diff options
| author | Danilo M. <danix@danix.xyz> | 2026-06-26 13:33:50 +0200 |
|---|---|---|
| committer | Danilo M. <danix@danix.xyz> | 2026-06-26 13:33:50 +0200 |
| commit | d71a10b8a10e04d9a1cd5683034f3f94d4a81a3a (patch) | |
| tree | 5f73deb30c26170ff98ec828f1217a0ae723cee2 /selftest | |
| parent | 18b0611d3d1917c112672eae40d0a276af1336ea (diff) | |
| download | mkwheels-d71a10b8a10e04d9a1cd5683034f3f94d4a81a3a.tar.gz mkwheels-d71a10b8a10e04d9a1cd5683034f3f94d4a81a3a.zip | |
mkwheels: add gh source mode (pypi/gh subcommands)
Vendor GitHub source releases that are not on PyPI (e.g. NetExec, which
also pulls git deps). New flag-based CLI with pypi/gh mode selectors:
mkwheels pypi --name PKG --ver VER [--epoch N]
mkwheels gh --repo OWNER/REPO --ver VER [--name PKG] [--tag TAG] [--epoch N]
gh mode downloads the tagged source and uses `pip wheel` to build the
project plus its whole dependency tree (PyPI + git deps) into wheels;
`pip download <dir>` is wrong for a local source since it only resolves
metadata. Epoch auto-derives from the release published_at. selftest now
covers both modes.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'selftest')
| -rwxr-xr-x | selftest | 43 |
1 files changed, 29 insertions, 14 deletions
@@ -1,23 +1,38 @@ #!/bin/bash -# selftest — build six twice and assert the wheels tarballs are byte-identical. -# The smallest check that fails if the reproducible-tar normalization breaks. +# selftest — build twice and assert the wheels tarballs are byte-identical, for +# both modes. The smallest check that fails if the reproducible-tar +# normalization (or either mode's resolution) breaks. set -eu here=$(cd "$(dirname "$0")" && pwd) tmp=$(mktemp -d) trap 'rm -rf "$tmp"' EXIT -# Fixed epoch so both runs use the same mtime (we are testing tar determinism, -# not epoch derivation). -OUTPUT="$tmp/a" "$here/mkwheels" six 1.16.0 1620000000 >/dev/null -OUTPUT="$tmp/b" "$here/mkwheels" six 1.16.0 1620000000 >/dev/null +# Fixed epoch so both runs use the same mtime (we test tar determinism, not +# epoch derivation). +epoch=1620000000 +fail=0 -a=$(md5sum "$tmp/a/six-wheels-1.16.0.tar.gz" | cut -d' ' -f1) -b=$(md5sum "$tmp/b/six-wheels-1.16.0.tar.gz" | cut -d' ' -f1) +check() { + local label=$1 file=$2; shift 2 + OUTPUT="$tmp/a" "$here/mkwheels" "$@" --epoch "$epoch" >/dev/null + OUTPUT="$tmp/b" "$here/mkwheels" "$@" --epoch "$epoch" >/dev/null + local a b + a=$(md5sum "$tmp/a/$file" | cut -d' ' -f1) + b=$(md5sum "$tmp/b/$file" | cut -d' ' -f1) + if [ "$a" = "$b" ]; then + echo "PASS: $label reproducible ($a)" + else + echo "FAIL: $label tarballs differ ($a != $b)" >&2 + fail=1 + fi +} -if [ "$a" = "$b" ]; then - echo "PASS: reproducible ($a)" -else - echo "FAIL: tarballs differ ($a != $b)" >&2 - exit 1 -fi +# pypi mode: six from PyPI. +check pypi six-wheels-1.16.0.tar.gz pypi --name six --ver 1.16.0 + +# gh mode: pyparsing from its GitHub source release (pure-python, no runtime +# deps -> fast). Its tags have no 'v' prefix, exercising the bare-tag path. +check gh pyparsing-wheels-3.3.2.tar.gz gh --repo pyparsing/pyparsing --ver 3.3.2 + +exit "$fail" |