build: don't allow setuptools to sneakily install build-time deps

see https://pip.pypa.io/en/stable/reference/pip_install/#controlling-setup-requires > Setuptools offers the setup_requires setup() keyword for specifying > dependencies that need to be present in order for the setup.py > script to run. Internally, Setuptools uses easy_install to > fulfill these dependencies. > pip has no way to control how these dependencies are located. > None of the package index options have an effect. With these changes, we will now instead hard fail if this were to happen. related: https://github.com/spesmilo/electrum/issues/5859#issuecomment-743621898
2020-12-12 02:52:38 +01:00
parent a83805e00b
commit 19f806ddf4
6 changed files with 36 additions and 0 deletions
--- a/contrib/build-linux/appimage/build.sh
+++ b/contrib/build-linux/appimage/build.sh
@@ -94,6 +94,8 @@ python='appdir_python'
 info "installing pip."
 "$python" -m ensurepip

+break_legacy_easy_install
+

 info "preparing electrum-locale."
 (
--- a/contrib/build-linux/sdist/build.sh
+++ b/contrib/build-linux/sdist/build.sh
@@ -12,6 +12,8 @@ DISTDIR="$PROJECT_ROOT/dist"
 # note that at least py3.7 is needed, to have https://bugs.python.org/issue30693
 python3 --version || fail "python interpreter not found"

+break_legacy_easy_install
+
 # upgrade to modern pip so that it knows the flags we need.
 # we will then install a pinned version of pip as part of requirements-build-sdist
 python3 -m pip install --upgrade pip