On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer. Makes code slightly more
forward compatible by reducing use of the six module.
* Rename BuildDirectory to TempDirectory
Because that's what it is.
* Use TempDirectory in more places (take 2)
* Fix indentation...
* 🎨
* Dumb mistake.
* Defer creation of temporary directory
* Misc
* Oops!
* Use better name
* Fix mistakes made in rebasing
* Remove unnecessary wrapping
* 📰
* Misc change to trigger a new CI build
* Make TempDirectory more robust
Update test accordingly
* 🎨 Remove unused import
* 🔧 Fix mistake made during merge
* Move kind to prefix
* Move delete initalization to __init__
* Remove unrelated message
* Improve existing test
* Oops.
* Add a test to verify that readonly files are also deleted
* 🎨
* Increase places where TempDirectory is used
* Remove unused import
* Improve tests, fix bug
* 🎨
* Update test for new behaviour
* Missed no_clean argument
* Make temp_dir private
* Delete the temporary directory based on no_clean
* Give TemporaryDirectory use a unique name
* 🎨
* 📝 Add basic documentation
Some systems have /tmp symlinked which confuses custom builds, such as
numpy. This ensures that real path is passed and that such builds
resolve their paths correctly during build and install.
Added test for the change and also for the previous related fix: #707
---
*This was migrated from pypa/pip#3079 to reparent it to the ``master``
branch. Please see original pull request for any previous discussion.*
* Add --require-hashes option. This is handy in deployment scripts to force application authors to hash their requirements. It is also a convenient way to get pip to show computed hashes for a virgin, unhashed requirements file. Eventually, additions to `pip freeze` should fill a superset of this use case.
* In --require-hashes mode, at least one hash is required to match for each requirement.
* Option-based requirements (--sha256=...) turn on --require-hashes mode implicitly.
* Internet-derived URL-based hashes are "necessary but not sufficient": they do not satisfy --require-hashes mode when they match, but they are still used to guard against transmission errors.
* Other URL-based requirements (#md5=...) are treated just like flag-based ones, except they don't turn on --require-hashes.
* Complain informatively, with the most devastating errors first so you don't chase your tail all day only to run up against a brick wall at the end. This also means we don't complain that a hash is missing, only for the user to find, after fixing it, that we have no idea how to even compute a hash for that type of requirement.
* Complain about unpinned requirements when hash-checking mode is on, lest they cause the user surprise later.
* Complain about missing hashes.
* Complain about requirement types we don't know how to hash (like VCS ones and local dirs).
* Have InstallRequirement keep its original Link around (original_link) so we can differentiate between URL hashes from requirements files and ones downloaded from the (untrustworthy) internet.
* Remove test_download_hashes, which is obsolete. Similar coverage is provided in test_utils.TestHashes and the various hash cases in test_req.py.