test hashsums in pip install

s-westphal · s-westphal · commit edf845bbeb9a · 2024-06-06T16:04:48.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -69,16 +69,20 @@ ENV GRR_SOURCE /usr/src/grr
 RUN python -m venv --system-site-packages $VIRTUAL_ENV
 ENV PATH=${VIRTUAL_ENV}/bin:${PATH}
 
-RUN ${VIRTUAL_ENV}/bin/python -m pip install wheel nodeenv grpcio-tools==1.60
-
-RUN ${VIRTUAL_ENV}/bin/nodeenv -p --prebuilt --node=16.13.0
-
 RUN mkdir ${GRR_SOURCE}
 ADD . ${GRR_SOURCE}
 
 WORKDIR ${GRR_SOURCE}
 
-RUN ${VIRTUAL_ENV}/bin/python -m pip install \
+RUN ls 
+
+RUN ${VIRTUAL_ENV}/bin/python -m pip install --require-hashes -r requirements.txt
+
+RUN ${VIRTUAL_ENV}/bin/nodeenv -p --prebuilt --node=16.13.0
+
+
+
+RUN ${VIRTUAL_ENV}/bin/python -m pip install --no-deps --no-index \
   -e grr/proto \
   -e grr/core \
   -e grr/client \
diff --git a/build_requirements.txt b/build_requirements.txt
@@ -1,5 +1,22 @@
-pip==24.0
-pytest==6.2.5
-pytest-xdist==2.2.1
-setuptools==69.5.1
-wheel==0.43.0
+pip==24.0 \
+  --hash=sha256:ea9bd1a847e8c5774a5777bb398c19e80bcd4e2aa16a4b301b718fe6f593aba2 \
+  --hash=sha256:ba0d021a166865d2265246961bec0152ff124de910c5cc39f1156ce3fa7c69dc
+pytest==6.2.5 \
+  --hash=sha256:131b36680866a76e6781d13f101efb86cf674ebb9762eb70d3082b6f29889e89 \
+  --hash=sha256:7310f8d27bc79ced999e760ca304d69f6ba6c6649c0b60fb0e04a4a77cacc134
+pytest-xdist==2.2.1 \
+  --hash=sha256:718887296892f92683f6a51f25a3ae584993b06f7076ce1e1fd482e59a8220a2 \
+  --hash=sha256:2447a1592ab41745955fb870ac7023026f20a5f0bfccf1b52a879bd193d46450
+setuptools==69.5.1 \
+  --hash=sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987 \
+  --hash=sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32
+wheel==0.43.0 \
+  --hash=sha256:465ef92c69fa5c5da2d1cf8ac40559a8c940886afcef87dcf14b9470862f1d85 \
+  --hash=sha256:55c570405f142630c6b9f72fe09d9b67cf1477fcf543ae5b8dcb1f5b7377da81
+six==1.16.0 \
+  --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
+  --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
+attrs==23.2.0 \
+  --hash=sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30 \
+  --hash=sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1
+
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,14 @@
+wheel==0.43.0 \
+  --hash=sha256:465ef92c69fa5c5da2d1cf8ac40559a8c940886afcef87dcf14b9470862f1d85 \
+  --hash=sha256:55c570405f142630c6b9f72fe09d9b67cf1477fcf543ae5b8dcb1f5b7377da81
+nodeenv==1.9.1 \
+  --hash=sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f \
+  --hash=sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9
+grpcio-tools==1.60.1 \
+  --hash=sha256:28ae665113affebdd109247386786e5ab4dccfcfad1b5f68e9cce2e326b57ee6 \
+  --hash=sha256:da08224ab8675c6d464b988bd8ca02cccd2bf0275bceefe8f6219bfd4a4f5e85
+protobuf==4.25.3 \
+  --hash=sha256:7c8daa26095f82482307bc717364e7c13f4f1c99659be82890dcfc215194554d \
+  --hash=sha256:25b5d0b42fd000320bd7830b349e3b696435f3b329810427a6bcce6a5492cc5c
+grpcio==1.64.1 \
+  --hash=sha256:e7cd5c1325f6808b8ae31657d281aadb2a51ac11ab081ae335f4f7fc44c1721d
diff --git a/travis/install_client_builder.sh b/travis/install_client_builder.sh
@@ -6,8 +6,7 @@
 set -e
 
 source "${HOME}/INSTALL/bin/activate"
-pip install -r build_requirements.txt
-pip install --upgrade six
+pip install --require-hashes -r build_requirements.txt
 
 # Get around a Travis bug: https://github.com/travis-ci/travis-ci/issues/8315#issuecomment-327951718
 unset _JAVA_OPTIONS
@@ -19,14 +18,14 @@ unset _JAVA_OPTIONS
 # Proto package.
 cd grr/proto
 python setup.py sdist
-pip install ./dist/grr_response_proto-*.tar.gz
+pip install --no-deps --no-index ./dist/grr_response_proto-*.tar.gz
 cd -
 
 # Base package, grr-response-core, depends on grr-response-proto.
 # Running sdist first since it accepts --no-sync-artifacts flag.
 cd grr/core
 python setup.py sdist --no-sync-artifacts
-pip install ./dist/grr_response_core-*.tar.gz
+pip install --no-deps --no-index ./dist/grr_response_core-*.tar.gz
 cd -
 
 # Depends on grr-response-core.
@@ -35,7 +34,7 @@ cd -
 # only gets copied during sdist step.
 cd grr/client
 python setup.py sdist
-pip install ./dist/grr_response_client-*.tar.gz
+pip install --no-deps --no-index ./dist/grr_response_client-*.tar.gz
 cd -
 
 # Depends on grr-response-client.
@@ -44,5 +43,6 @@ cd -
 # only gets copied during sdist step.
 cd grr/client_builder
 python setup.py sdist
-pip install ./dist/grr_response_client_builder-*.tar.gz
+pip install --no-deps --no-index ./dist/grr_response_client_builder-*.tar.gz
 cd -
+
