From 722a5b8efa19fd54728af462441dce08cd7e545b Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Sat, 15 Aug 2020 14:33:30 +0800 Subject: python3: Use hash-checking mode when installing host pip packages In hash-checking mode[1], pip will verify downloaded package archives (source tarballs in our case) against known SHA256 hashes before installing the packages. As a consequence, this requires the use of requirements files[2] and pinning packages to known versions. The syntax for package Makefiles has changed slightly; HOST_PYTHON3_PACKAGE_BUILD_DEPENDS no longer accepts requirement specifiers like "foo>=1.0", only requirements file names (which are the same as package names in the most common case). This also updates affected packages, in particular: * python-zipp: "setuptools_scm[toml]" has been split into "setuptools-scm toml" to reuse the requirements file for setuptools-scm (the extra depends installed by "setuptools_scm[toml]" is toml). * python-pycparser: This previously used ply 3.10, whereas the requirements file will now install 3.11. [1]: https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode [2]: https://pip.pypa.io/en/stable/user_guide/#requirements-files Signed-off-by: Jeffery To --- lang/python/numpy/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lang/python/numpy') diff --git a/lang/python/numpy/Makefile b/lang/python/numpy/Makefile index d073754e5..7cf6f72c0 100644 --- a/lang/python/numpy/Makefile +++ b/lang/python/numpy/Makefile @@ -22,7 +22,7 @@ PKG_CPE_ID:=cpe:/a:numpy:numpy # yes, zip... sigh PYPI_SOURCE_EXT:=zip PKG_BUILD_PARALLEL:=0 -HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:="Cython==0.29.21" +HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:=Cython # Cython>=0.29.21 include ../pypi.mk include $(INCLUDE_DIR)/package.mk -- cgit v1.2.3