freeze_packages: better apply version restrictions on restricted deps

hashin does not react well to package spec collisions: ``` $ touch txt $ python3 -m hashin -r txt "colorama==0.4.5" colorama $ cat txt colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 ``` This lets pip resolve the version bounds instead.
2 years ago · 326f8c4fca
1 changed files with 8 additions and 6 deletions
--- a/contrib/freeze_packages.sh
+++ b/contrib/freeze_packages.sh
@ -41,11 +41,15 @@ for suffix in '' '-hw' '-binaries' '-binaries-mac' '-build-wine' '-build-mac' '-
    echo "OK."

    requirements=$(pip freeze --all)
+
    restricted=$(echo $requirements | ${SYSTEM_PYTHON} $contrib/deterministic-build/find_restricted_dependencies.py)
-    requirements="$requirements $restricted"
+    if [ ! -z "$restricted" ]; then
+        python -m pip install $restricted
+        requirements=$(pip freeze --all)
+    fi

    echo "Generating package hashes... (${reqfile})"
-    rm "$contrib/deterministic-build/${reqfile}"
+    rm -f "$contrib/deterministic-build/${reqfile}"
    touch "$contrib/deterministic-build/${reqfile}"

    # restrict ourselves to source-only packages.
@ -63,10 +67,8 @@ for suffix in '' '-hw' '-binaries' '-binaries-mac' '-build-wine' '-build-mac' '-
        HASHIN_FLAGS="--python-version source"
    fi

-    for requirement in $requirements; do
-        echo -e "\r  Hashing $requirement..."
-        ${SYSTEM_PYTHON} -m hashin $HASHIN_FLAGS -r "$contrib/deterministic-build/${reqfile}" "${requirement}"
-    done
+    echo -e "\r  Hashing requirements for $reqfile..."
+    ${SYSTEM_PYTHON} -m hashin $HASHIN_FLAGS -r "$contrib/deterministic-build/${reqfile}" $requirements

    echo "OK."
 done