-
-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test and build wheels for Py3.{7,8,9,10} #3298
Changes from 49 commits
a1b5672
e715d4a
707042c
4ed3da4
0b2847b
2ea6638
d10b0cd
f57d1d6
8b7691a
ca45cb8
ce47cb8
6fb2f1e
b77a435
eedd8ea
9efd72b
c369822
fe5625b
3eeac90
18dce86
b16fd0c
5dd1d33
947aef5
d3130df
3084e96
e539ec3
0ed8566
9be3caf
31ec423
fdd2f1b
09c4549
299fd7d
21b5fd9
acfa0f1
5fbc7be
1c8966b
ecbf41c
367765f
bd2c276
06fe0d9
69b8eba
3cc0365
3b6b71f
0a2ca7c
526b37a
9cef296
74cb490
2ca0964
7571885
2ca00ae
a3c909f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# This script needs to be able run under both Python 2 and 3 without crashing | ||
# It only achieves the desired effect under Py3.10 on Linux and MacOS. | ||
import subprocess | ||
import sys | ||
import tempfile | ||
if sys.platform in ('linux', 'darwin') and sys.version_info[:2] == (3, 10): | ||
import urllib.request | ||
with tempfile.NamedTemporaryFile(suffix='.py') as fout: | ||
urllib.request.urlretrieve("https://bootstrap.pypa.io/get-pip.py", fout.name) | ||
subprocess.call([sys.executable, fout.name]) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. From a security-in-depth perspective, fetching & immediately running unversioned raw code off the web spooks me, & I'd avoid it if at all possible. Sure, this appears to be from the right But I know the PyPI repository is both a vulnerability point, & a major focus of attackers, and thus also a place where (I hope & expect) code-provenance & system-security matters are taken very seriously. Maybe Maybe the added risk is considered acceptable, maybe we have to use this as a hacky workaround for a while – but we should try to retire it the moment it's not necessary, and we could take extra steps to ensure we're getting a consistent version of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will removing
pyemd
(& perhaps others, as well) mean that certain tests we want run are skipped because of missing-libraries?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's possible, but this is for the purpose of testing the wheel, so running tests that require those dependencies isn't strictly necessary.