skia2/requirements.txt

# Pip checks downloaded package archives against local hashes to protect against remote tampering
# Read https://pip.pypa.io/en/stable/cli/pip_install/#hash-checking-mode for more information

jinja2==2.11.3 --hash=sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419
# https://github.com/pallets/markupsafe/issues/286

# Multiple hash entries are required for platform dependent distributions.
# Currently supported hashes by platform in order are: Linux, Intel MacOS, M1 MacOS
MarkupSafe==2.0.1 --hash=sha256:1f2ade76b9903f39aa442b4aadd2177decb66525062db244b35d71d0ee8599b6 \
                  --hash=sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7 \
                  --hash=sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26
add Mac hash for MarkupSafe requirements Change-Id: Ibbc3abd2b84b4a77b90ceec8707776dbc238fa89 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/528442 Auto-Submit: Jorge Betancourt <jmbetancourt@google.com> Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Jorge Betancourt <jmbetancourt@google.com> 2022-04-13 14:58:26 +00:00			`# Pip checks downloaded package archives against local hashes to protect against remote tampering`
			`# Read https://pip.pypa.io/en/stable/cli/pip_install/#hash-checking-mode for more information`

[bazel] Use hermetic Python with jinja2+MarkupSafe The file generation logic that dawn [1] uses to make some source files requires jinja2, which also requires MarkupSafe. The GN build handles this by specifying those repos in DEPS, checking them out at a certain git hash, and then providing them via a command line arg [2]. We do not have to do it this way in Bazel to have reproducible builds. This CL specifies an exact version (verified by sha256) of those two deps and then uses a hermetic version of Python 3.9 to run all py_binary commands. Previously, we would rely on the system Python (and installed libraries). That happened to work on my machine, but not on other machines without jinja2 and MarkupSafe installed. After this CL, it should work on machines that do not have python even installed. I chose the same jinja2 version used by Dawn [3], which was 2.11.3. Then I chose the newest version of MarkupSafe that was compatible with jinja2 (2.0.1). If we have other python scripts that need external deps, we should be able to specify them in the py_binary that needs them and in requirements.txt. Then, the pip_install() step in WORKSPACE.bazel will download them and make them available. [1] https://dawn.googlesource.com/dawn.git/+/refs/heads/main/docs/dawn/overview.md [2] https://dawn.googlesource.com/dawn.git/+/e45ff6a4b3c2f06dade68ec0f01ddc3bfd70c282/generator/generator_lib.gni#77 [3] https://chromium.googlesource.com/chromium/src/third_party/jinja2/+/ee69aa00ee8536f61db6a451f3858745cf587de6 Change-Id: I3d0074f3003de179400e239e00107c34f35f4901 Bug: skia:12541 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/524217 Reviewed-by: Ben Wagner <bungeman@google.com> Reviewed-by: Leandro Lovisolo <lovisolo@google.com> 2022-03-25 16:36:17 +00:00			`jinja2==2.11.3 --hash=sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419`
			`# https://github.com/pallets/markupsafe/issues/286`
add Mac hash for MarkupSafe requirements Change-Id: Ibbc3abd2b84b4a77b90ceec8707776dbc238fa89 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/528442 Auto-Submit: Jorge Betancourt <jmbetancourt@google.com> Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Jorge Betancourt <jmbetancourt@google.com> 2022-04-13 14:58:26 +00:00
			`# Multiple hash entries are required for platform dependent distributions.`
Added expected hash for MarkupSafe for the MacOS platform with the M1 chip Change-Id: I9dd480a5a0a62389b48a667f632e165a4e2add41 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/542298 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Nicolette Prevost <nicolettep@google.com> Reviewed-by: Jorge Betancourt <jmbetancourt@google.com> 2022-05-19 17:11:33 +00:00			`# Currently supported hashes by platform in order are: Linux, Intel MacOS, M1 MacOS`
add Mac hash for MarkupSafe requirements Change-Id: Ibbc3abd2b84b4a77b90ceec8707776dbc238fa89 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/528442 Auto-Submit: Jorge Betancourt <jmbetancourt@google.com> Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Jorge Betancourt <jmbetancourt@google.com> 2022-04-13 14:58:26 +00:00			`MarkupSafe==2.0.1 --hash=sha256:1f2ade76b9903f39aa442b4aadd2177decb66525062db244b35d71d0ee8599b6 \`
Added expected hash for MarkupSafe for the MacOS platform with the M1 chip Change-Id: I9dd480a5a0a62389b48a667f632e165a4e2add41 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/542298 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Nicolette Prevost <nicolettep@google.com> Reviewed-by: Jorge Betancourt <jmbetancourt@google.com> 2022-05-19 17:11:33 +00:00			`--hash=sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7 \`
			`--hash=sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26`