diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2022-03-02 16:15:07 +0100 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2022-03-02 16:15:07 +0100 |
| commit | 4eb22719e43d1217a7629d5c4d82df7eafb24c68 (patch) | |
| tree | 204da5f08d6cbd5af1a1744505bd56c63ccc436b | |
| parent | 1cb6aaae2055283d04aa0aa581e82addb8049ce4 (diff) | |
| download | haketilo-hydrilla-4eb22719e43d1217a7629d5c4d82df7eafb24c68.tar.gz haketilo-hydrilla-4eb22719e43d1217a7629d5c4d82df7eafb24c68.zip | |
mention PyPI freedom issues in README
| -rw-r--r-- | README.md | 28 |
1 files changed, 26 insertions, 2 deletions
@@ -31,13 +31,37 @@ python3 -m build ``` Optionally, add a `--no-isolation` option to the second command to have it use system packages where possible instead of downloading all dependencies from PyPI. -*TODO: describe freedom considerations with PyPI...* - The generated .whl file can then be used to install Hydrilla either globally or in the current Python virtualenv: ```shell python3 -m pip install dist/put_the_name_of_generated_file_here.whl ``` +### PyPI considerations + +Commands like `python3 -m build` and `python3 -m pip` but also `virtualenv` will by default download the dependencies from PyPI repository[^pypi]. Although this is what many people want, it carries along a freedom issue. PyPI is not committed to only hosting libre software packages[^pypi_freeware] and, like any platform allowing upload of code by the public, has lower package standards than repositories of many operating system distributions. For this reason you are encouraged to use the dependencies as provided by your distribution. + +To perform the build and installation without PyPI, first install all dependencies system-wide. For example, in Debian-based distributions (including Trisquel): +``` shell +sudo apt install python3-flask python3-flask python3-jsonschema \ + python3-setuptools python3-setuptools-scm python3-babel python3-wheel +``` + +Then, block programs you're about to spawn from accessing https://pypi.org. If running on a GNU/Linux system you can utilize Linux user namespaces: +``` shell +unshare -Urn +``` + +The above will put you in a network-isolated shell. If you're using a virtualenv, activate it **after** the `unshare` command. + +Now, in unpacked source directories of **both** `hydrilla-builder` and `hydrilla`, run the build and installation commands: +``` shell +python3 -m build --no-isolation +python3 -m pip install dist/hydrilla*.whl # or use the full file name +``` + +[^pypi]: [https://pypi.org/](https://pypi.org/) +[^pypi_freeware]: [https://pypi.org/search/?c=License+%3A%3A+Freeware](https://pypi.org/search/?c=License+%3A%3A+Freeware) + ## Testing For tests to pass you need compiled message catalogs to be present. If you've performed the build at least once, they're already there. Otherwise, you need to run `./setup.py compile_catalog`. Then you can run the actual tests: ``` shell |