txt
hashin -r /tmp/reqs.txt Django
Running tests
=============
Simply run::
python setup.py test
When you use ``pip install ".[dev]"`` it will install ``tox`` which you can use
to run the full test suites (plus linting) in different Python environments::
tox
Running tests with test coverage
================================
To run the tests with test coverage, with ``pytest`` run something like
this::
$ pip install pytest-cover
$ pytest --cov=hashin --cov-report=html
$ open htmlcov/index.html
Debugging
=========
To avoid having to install ``hashin`` just to test it or debug a feature
you can simply just run it like this::
touch /tmp/whatever.txt
python hashin.py --verbose Django /tmp/whatever.txt
Code Style
==========
All Python code should be run through `Black <https://pypi.org/project/black/>`_.
This is checked in CI and you can test it locally with ``tox``.
Also, this project uses `pre-commit <https://pre-commit.com/>`_
which helps with checking code style as a git pre-commit hook. ``pre-commit``
is used in ``tox``. To run all code style checks, use ``tox -e lint`` but
make sure your version of ``tox`` is built on a Python 3.
History
=======
This program is a "fork" of https://pypi.python.org/pypi/peepin
``peepin`` was a companion to the program ``peep``
https://pypi.python.org/pypi/peep/ but the functionality of ``peep``
has been put directly into ``pip`` as of version 8.
Future
======
If this script proves itself to work and be useful, I hope we can
put it directly into ``pip``.
Version History
===============
1.0.3
* Drop support for Pythom 3.8.
See https://github.com/peterbe/hashin/pull/192 — thanks @hartwork
* Add support for Python 3.13.
See https://github.com/peterbe/hashin/pull/195
and https://github.com/peterbe/hashin/pull/204
— thanks @pib and @hartwork
* Be robust towards invalid versions like ``0.3.2d`` when finding
the latest release.
See https://github.com/peterbe/hashin/pull/196 — thanks @hartwork
1.0.2
* Fix command line argument ``-p PYTHON_VERSION``
(and API function ``expand_python_version``) for "3.10" and upwards
See https://github.com/peterbe/hashin/pull/186
1.0.1
* Update change log about the 1.0.0 release.
1.0.0
* Update ``setup.py``, ``tox.ini`` and GitHub Actions to use Python ``>=3.8``
and up to 3.12.
0.17.0
* Add python 3.9 and 3.10 to the test matrix.
* Preserve lexigraphical order of hashes for the output of the
``get_releases_hashes`` function.
See https://github.com/peterbe/hashin/issues/126
0.16.0
* Preserve indented comments when updating requirements files.
See https://github.com/peterbe/hashin/issues/124
* Switch to GitHub Actions instead of TravisCI. And test ``tox`` in
Python 3.7 and 3.8 additionally as well as upgrading lint requirements.
See https://github.com/peterbe/hashin/pull/118
0.15.0
* Use of underscore or hyphens in package names is corrected
See https://github.com/peterbe/hashin/issues/116 Thanks @caphrim007
0.14.6
* Indentation in the requirements file is preserved.
See https://github.com/peterbe/hashin/issues/112 Thanks @techtonik
* If you use ``--update-all`` and forget the ``-r`` when specifying your
requirements file, instead of complaining, it corrects the intentions.
See https://github.com/peterbe/hashin/issues/104
0.14.5
* When writing down hashes, they are now done in a lexigraphically ordered
way. This makes the writes to the requirements file more predictable.
See https://github.com/peterbe/hashin/issues/105
0.14.4
* Bugfix for new ``--index-url`` option feature in version 0.14.3.
See https://github.com/peterbe/hashin/issues/108
0.14.3
* New parameter ``--index-url`` which allows to override the default which
is ``https://pypi.org``. Thanks @nmacinnis
See https://github.com/peterbe/hashin/pull/107
0.14.2
* When using ``--update-all`` and parsing requirements file it could be fooled
by comments that look like package specs (e.g ``# check out foo==1.0``)
See https://github.com/peterbe/hashin/issues/103
0.14.1
* All HTTP GET work to fetch information about packages from PyPI is done in
concurrent threads. Requires backport for Python 2.7.
