[tor-bugs] #15944 [Ooni]: Update ooniprobe pypi requirements

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 29 03:00:29 UTC 2015


#15944: Update ooniprobe pypi requirements
-------------------------+---------------------
     Reporter:  anadahz  |      Owner:  hellais
         Type:  defect   |     Status:  new
     Priority:  blocker  |  Milestone:
    Component:  Ooni     |    Version:
   Resolution:           |   Keywords:
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+---------------------

Comment (by patcon):

 A couple thoughts, as someone who's only just arrived and tried out the
 Vagrant environment for ooni-probe:

 1. My understanding is that using virtualenv is a good practice even when
 requirements are simple and seemingly isolated in a VM, as even python-pip
 has dependencies that should be isolated from the application. This is
 explained here:

     https://hynek.me/articles/virtualenv-lives/

 2. Also, I'm not a python dev, but coming from using bundler and some
 other dependency resolution tools, it might make sense to include a
 lockfile generated with `pip freeze > requirements.lock` in a virtualenv.
 This ensures we can version-control known-good sets of python packages,
 constraining as desired with some "looseness" in `requirements.txt`, and
 locking to exact specifics in `requirements.lock`. Then, you can install
 via `pip install -r requirements.lock` for travis tests and user installs,
 and you know things will be smooth. When you want to upgrade, you just do
 a `pip install -r requirements.txt` in a fresh virtualenv, which gets any
 updates within the constraints, and then re-freeze into
 `requirements.lock`.

 There's been some new stuff in python-land with wheel since I was last
 working with python apps, so maybe my suggestion is stale. But looking at
 how we're installing with unpinned packages, it seems maybe this would be
 helpful to make builds more deterministic and repeatable?

 (This is all operating under the assumption that ooni-probe is intended to
 be more like an "app" package, and not a library package that other things
 will depend on.)

 Anyhow, wooo ooni-probe! Glad I heard about this project

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15944#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list