From: Luke Kenneth Casson Leighton Date: Thu, 28 Apr 2022 08:21:42 +0000 (+0100) Subject: notes added to setup.py - absolute paranoia is needed on X-Git-Url: https://git.libre-soc.org/?p=soc.git;a=commitdiff_plain;h=6881cb15d06582d672dc44853b107602f041eb15 notes added to setup.py - absolute paranoia is needed on what dependencies the HDL has. dropping USD 16 million on 7nm Mask Charges you absolutely cannot have arbitrary software downloaded off the internet from external sources. --- diff --git a/setup.py b/setup.py index f8f65cc1..ddbdf8b4 100644 --- a/setup.py +++ b/setup.py @@ -8,23 +8,45 @@ NEWS = open(os.path.join(here, 'NEWS.txt')).read() version = '0.0.1' +# the only reason this is added is because it's become a part of python 3.9. +# the project standard is python 3.7 however in future that will be updated. +# for now, cached_property is RELUCTANTLY added but a *copy* is added so +# that the generation of HDL is not critically dependent on random crap +# off the internet. you're spending USD 16 *MILLION* on masks, you better +# be absolutely paranoid-level certain you know where every piece of the +# chain creating the HDL comes from. +cprop = "git+https://git.libre-soc.org/git/cached-property.git@1.5.2" \ + "#egg=cached-property-1.5.2" + # using pip3 for ongoing development is a royal pain. seriously not # recommended. therefore a number of these dependencies have been # commented out. *they are still required* - they will need installing # manually. +# XXX UNDER NO CIRCUMSTANCES ADD ARBITRARY DEPENDENCIES HERE. XXX +# as this is HDL, not software, every dependency added is +# a serious maintenance and reproducible-build problem. +# dropping USD 16 million on 7nm Mask Charges when the +# HDL can be compromised - accidentally or deliberately - +# by pip3 going out and randomly downloading complete +# shite is not going to do anyone any favours. + +# TODO: make *all* of these be from libre-soc git repo only +# (which means updating the nmigen-soc one to mirror gitlab) + install_requires = [ # 'sfpy', # needs manual patching 'libresoc-ieee754fpu', # uploaded (successfully, whew) to pip 'libresoc-openpower-isa', # uploaded (successfully, whew) to pip # 'nmigen-soc', # install manually from git.libre-soc.org - # git url needed for having `pip3 install -e .` install from libre-soc's git repo - "cached-property@git+https://git.libre-soc.org/git/cached-property.git@1.5.2#egg=cached-property-1.5.2", + + # git url needed for having `pip3 install -e .` install from libre-soc git + "cached-property@"+cprop, ] -# git url needed for having `setup.py develop` install from libre-soc's git repo +# git url needed for having `setup.py develop` install from libre-soc git dependency_links = [ - "git+https://git.libre-soc.org/git/cached-property.git@1.5.2#egg=cached-property-1.5.2", + cprop, ] test_requires = [ @@ -41,7 +63,8 @@ setup( long_description_content_type='text/markdown', classifiers=[ "Topic :: Software Development", - "License :: OSI Approved :: GNU Lesser General Public License v3 or later (LGPLv3+)", + "License :: OSI Approved :: " \ + "GNU Lesser General Public License v3 or later (LGPLv3+)", "Programming Language :: Python :: 3", "Operating System :: OS Independent", ],