See https://github.com/peterbe/hashin/issues/101
0.14.0
* ``--interactive`` (when you use ``--update-all``) will iterate over all outdated
versions in your requirements file and ask, for each one, if you want to
updated it.
See https://github.com/peterbe/hashin/issues/90
* Order of hashes should not affect if a package in the requirements file
should be replaced or not.
See https://github.com/peterbe/hashin/issues/93
* (Internal) All tests have been rewritten as plain pytest functions.
* In Python 3, if the package can't be found you get a more explicit exception
pointing out which package (URL) that failed.
See https://github.com/peterbe/hashin/issues/87
* New flag ``--update-all`` (alias ``-u``) will parse the requirements file,
ignore the version, and update all packages that have new versions.
See https://github.com/peterbe/hashin/pull/88
* Support for "extras syntax". E.g. ``hashin "requests[security]"``. Doesn't
actually get hashes for ``security`` (in this case, that's not even a
package) but allows that syntax into your ``requirements.txt`` file.
See https://github.com/peterbe/hashin/issues/70
* All code is now formatted with `Black <https://pypi.org/project/black/>`_.
0.13.4
* Ability to pass ``--dry-run`` which prints a diff of what it *would*
do to your requirements file. See https://github.com/peterbe/hashin/pull/78
* Better error message when no versions, but some pre-releases found.
See https://github.com/peterbe/hashin/issues/76
* Don't show URLs when using ``--verbose`` if files don't need to be
downloaded. See https://github.com/peterbe/hashin/issues/73
0.13.3
* Makes it possible to install ``nltk`` on Windows.
`Thanks @chrispbailey! <https://github.com/peterbe/hashin/pull/72>`_
0.13.2
* Match Python versions as ``py{major}{minor}`` additionally. Solves
problem with installing packages with files like
``Paste-2.0.3-py34-none-any.whl``.
`Thanks @danfoster! <https://github.com/peterbe/hashin/pull/67>`_
0.13.1
* Ability to pass ``--include-prereleases`` if you're trying to add
a package that *only* has pre-releases.
0.13.0
* Two new dependencies for ``hashin``: ``pip-api`` and ``packaging``.
This means we no longer need to *import* ``pip`` and rely on private
APIs.
`Thanks @di! <https://github.com/peterbe/hashin/pull/59>`_
This also means you can no longer install ``hashin`` on Python 2.6 and
Python ``<=3.3``.
0.12.0
* Switch from ``pypi.python.org/pypi/<package>/json`` to
``pypi.org/pypi/<package>/json`` which also means the sha256 hash is part
of the JSON payload immediately instead of having to download and run
``pip`` to get the hash.
* Testing no runs Python 2.6 and Python 3.3.
* All hashes, per package, are sorted (by the hash) to make it more
predictable.
0.11.5
* You can now pass PEP-0496 Environment Markers together with the package
name, and they get passed into the ``requirements.txt`` file.
Thanks @meejah
0.11.4
* PackageErrors happening in CLI suppressed just the error message out on
stderr. No full traceback any more.
0.11.3
* Better error if you typo the package name since it'll 404 on PyPI.
0.11.2
* Run continuous integration tests with Python 3.6 too.
0.11.1
* Ability to run ``hashin --version`` to see what version of hashin is
installed.
See https://github.com/peterbe/hashin/issues/41
0.11.0
* Cope with leading zeros in version numbers when figuring out what
the latest version is.
See https://github.com/peterbe/hashin/issues/39
0.10.0
* Latest version is now figured out by looking at all version numbers
in the list of releases from the JSON payload. The pre releases are
skipped.
0.9.0
* Fixed a bug where it would fail to install a package whose name is
partially part of an existing (installed) package.
E.g. installing ``redis==x.y.z`` when ``django-redis==a.b.c`` was
already in the requirements file.
0.8.0
* Ability to make ``hashin`` work as a library. Thanks @jayfk !
* pep8 cleanups.
0.7.2
* Fixes bug related to installing platform specific archives
See https://github.com/peterbe/hashin/pull/33 Thanks @mythmon
0.7.1
* Package matching is now case insensitive. E.g. ``hashin dJaNgO``
0.7.0
* The requirements file and algorithm arguments are now keyword
arguments. Now, the second, third, nth positional argument are
additional arguments. Thanks @https://github.com/ahal
0.6.1
* Support windows binaries packaged as a ``.msi`` file.
