Log file Viewer
#pypa logs for Saturday the 23rd of February, 2019
[16:23:51] <bluetech> Hey, I have a question regarding --require-hashes and build dependencies. Some backgroupd: I'm trying to speed up our virtualenv creation time. The http cache works well but I noticed that the wheel cache is not utilized, so all sdist builds take a long time (psycopg2, uwsgi, etc.). I looked at the pip code and found that it's not used because the `wheel` package is not installed in the venv (is this
[16:23:57] <bluetech> documented anywhere?). I also found that I'm using a "legacy" mode so I tried the new mode --use-pep517. Then I noticed with --verbose that it goes and fetches `setuptools` and `wheel` on its own.
[16:24:39] <bluetech> But I didn't specify the hashes for `wheel` and `setuptools` anywhere, so are they still installed without complaint in `--require-hashes` mode?
[16:26:47] <bluetech> (I also later found out that the wheel cache doesn't work with --require-hashes at all but that's another issue (#5037))
[21:06:21] <bluetech> Hmm I just found that this is actually docmented in a warning here: https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode
[21:07:14] <bluetech> If this is a fundemental prolem, it seems like the pyproject.toml mode defeats the purpose of the hash-checking mode :(