Bug 1143350 - Use peep instead of pip locally, on Travis & in Docker

We want to start using peep in production, to alleviate security concerns with the idea of auto-updating packages from PyPI on deploy. As a first step, we switch to using peep in the Vagrant environment, on Travis and in the Docker build - so we can confirm the hashes are correct. Close bug 1143350.
2015-03-15 15:21:53 +00:00 · 2015-03-15 15:21:53 +00:00 · 8e67030a35
--- a/.travis.yml
+++ b/.travis.yml
@ -27,8 +27,8 @@ services:
  - rabbitmq
  - memcached
 install:
-  - pip install -r requirements/common.txt
-  - pip install -r requirements/dev.txt
+  - ./bin/peep.py install -r requirements/common.txt
+  - ./bin/peep.py install -r requirements/dev.txt
 before_script:
  - flake8 --show-source
  - python setup.py build_ext --inplace
--- a/3
+++ b/3
@ -5,9 +5,8 @@ ENV PATH /venv/bin:$PATH
 WORKDIR /app
 RUN apt-get update && apt-get install -yq --force-yes mysql-client
 COPY ./requirements/common.txt /app/requirements.txt
-RUN pip install -r requirements.txt
-
 COPY ./docker/etc/profile.d/treeherder.sh /etc/profile.d/treeherder.sh
 COPY . /app
+RUN bin/peep.py install -r requirements.txt
 RUN setup.py build_ext --inplace
 RUN mkdir -p /var/log/gunicorn && mkdir -p /var/log/treeherder/
--- a/bin/generate-vendor-lib.py
+++ b/bin/generate-vendor-lib.py
@ -34,13 +34,14 @@ def generate_vendor_lib():
        shutil.rmtree(target)
        os.mkdir(target)
        create_environment(venv, site_packages=False)
-        pip = os.path.join(venv, "bin", "pip")
+        venv_python = os.path.join(venv, "bin", "python")
+        peep = os.path.join(base, "bin", "peep.py")

        subprocess.check_call(
-            "{0} install --no-deps -r {1} "
-            '--install-option="--install-purelib={2}" '
-            '--install-option="--install-data={2}"'.format(
-                pip, reqs, target),
+            "{0} {1} install --no-deps -r {2} "
+            '--install-option="--install-purelib={3}" '
+            '--install-option="--install-data={3}"'.format(
+                venv_python, peep, reqs, target),
            shell=True,
        )
    finally:
--- a/puppet/manifests/classes/dev.pp
+++ b/puppet/manifests/classes/dev.pp
@ -3,10 +3,10 @@
 # file, you can obtain one at http://mozilla.org/MPL/2.0/.

 class dev{
-  exec{"pip-install-dev":
+  exec{"peep-install-dev":
    user => "${APP_USER}",
    cwd => '/tmp',
-    command => "${VENV_DIR}/bin/pip install -r ${PROJ_DIR}/requirements/dev.txt",
+    command => "${VENV_DIR}/bin/python ${PROJ_DIR}/bin/peep.py install -r ${PROJ_DIR}/requirements/dev.txt",
    timeout => 1800,
  }

--- a/puppet/manifests/classes/python.pp
+++ b/puppet/manifests/classes/python.pp
@ -64,11 +64,11 @@ class python {
    user => "${APP_USER}",
  }

-  exec{"pip-install-compiled":
+  exec{"peep-install-compiled":
    require => Exec['create-virtualenv'],
    user => "${APP_USER}",
    cwd => '/tmp',
-    command => "${VENV_DIR}/bin/pip install -r ${PROJ_DIR}/requirements/common.txt",
+    command => "${VENV_DIR}/bin/python ${PROJ_DIR}/bin/peep.py install -r ${PROJ_DIR}/requirements/common.txt",
    timeout => 1800,
  }