In hash-checking mode[1], pip will verify downloaded package archives
(source tarballs in our case) against known SHA256 hashes before
installing the packages.
As a consequence, this requires the use of requirements files[2] and
pinning packages to known versions.
The syntax for package Makefiles has changed slightly;
HOST_PYTHON3_PACKAGE_BUILD_DEPENDS no longer accepts requirement
specifiers like "foo>=1.0", only requirements file names (which are the
same as package names in the most common case).
This also updates affected packages, in particular:
* python-zipp: "setuptools_scm[toml]" has been split into
"setuptools-scm toml" to reuse the requirements file for
setuptools-scm (the extra depends installed by "setuptools_scm[toml]"
is toml).
* python-pycparser: This previously used ply 3.10, whereas the
requirements file will now install 3.11.
[1]: https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode
[2]: https://pip.pypa.io/en/stable/user_guide/#requirements-files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds PKG_BUILD_PARALLEL:=0 to packages that depend on host Python
packages (HOST_PYTHON3_PACKAGE_BUILD_DEPENDS), because installing
packages with multiple concurrent pip processes can lead to errors or
unexpected results[1].
This also:
* Move HOST_PYTHON3_PACKAGE_BUILD_DEPENDS definitions to before
python3-package.mk is included
* Update Python folder readme to include PKG_BUILD_PARALLEL:=0
[1]: https://github.com/pypa/pip/issues/2361
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This removes:
* Python 3 variants (VARIANT:=python3)
* "for Python3" from package titles
* Package selection condition from package dependencies, e.g.
+PACKAGE_python3-six:python3-light replaced with +python3-light
* "Default" package information sections, e.g.
Package/python-six/Default removed and package details merged into
Package/python3-six
* "(Variant for Python3)" from package descriptions
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Life changes, I'm no longer avaiable to be an sufficiently active
OpenWrt developer. Therefore removing myself from maintainer from
all packages I maintained in OpenWrt.
All the best for those who keep up the good work!
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This updates all Python packages that download their source from PyPi to
use pypi.mk.
This will allow future improvements/changes to pypi.mk to affect all
relevant packages.
This also makes it easier for future Python packages to start using
pypi.mk, when it's clear how it is used in existing packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Update to latest version even though it's a no-op for us
(change is for compilation on Haiku) because otherwise uscan (and
folks who don't check changelogs for relevant changes) will complain.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
bcrypt is a secure password hashing mechanism and is
extremely useful for more secure Radicale authentication,
so add it.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>