0.6.0
* Fix compatibility issue with pip 8.1.2 and 8.1.1-2ubuntu0.1 and drop
support for Python 2.6
0.5.0
* Important bug fix. As an example, if you had ``pytest-selenium==...``
already in your ``requirements.txt`` file and add ``selenium==x.y.z``
it would touch the line with ``pytest-selenium`` too.
0.4.1
* Support for PyPI links that have a hash in the file URL.
0.4.1
* Fix PackageError if no Python version is defined.
0.4
* Add filtering of package releases by Python version.
0.3
* Issue a warning for users of Python before version 2.7.9.
0.2
* Last character a *single* newline. Not two.
0.1
* First, hopefully, working version.
Raw data
{
"_id": null,
"home_page": "https://github.com/peterbe/hashin",
"name": "hashin",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "pip, repeatable, deploy, deployment, hash, install, installer",
"author": "Peter Bengtsson",
"author_email": "mail@peterbe.com",
"download_url": "https://files.pythonhosted.org/packages/25/65/2c414f0a4bf91e1e2db491b85a7a54a2d138dd448ccd2deea147c02c3433/hashin-1.0.3.tar.gz",
"platform": null,
"description": "======\nhashin\n======\n\n.. image:: https://github.com/peterbe/hashin/workflows/Python/badge.svg\n :target: https://github.com/peterbe/hashin/actions\n\n.. image:: https://badge.fury.io/py/hashin.svg\n :target: https://pypi.python.org/pypi/hashin\n\nHelps you write your ``requirements.txt`` with hashes so you can\ninstall with ``pip install --require-hashes -r ...``\n\nIf you want to add a package or edit the version of one you're currently\nusing you have to do the following steps:\n\n1. Go to pypi for that package\n2. Download the ``.tgz`` file\n3. Possibly download the ``.whl`` file\n4. Run ``pip hash downloadedpackage-1.2.3.tgz``\n5. Run ``pip hash downloadedpackage-1.2.3.whl``\n6. Edit ``requirements.txt``\n\nThis script does all those things.\nHackishly wonderfully so.\n\nA Word of Warning!\n==================\n\nThe whole point of hashing is that you **vet the packages** that you use\non your laptop and that they haven't been tampered with. Then you\ncan confidently install them on a server.\n\nThis tool downloads from PyPI (over HTTPS) and runs ``pip hash``\non the downloaded files.\n\nYou should check that the packages that are downloaded\nare sane and not tampered with. The way you do that is to run\n``hashin`` as normal but with the ``--verbose`` flag. When you do that\nit will print where it downloaded the relevant files and those\nfiles are not deleted. For example::\n\n $ hashin --verbose bgg /tmp/reqs.txt\n https://pypi.python.org/pypi/bgg/json\n * Latest version for 0.22.1\n * Found URL https://pypi.python.org/packages/2.7/b/bgg/bgg-0.22.1-py2-none-any.whl\n * Re-using /var/folders/1x/2hf5hbs902q54g3bgby5bzt40000gn/T/bgg-0.22.1-py2-none-any.whl\n * Hash e5172c3fda0e8a42d1797fd1ff75245c3953d7c8574089a41a219204dbaad83d\n * Found URL https://pypi.python.org/packages/source/b/bgg/bgg-0.22.1.tar.gz\n * Re-using /var/folders/1x/2hf5hbs902q54g3bgby5bzt40000gn/T/bgg-0.22.1.tar.gz\n * Hash aaa53aea1cecb8a6e1288d6bfe52a51408a264a97d5c865c38b34ae16c9bff88\n * Editing /tmp/reqs.txt\n\nYou might not have time to go through the lines one by one\nbut you should be aware that the vetting process is your\nresponsibility.\n\nInstallation\n============\n\nThis is something you only do or ever need in a development\nenvironment. Ie. your laptop::\n\n pip install hashin\n\nHow to use it\n=============\n\nSuppose you want to install ``futures``. You can either do this::\n\n hashin futures\n\nWhich will download the latest version tarball (and wheel) and\ncalculate their pip hash and edit your ``requirements.txt`` file.