build: tighten build system to only use source pkgs in more places #7999
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Ok, so the Android build is failing... |
SomberNight
force-pushed
the
202208_build_tighten2
branch
from
516a609 to
2be30b5
Compare
|
Hmm. The android build is still failing... ok, so I believe the failure is due to rerunning freeze_packages.sh, which bumped |
SomberNight
force-pushed
the
202208_build_tighten2
branch
from
2be30b5 to
c6246a7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
requirements.txtrequirements-build-winerequirements-build-macrequirements-build-appimagerequirements-build-android-build-android) have already been used viapip install --no-binary :all:electrum/contrib/build-linux/appimage/make_appimage.sh
Lines 113 to 114 in 4886007
that is, the build scripts were already only using the source dists for these dependencies.
So there is a larger change for
-build-androidhere, where this was not the case before.-build-androidchange was split into a separate PR due to complications...By only including hashes for the source packages of our dependencies, (and not using prebuilt binaries,) this paves the way towards auditing our dependencies in an easier way
In the future, I would like all deps to be built from source, perhaps with a small handful of whitelisted exceptions (e.g. pyqt5 and cryptography). All the
requirements-*.txtfiles should include hashes for only source dists.Then, as part of running
freeze_packages.sh, we could audit the diff of the sources of our deps.