From 4eb22719e43d1217a7629d5c4d82df7eafb24c68 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Wed, 2 Mar 2022 16:15:07 +0100 Subject: mention PyPI freedom issues in README --- README.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f7ca8f8..e63e1a6 100644 --- a/README.md +++ b/README.md @@ -31,13 +31,37 @@ python3 -m build ``` Optionally, add a `--no-isolation` option to the second command to have it use system packages where possible instead of downloading all dependencies from PyPI. -*TODO: describe freedom considerations with PyPI...* - The generated .whl file can then be used to install Hydrilla either globally or in the current Python virtualenv: ```shell python3 -m pip install dist/put_the_name_of_generated_file_here.whl ``` +### PyPI considerations + +Commands like `python3 -m build` and `python3 -m pip` but also `virtualenv` will by default download the dependencies from PyPI repository[^pypi]. Although this is what many people want, it carries along a freedom issue. PyPI is not committed to only hosting libre software packages[^pypi_freeware] and, like any platform allowing upload of code by the public, has lower package standards than repositories of many operating system distributions. For this reason you are encouraged to use the dependencies as provided by your distribution. + +To perform the build and installation without PyPI, first install all dependencies system-wide. For example, in Debian-based distributions (including Trisquel): +``` shell +sudo apt install python3-flask python3-flask python3-jsonschema \ + python3-setuptools python3-setuptools-scm python3-babel python3-wheel +``` + +Then, block programs you're about to spawn from accessing https://pypi.org. If running on a GNU/Linux system you can utilize Linux user namespaces: +``` shell +unshare -Urn +``` + +The above will put you in a network-isolated shell. If you're using a virtualenv, activate it **after** the `unshare` command. + +Now, in unpacked source directories of **both** `hydrilla-builder` and `hydrilla`, run the build and installation commands: +``` shell +python3 -m build --no-isolation +python3 -m pip install dist/hydrilla*.whl # or use the full file name +``` + +[^pypi]: [https://pypi.org/](https://pypi.org/) +[^pypi_freeware]: [https://pypi.org/search/?c=License+%3A%3A+Freeware](https://pypi.org/search/?c=License+%3A%3A+Freeware) + ## Testing For tests to pass you need compiled message catalogs to be present. If you've performed the build at least once, they're already there. Otherwise, you need to run `./setup.py compile_catalog`. Then you can run the actual tests: ``` shell -- cgit v1.2.3