\n\nOr you can be specific about exactly which version you want::\n\n hashin \"futures==2.1.3\"\n\nYou can also specify more than one package at a time::\n\n hashin \"futures==2.1.3\" requests\n\nSuppose you don't have a ``requirements.txt`` right there in the same\ndirectory you can specify ``--requirements-file``::\n\n hashin futures --requirements-file=stuff/requirements/prod.txt\n\nBy default ``sha256`` hashes are used, but this can be overridden using the\n``--algorithm`` argument::\n\n hashin futures --algorithm=sha512\n\nIf there's no output, it worked. Check how it edited your\nrequirements file.\n\nFiltering releases by Python version\n====================================\n\nSome requirements have many releases built for different versions of Python and\ndifferent architectures. These hashes aren't useful in some cases, if those\nwheels don't work with your project. ``hashin`` can filter on the Python\nversion to skip these extraneous hashes.\n\nFor example, the ``cffi`` package offers wheels built for many versions of\nCPython from 2.6 to 3.5. To select only one of them, you can use the\n``--python-version`` option::\n\n hashin \"cffi==1.5.2\" --python-version 3.5\n\nIf you need to support multiple versions, you can pass this option multiple\ntimes::\n\n hashin \"cffi==1.5.2\" --python-version 2.7 --python-version 3.5\n\n``hashin`` will expand these Python versions to a full list of identifers that\ncould be found on PyPI. For example, ``3.5`` will expand to match any of\n``3.5``, ``py3``, ``py3.5``, ``py2.py3``, or ``cp3.5``. You can also specify\nthese exact identifiers directly, if you need something specific.\n\nThe ``source`` release is always automatically included. ``pip`` will use\nthis as a fallback in the case a suitable wheel cannot be found.\n\nDry run mode\n============\n\nThere are some use cases, when you maybe don't want to edit your ``requirements.txt``\nright away. You can use the ``--dry-run`` argument to show the diff, so you\ncan preview the changes to your ``requirements.txt`` file.\n\nExample::\n\n hashin --dry-run requests==2.19.1\n\nWould result in a printout on the command line::\n\n --- Old\n +++ New\n @@ -0,0 +1,3 @@\n +requests==2.19.1 \\\n + --hash=sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1 \\\n + --hash=sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a\n\nPEP-0496 Environment Markers\n============================\n\nRequirements can use `PEP-0496`_ style specifiers (e.g. like\n``cffi==1.5.2; python_version >= '3.4'``) and these will be passed\nthrough when re-writing the ``requirements.txt`` file. ``hashin`` doesn't\nparse the specifiers themselves and will take anything after the\nsemicolon. If you are using ``python_version`` you will still need to\npass appropriate options if you don't want every available hash.\n\nAn example of this might be::\n\n hashin \"pywin32-ctypes ; sys_platform == 'win32'\"\n\nwhich will result it something like this in the ``requirements.txt`` file::\n\n pywin32-ctypes==0.1.2; sys_platform == 'win32' \\\n --hash=sha256:4820b830f42e6889d34142bcd07b3896018c3620d8c31f5e13b72caf1f4d1d0f\n\nAnd if you want to limit it to certain Python versions, here's an example::\n\n hashin \"cffi==1.5.2; python_version >= '3.4'\" -p 3.4 -p 3.5\n\n\n.. _`PEP-0496`: https://www.python.org/dev/peps/pep-0496/\n\nUsing as a Python library\n=========================\n\nEverything you can do with ``hashin`` on the command line you can do\nin running Python too. For example::\n\n import hashin\n from pprint import pprint\n pprint(hashin.get_package_hashes('Django'))\n\nThis will print out::\n\n {'hashes': [{'hash': 'fbc7ffaa45a4a67cb45f77dbd94e8eceecebe1d0959fe9c665dfbf28b41899e6',\n 'url': 'https://pypi.python.org/packages/41/c1/68dd27946b03a3d756b0ff665baad25aee1f59918891d86ab76764209208/Django-1.11b1-py2.py3-none-any.whl'}],\n 'package': 'Django',\n 'version': '1.11b1'}\n\nOr with specific version, algorithm and certain Python versions::\n\n import hashin\n from pprint import pprint\n pprint(hashin.get_package_hashes(\n 'Django',\n version='1.10',\n algorithm='sha512',\n python_versions=('3.5',)\n ))\n\nLocal development\n=================\n\nAfter you have cloned the project, created a virtual environment and run:\n\n pip install -e \".