If there is a collision between a branch name and a commit hash, git
will choose the branch, even if the full 40-hex-long commit hash is
given. GitHub disallows branches/tags with such a name but git itself
does not. By adding the `^{commit}` syntax sugar after a ref name,
we can tell git that we want the commit hash to be preferred,
and hence we don't need to trust GitHub (only git).
see https://security.stackexchange.com/questions/225411/
the one in apt refused to install certain package versions (that were pinned by hash!!)
and installed different versions instead... e.g.:
Collecting wheel==0.34.2 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112))
Downloading 521c6dc7feb90b06dc1d0b805b51ae/wheel-0.34.2.tar.gz (58kB)
100% |████████████████████████████████| 61kB 3.8MB/s
Requested wheel==0.34.2 from 521c6dc7feb90b06dc1d0b805b51ae/wheel-0.34.2.tar.gz#sha256=8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112)), but installing version 0.30.0
Previously we stuck with version 2.6.8 as that had no deps but later
versions introduced several deps. However, now latest version only
has two dependencies (one of which has the same maintainer).
Futher, there are some bugs with 2.6.8 when used with new Qt,
e.g. with dropdowns that I want fixed (which it is in the newer ones).
related https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/182
Certain dependencies are only needed on old python versions,
e.g. backports of stdlib functionality.
We should definitely not use newer python when running freeze_packages.sh
than what we bundle in the binaries. Perhaps it is prudent to use the
min python version that we support (which is atm older than what we bundle).
Traceback (most recent call last):
File "site-packages\PyInstaller\loader\rthooks\pyi_rth_pkgres.py", line 13, in <module>
File "c:\python3\lib\site-packages\PyInstaller\loader\pyimod03_importers.py", line 623, in exec_module
File "site-packages\pkg_resources\__init__.py", line 86, in <module>
ModuleNotFoundError: No module named 'pkg_resources.py2_warn'
[7048] Failed to execute script pyi_rth_pkgres
SomberNight
ThomasV
Marko Bencun
Jin Eguchi
matejcik