Romt

Latest version: v0.5.1

Safety actively analyzes 613544 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 3

0.5.1

=============

- Remove extraneous artifacts from the built ``romt-x.y.z-*.whl`` file. In the
absence of a specified ``format`` option, these should have been present only
in the source distribution file ``romt-x.y.z.tar.gz`` according to the Poetry
documentation (https://python-poetry.org/docs/pyproject/#include-and-exclude).
Now explicitly restrict these included files using ``format = "sdist"``. In
addition, include ``make-exec-*`` and ``romt-wrapper.py`` into the source
distribution file to allow building the ``romt`` executable.

0.5.0

=============

- Bump minimum required interpreter version from Python 3.6 to Python 3.8.

- Add ``toolchain download --cross`` feature to allow downloading only the
``rust-std`` (Rust standard library) component of a target. This is useful
for allowing cross-compilation to a given target without downloading the full
native toolchain for that target.

- Update list of supported ``rustup`` targets.

- Note the use of the ``.toml`` suffix for Cargo configuration files.

- Note how to configure Cargo to use the Git command-line client for fetching
the ``crates.io-index`` repository for greatly improved performance.

- Switch to Python Poetry for dependency management.

- Require ``git`` only for operations that need it.

- Tighten command-line argument parsing for shared arguments. Due to an
unfortunate design aspect of Python's ``argparse`` module, "global" arguments
do not work when shared between the main argument parser and subparsers. So,
for example, ``romt --readme`` is accepted and correctly processed, whereas
``romt crate --readme`` is not a syntax error but the ``--readme`` switch is
effectively ignored. There doesn't appear to be a clean way to work around
this, so common arguments are no longer shared between the subparsers and the
main parser. The two main switches (``--readme`` and ``--version``) must be
given before any subcommand, and the remaining switches (``--verbose``,
``--quiet``, ``--num-jobs``, and ``--timeout``) must be given after the
subcommand name (e.g., ``romt crate --verbose``).

- Allow environment variable ``RUSTUP_DIST_SERVER`` to override default value
for ``romt toolchain --url``. Allow environment variable
``RUSTUP_UPDATE_ROOT`` to override default value for ``romt rustup --url``.

0.4.0

=============

- **NOTE** If upgrading from older Romt, it's recommended to use the same
version of Romt on the Internet-connected machine and the offline machine.
See ``Upgrading from Romt versions before 0.4.0`` in the README.rst for
details.

- Add support for lowercase crate prefixes in CRATES_ROOT. This avoids problems
when using a crate mirror with both case-sensitive and case-insensitive
filesystems simultaneously; see https://github.com/drmikehenry/romt/issues/14.
See README.rst for details.

- Add ``--timeout`` option to control the timeout in seconds for downloading.
Change default timeout from five seconds (the default for the ``httpx``
library) to sixty seconds. A value of ``0`` disables the timeout altogether.

- Fix toolchain unpacking of archives created with multiple specs and
``--target=all`` (see https://github.com/drmikehenry/romt/issues/17). When
packing a toolchain archive, the specs and targets are specified
independently, so typically each spec must use the same list of targets; but
the special target ``all`` is expanded to a per-spec list of targets during
packing. During unpacking, Romt had been detecting the union of all targets
present in the archive and applying this set of targets to all detected specs
in the archive, causing problems if one spec supported more targets than the
others. Now Romt detects archives that contain all targets for all included
specs and converts back to the special ``all`` target for verification and
further processing.

0.3.4

=============

- Fix detection of toolchain targets in the presence of artifacts shared across
targets. Previously, a given target was detected whenever any one of that
target's artifact files was found to be present. This algorithm is
insufficient when an artifact file may be shared across different targets.
Instead, a target is now detected with either *all* artifacts for that target
are present, or when at least one of the target's artifacts is present and is
unique to that target (not shared with other targets). The incorrect target
detection could lead to ``MissingFileError`` exceptions when unpacking a
toolchain archive whenever targets not present in the archive share artifact
files with targets present in the archive.

- Update list of known targets for ``rustup``.

0.3.3

=============

- Fix issue 13 regarding duplicate toolchain artifact URLs. Some distinct
toolchain artifacts may share the same download URL (e.g.,
``.../rust-docs-nightly-x86_64-unknown-linux-gnu.tar.xz`` is shared across
several other processor variants). Before version 0.3.0, this was handled
naturally by the sequential nature of the download operation, but the new
asynchronous support from 0.3.0 failed to account for the possible
duplication.

0.3.2

=============

- Fix issue 12 causing the below error with ``romt crate import`` on Windows::

INDEX remote ``origin`` must have ``url`` as a local file

Romt requires the URL to be a local path (e.g., ``/path/to/origin.bundle``)
instead of a URL with a schema (e.g., ``https://server/path``). The check for
URL schemas was overzealous. URLs with a leading ``schema:`` prefix should be
rejected, but Windows paths with drive letters such as
``c:/path/to/origin.bundle`` are local; the ``c:`` drive letter should not be
considered to be a ``schema:`` prefix. Single-character schema-like prefixes
are no longer treated as errors.

- Clarify quick-start instructions, pointing out steps which are one-time only.

- Add probe for Alpine Linux's default location for ``git-http-backend``
(``/usr/libexec/git-core/git-http-backend``) in addition to the more common
location (``/usr/lib/git-core/git-http-backend``). This eliminates the need
for manual configuration with Alpine (see issue 11).

- Improve exception messages. For `DownloadError` in particular, embed the
`repr()` of the associated exception from `httpx` to aid in debugging
`httpx`-related errors (see also issue 10 for more debugging of `httpx`
proxy-related issues).

- Support ``{prefix}`` and ``{lowerprefix}`` in ``crate --crates-url``.

- Honor ``toolchain --no-signature`` for ``toolchain fixup`` (mainly for
testing).

Page 1 of 3

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.