[dev]\"\n\nNow, to run it you can use the installed executable ``hashin`` and do things\nlike::\n\n touch /tmp/reqs.txt\n hashin -r /tmp/reqs.txt Django\n\n\nRunning tests\n=============\n\nSimply run::\n\n python setup.py test\n\nWhen you use ``pip install \".[dev]\"`` it will install ``tox`` which you can use\nto run the full test suites (plus linting) in different Python environments::\n\n tox\n\nRunning tests with test coverage\n================================\n\nTo run the tests with test coverage, with ``pytest`` run something like\nthis::\n\n $ pip install pytest-cover\n $ pytest --cov=hashin --cov-report=html\n $ open htmlcov/index.html\n\n\nDebugging\n=========\n\nTo avoid having to install ``hashin`` just to test it or debug a feature\nyou can simply just run it like this::\n\n touch /tmp/whatever.txt\n python hashin.py --verbose Django /tmp/whatever.txt\n\n\nCode Style\n==========\n\nAll Python code should be run through `Black <https://pypi.org/project/black/>`_.\nThis is checked in CI and you can test it locally with ``tox``.\n\nAlso, this project uses `pre-commit <https://pre-commit.com/>`_\nwhich helps with checking code style as a git pre-commit hook. ``pre-commit``\nis used in ``tox``. To run all code style checks, use ``tox -e lint`` but\nmake sure your version of ``tox`` is built on a Python 3.\n\nHistory\n=======\n\nThis program is a \"fork\" of https://pypi.python.org/pypi/peepin\n``peepin`` was a companion to the program ``peep``\nhttps://pypi.python.org/pypi/peep/ but the functionality of ``peep``\nhas been put directly into ``pip`` as of version 8.\n\nFuture\n======\n\nIf this script proves itself to work and be useful, I hope we can\nput it directly into ``pip``.\n\nVersion History\n===============\n\n1.0.3\n * Drop support for Pythom 3.8.\n See https://github.com/peterbe/hashin/pull/192 \u2014 thanks @hartwork\n\n * Add support for Python 3.13.\n See https://github.com/peterbe/hashin/pull/195\n and https://github.com/peterbe/hashin/pull/204\n \u2014 thanks @pib and @hartwork\n\n * Be robust towards invalid versions like ``0.3.2d`` when finding\n the latest release.\n See https://github.com/peterbe/hashin/pull/196 \u2014 thanks @hartwork\n\n1.0.2\n * Fix command line argument ``-p PYTHON_VERSION``\n (and API function ``expand_python_version``) for \"3.10\" and upwards\n See https://github.com/peterbe/hashin/pull/186\n\n1.0.1\n * Update change log about the 1.0.0 release.\n\n1.0.0\n * Update ``setup.py``, ``tox.ini`` and GitHub Actions to use Python ``>=3.8``\n and up to 3.12.\n\n0.17.0\n * Add python 3.9 and 3.10 to the test matrix.\n\n * Preserve lexigraphical order of hashes for the output of the\n ``get_releases_hashes`` function.\n See https://github.com/peterbe/hashin/issues/126\n\n0.16.0\n * Preserve indented comments when updating requirements files.\n See https://github.com/peterbe/hashin/issues/124\n\n * Switch to GitHub Actions instead of TravisCI. And test ``tox`` in\n Python 3.7 and 3.8 additionally as well as upgrading lint requirements.\n See https://github.com/peterbe/hashin/pull/118\n\n0.15.0\n * Use of underscore or hyphens in package names is corrected\n See https://github.com/peterbe/hashin/issues/116 Thanks @caphrim007\n\n0.14.6\n * Indentation in the requirements file is preserved.\n See https://github.com/peterbe/hashin/issues/112 Thanks @techtonik\n\n * If you use ``--update-all`` and forget the ``-r`` when specifying your\n requirements file, instead of complaining, it corrects the intentions.\n See https://github.com/peterbe/hashin/issues/104\n\n0.14.5\n * When writing down hashes, they are now done in a lexigraphically ordered\n way. This makes the writes to the requirements file more predictable.