commit d035fe64d85b12e6dbc5ebb23093e876f83b6d0a Author: Isis Lovecruft <isis@torproject.org> Date: Mon Mar 23 03:00:26 2015 +0000 Check envvar before using easy_install to install setup.py requires. If there is an environment variable BRIDGEDB_INSTALL_DEPENDENCIES=0, then the setup.py script will not use easy_install to install dependencies. The default when using `make install` is to avoid using easy_install; the default when calling `python setup.py install` is to use easy_install. Until now, on BridgeDB's production server, `echo > requirements.txt` was run to avoid allowing easy_install to search for dependencies. This removes the need to do that. We shouldn't be erasing the requirements.txt file anymore, because it is kept under revision control and versioneer (which uses `git describe --tags --dirty --always` to dynamically determine the BridgeDB package version at install time) will add '-dirty' to the end of the version number if we change anything in the repo. Adding '-dirty' to the package version causes it to be invalid according to PEP440, causing other random failures such as the inability to discover scripts and packaged data which pkg_resources. --- Makefile | 4 ++-- setup.py | 13 ++++++++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 8b6358b..c6c0442 100644 --- a/Makefile +++ b/Makefile @@ -22,11 +22,11 @@ pyflakes: install: -python setup.py compile_catalog - python setup.py install --record installed-files.txt + BRIDGEDB_INSTALL_DEPENDENCIES=0 python setup.py install --record installed-files.txt force-install: -python setup.py compile_catalog - python setup.py install --force --record installed-files.txt + BRIDGEDB_INSTALL_DEPENDENCIES=0 python setup.py install --force --record installed-files.txt uninstall: touch installed-files.txt diff --git a/setup.py b/setup.py index 5e5de39..9402071 100644 --- a/setup.py +++ b/setup.py @@ -264,8 +264,19 @@ class runTests(setuptools.Command): sys.path = old_path +# If there is an environment variable BRIDGEDB_INSTALL_DEPENDENCIES=0, it will +# disable checking for, fetching, and installing BridgeDB's dependencies with +# easy_install. +# +# Setting BRIDGEDB_INSTALL_DEPENDENCIES=0 is *highly* recommended, because +# easy_install is a security nightmare. Automatically installing dependencies +# is enabled by default, however, because this is how all Python packages are +# supposed to work. +if bool(int(os.environ.get("BRIDGEDB_INSTALL_DEPENDENCIES", 1))): + requires, deplinks = get_requirements() +else: + requires, deplinks = [], [] -requires, deplinks = get_requirements() setuptools.setup( name='bridgedb',