Skip to main content

Wheel maker

Project description

fromager

Fromager is a tool for completely re-building a dependency tree of Python wheels from source.

The goals are to support guaranteeing

  1. The binary package someone is installing was built from source in a known build environment compatible with their own environment
  2. All of the package’s dependencies were also built from source -- any binary package installed will have been built from source
  3. All of the build tools used to build these binary packages will also have been built from source

Modes

Fromager has different modes for bootstrapping and production builds. The bootstrap mode recursively processes all dependencies starting from the requirements specifications given to determine what needs to be built and what order to build it. The production build commands separate these steps and avoid recursive processing so each step can be performed in isolation.

Bootstrapping

The bootstrap command

  • Creates an empty package repository for wheels
  • Downloads the source distributions for the input packages and places them under sdists-repo/downloads/.
  • Recurses through the dependencies
    • Firstly, any build system dependency specified in the pyproject.toml build-system.requires section as per PEP517
    • Secondly, any build backend dependency returned from the get_requires_for_build_wheel() build backend hook (PEP517 again)
    • Lastly, any install-time dependencies of the project as per the wheel’s core metadata Requires-Dist list.
  • As each wheel is built, it is placed in a PEP503 "simple" package repository under wheels-repo/simple generated by pypi-mirror.
  • The order the dependencies need to be built bottom-up is written to build-order.json.

Wheels are built by running pip wheel configured so it will only download dependencies from the local wheel repository. This ensures that all dependencies are being built in the correct order.

Production Builds

Production builds use separate commands for the steps described as part of bootstrapping, and accept arguments to control the servers that are used for downloading source or built wheels.

The download-source-archive command finds the source distribution for a specific version of a dependency on the specified package index and downloads it. It will be common to run this step with pypi.org, but for truly isolated and reproducible builds a private index server is more robust.

The prepare-source command unpacks the source archive downloaded from the previous step and applies any patches (refer to customization for details about patching).

The prepare-build command creates a virtualenv with the build dependencies for building the wheel. It expects a --wheel-server-url as argument to control where built wheels can be downloaded.

The build command prepares a wheel, compiling any extensions using the appropriate override environment settings (refer to customization for details about overrides).

Additional docs

What's with the name?

Python's name comes from Monty Python, the group of comedians. One of their skits is about a cheese shop that has no cheese in stock. The original Python Package Index (pypi.org) was called The Cheeseshop, in part because it hosted metadata about packages but no actual packages. The wheel file format was selected because cheese is packaged in wheels. And "fromager" is the French word for someone who makes or sells cheese.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fromager-0.2.0.tar.gz (46.3 kB view details)

Uploaded Source

Built Distribution

fromager-0.2.0-py3-none-any.whl (36.4 kB view details)

Uploaded Python 3

File details

Details for the file fromager-0.2.0.tar.gz.

File metadata

  • Download URL: fromager-0.2.0.tar.gz
  • Upload date:
  • Size: 46.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for fromager-0.2.0.tar.gz
Algorithm Hash digest
SHA256 3539d65de75991be032223f1f5c4180be7b25ba56b56cb8a9738c419667a1e25
MD5 b76d8f9dc886ef698b8e070d093c3aed
BLAKE2b-256 a62b0603e2f338930d487070eb71a7ba6a5ce0c27e8caf088cd038f0f56945ee

See more details on using hashes here.

Provenance

File details

Details for the file fromager-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: fromager-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 36.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for fromager-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 71a75b1f98a74727cffdcd331fae5f33def2b9bd6e77ab1fe9b9e0be52e9cd3d
MD5 f0f0f62301cbdbb726a950801b5eccca
BLAKE2b-256 36ea9eb0fd7f108343f7ec5d9c7316bf9b8b080e92e90812383e2131e8bb95dc

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page