\n See https://github.com/peterbe/hashin/issues/105\n\n0.14.4\n * Bugfix for new ``--index-url`` option feature in version 0.14.3.\n See https://github.com/peterbe/hashin/issues/108\n\n0.14.3\n * New parameter ``--index-url`` which allows to override the default which\n is ``https://pypi.org``. Thanks @nmacinnis\n See https://github.com/peterbe/hashin/pull/107\n\n0.14.2\n * When using ``--update-all`` and parsing requirements file it could be fooled\n by comments that look like package specs (e.g ``# check out foo==1.0``)\n See https://github.com/peterbe/hashin/issues/103\n\n0.14.1\n * All HTTP GET work to fetch information about packages from PyPI is done in\n concurrent threads. Requires backport for Python 2.7.\n See https://github.com/peterbe/hashin/issues/101\n\n0.14.0\n * ``--interactive`` (when you use ``--update-all``) will iterate over all outdated\n versions in your requirements file and ask, for each one, if you want to\n updated it.\n See https://github.com/peterbe/hashin/issues/90\n\n * Order of hashes should not affect if a package in the requirements file\n should be replaced or not.\n See https://github.com/peterbe/hashin/issues/93\n\n * (Internal) All tests have been rewritten as plain pytest functions.\n\n * In Python 3, if the package can't be found you get a more explicit exception\n pointing out which package (URL) that failed.\n See https://github.com/peterbe/hashin/issues/87\n\n * New flag ``--update-all`` (alias ``-u``) will parse the requirements file,\n ignore the version, and update all packages that have new versions.\n See https://github.com/peterbe/hashin/pull/88\n\n * Support for \"extras syntax\". E.g. ``hashin \"requests[security]\"``. Doesn't\n actually get hashes for ``security`` (in this case, that's not even a\n package) but allows that syntax into your ``requirements.txt`` file.\n See https://github.com/peterbe/hashin/issues/70\n\n * All code is now formatted with `Black <https://pypi.org/project/black/>`_.\n\n0.13.4\n * Ability to pass ``--dry-run`` which prints a diff of what it *would*\n do to your requirements file. See https://github.com/peterbe/hashin/pull/78\n\n * Better error message when no versions, but some pre-releases found.\n See https://github.com/peterbe/hashin/issues/76\n\n * Don't show URLs when using ``--verbose`` if files don't need to be\n downloaded. See https://github.com/peterbe/hashin/issues/73\n\n0.13.3\n * Makes it possible to install ``nltk`` on Windows.\n `Thanks @chrispbailey! <https://github.com/peterbe/hashin/pull/72>`_\n\n0.13.2\n * Match Python versions as ``py{major}{minor}`` additionally. Solves\n problem with installing packages with files like\n ``Paste-2.0.3-py34-none-any.whl``.\n `Thanks @danfoster! <https://github.com/peterbe/hashin/pull/67>`_\n\n0.13.1\n * Ability to pass ``--include-prereleases`` if you're trying to add\n a package that *only* has pre-releases.\n\n0.13.0\n * Two new dependencies for ``hashin``: ``pip-api`` and ``packaging``.\n This means we no longer need to *import* ``pip`` and rely on private\n APIs.\n `Thanks @di! <https://github.com/peterbe/hashin/pull/59>`_\n This also means you can no longer install ``hashin`` on Python 2.6 and\n Python ``<=3.3``.\n\n0.12.0\n * Switch from ``pypi.python.org/pypi/<package>/json`` to\n ``pypi.org/pypi/<package>/json`` which also means the sha256 hash is part\n of the JSON payload immediately instead of having to download and run\n ``pip`` to get the hash.\n\n * Testing no runs Python 2.6 and Python 3.3.\n\n * All hashes, per package, are sorted (by the hash) to make it more\n predictable.\n\n0.11.5\n * You can now pass PEP-0496 Environment Markers together with the package\n name, and they get passed into the ``requirements.txt`` file.\n Thanks @meejah\n\n0.11.4\n * PackageErrors happening in CLI suppressed just the error message out on\n stderr. No full traceback any more.\n\n0.11.3\n * Better error if you typo the package name since it'll 404 on PyPI.