fromager
Fromager is a tool for completely re-building a dependency tree of Python wheels from source, designed for reproducible builds and supply chain security.
| Source Code | https://github.com/python-wheel-build/fromager |
|---|---|
| Documentation | https://fromager.readthedocs.io/en/latest/ |
| PyPI | https://pypi.org/project/fromager/ |
Fromager is a Python packaging tool that provides comprehensive control over the build process for Python wheels and their dependencies. The tool was created to address four primary goals:
- Source-based builds: Ensure binary packages are built from source in a compatible environment
- Complete dependency rebuilds: Rebuild all package dependencies from source
- Build tool transparency: Build all build tools from source
- Customizable processes: Enable flexible and customizable build processes
Key Features
- PEP-517 compatibility for modern Python packaging standards
- Source code patching capabilities for customizing packages during build
- Build variants support for different compilation configurations
- Hooks and override plugins for advanced build customization
- Automated build processes with comprehensive dependency management
Use Cases
- Reproducible software builds with complete transparency
- Secure build pipelines (Red Hat uses fromager in secure build pipelines for products distributed via OCI container images)
- Supply chain security with full visibility into the build process
- Custom package compilation for specific requirements or optimizations
What’s with the name?
Python’s name comes from Monty Python, the group of comedians. One of their skits is about a cheese shop that has no cheese in stock. The original Python Package Index (https://pypi.org) was called The Cheeseshop, in part because it hosted metadata about packages but no actual packages. The wheel file format was selected because cheese is packaged in wheels. And “fromager” (fro mah jay) is the French word for someone who makes or sells cheese.