\n\n0.11.2\n * Run continuous integration tests with Python 3.6 too.\n\n0.11.1\n * Ability to run ``hashin --version`` to see what version of hashin is\n installed.\n See https://github.com/peterbe/hashin/issues/41\n\n0.11.0\n * Cope with leading zeros in version numbers when figuring out what\n the latest version is.\n See https://github.com/peterbe/hashin/issues/39\n\n0.10.0\n * Latest version is now figured out by looking at all version numbers\n in the list of releases from the JSON payload. The pre releases are\n skipped.\n\n0.9.0\n * Fixed a bug where it would fail to install a package whose name is\n partially part of an existing (installed) package.\n E.g. installing ``redis==x.y.z`` when ``django-redis==a.b.c`` was\n already in the requirements file.\n\n0.8.0\n * Ability to make ``hashin`` work as a library. Thanks @jayfk !\n\n * pep8 cleanups.\n\n0.7.2\n * Fixes bug related to installing platform specific archives\n See https://github.com/peterbe/hashin/pull/33 Thanks @mythmon\n\n0.7.1\n * Package matching is now case insensitive. E.g. ``hashin dJaNgO``\n\n0.7.0\n * The requirements file and algorithm arguments are now keyword\n arguments. Now, the second, third, nth positional argument are\n additional arguments. Thanks @https://github.com/ahal\n\n0.6.1\n * Support windows binaries packaged as a ``.msi`` file.\n\n0.6.0\n * Fix compatibility issue with pip 8.1.2 and 8.1.1-2ubuntu0.1 and drop\n support for Python 2.6\n\n0.5.0\n * Important bug fix. As an example, if you had ``pytest-selenium==...``\n already in your ``requirements.txt`` file and add ``selenium==x.y.z``\n it would touch the line with ``pytest-selenium`` too.\n\n0.4.1\n * Support for PyPI links that have a hash in the file URL.\n\n0.4.1\n * Fix PackageError if no Python version is defined.\n\n0.4\n * Add filtering of package releases by Python version.\n\n0.3\n * Issue a warning for users of Python before version 2.7.9.\n\n0.2\n * Last character a *single* newline. Not two.\n\n0.1\n * First, hopefully, working version.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Edits your requirements.txt by hashing them in",
"version": "1.0.3",
"project_urls": {
"Homepage": "https://github.com/peterbe/hashin"
},
"split_keywords": [
"pip",
" repeatable",
" deploy",
" deployment",
" hash",
" install",
" installer"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "5774d50953feb19a8ba0da2e13f05a6551884ce396fcc617b6fe25b18b7bef7f",
"md5": "bcd42deaa46650ca48289efed6bb7dd9",
"sha256": "1c28f8eae797f1948f48607a319cffb66c24a750d1ac9d710090ba0f30aff4c1"
},
"downloads": -1,
"filename": "hashin-1.0.3-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "bcd42deaa46650ca48289efed6bb7dd9",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.9",
"size": 16539,
"upload_time": "2024-10-30T00:09:15",
"upload_time_iso_8601": "2024-10-30T00:09:15.812258Z",
"url": "https://files.pythonhosted.org/packages/57/74/d50953feb19a8ba0da2e13f05a6551884ce396fcc617b6fe25b18b7bef7f/hashin-1.0.3-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "25652c414f0a4bf91e1e2db491b85a7a54a2d138dd448ccd2deea147c02c3433",
"md5": "3d0cb3a73ee0694bb254e1d3bd66ef82",
"sha256": "15a6ea229733c08c8694974da120744d50a9acdfd2e1b0274a550c94c7ed91ed"
},
"downloads": -1,
"filename": "hashin-1.0.3.tar.gz",
"has_sig": false,
"md5_digest": "3d0cb3a73ee0694bb254e1d3bd66ef82",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 29065,
"upload_time": "2024-10-30T00:09:17",
"upload_time_iso_8601": "2024-10-30T00:09:17.272147Z",
"url": "https://files.pythonhosted.org/packages/25/65/2c414f0a4bf91e1e2db491b85a7a54a2d138dd448ccd2deea147c02c3433/hashin-1.0.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-30 00:09:17",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "peterbe",
"github_project": "hashin",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "hashin"
}
JSON
