classes/pypi: update the default UPSTREAM_CHECK_URI to use the simple repo API

Update the UPSTREAM_CHECK_URI to leverage the simple repo API. The project URLs require javascript which breaks the version checking fetch and subsequent logic. The simple repo API provides similar functionality with a well defined spec which is used by tools such as pip. Also update the UPSTREAM_CHECK_REGEX to be compatible with the information retrieved via the API (From OE-Core rev: 10febb0e8193d15aec8bbf80b849ae6732da3c22) Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Derek Straka <derek@asterius.io> 2024-12-13 19:48:01 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-12-17 11:41:52 +0000
commit: 2ce210011c733cbbda13706322652dabf97d6e67 (patch)
tree: bf8156f0a2b894f76ce8b0e9207528fe1a31ff73 /meta/classes-recipe
parent: 16f1f4d63f0e6d7aaeb8537c9753a5c6af04e202 (diff)
download: poky-2ce210011c733cbbda13706322652dabf97d6e67.tar.gz
1 files changed, 17 insertions, 3 deletions
diff --git a/meta/classes-recipe/pypi.bbclass b/meta/classes-recipe/pypi.bbclass
index c6bbe8119a..b0bc167cdf 100644
--- a/meta/classes-recipe/pypi.bbclass
+++ b/meta/classes-recipe/pypi.bbclass
@@ -28,6 +28,14 @@ def pypi_src_uri(d):
    archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name
    return 'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' % (package[0], package, archive_name, archive_downloadname)
+def pypi_normalize(d):
+    """"
+        Normalize the package names to match PEP625 (https://peps.python.org/pep-0625/).
+        For non-compliant packages, maintainers can set UPSTREAM_CHECK_PYPI_PACKAGE to override the normalization
+    """
+    import re
+    return re.sub(r"[-_.]+", "-", d.getVar('PYPI_PACKAGE')).lower()
 PYPI_SRC_URI ?= "${@pypi_src_uri(d)}"
 HOMEPAGE ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/"
@@ -36,8 +44,14 @@ SRC_URI:prepend = "${PYPI_SRC_URI} "
 S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
 # Replace any '_' characters in the pypi URI with '-'s to follow the PyPi website naming conventions
-UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@d.getVar('PYPI_PACKAGE').replace('_', '-')}"
+UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@pypi_normalize(d)}"
-UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${UPSTREAM_CHECK_PYPI_PACKAGE}/"
-UPSTREAM_CHECK_REGEX ?= "/${UPSTREAM_CHECK_PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
+# Use the simple repository API rather than the potentially unstable project URL
+# More information on the pypi API specification is avaialble here:
+# https://packaging.python.org/en/latest/specifications/simple-repository-api/
+#
+# NOTE: All URLs for the simple API MUST request canonical normalized URLs per the spec
+UPSTREAM_CHECK_URI ?= "https://pypi.org/simple/${@pypi_normalize(d)}"
+UPSTREAM_CHECK_REGEX ?= "${UPSTREAM_CHECK_PYPI_PACKAGE}-(?P<pver>(\d+[\.\-_]*)+).(tar\.gz|tgz|zip|tar\.bz2)"
 CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"
author	Derek Straka <derek@asterius.io>	2024-12-13 19:48:01 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-12-17 11:41:52 +0000
commit	2ce210011c733cbbda13706322652dabf97d6e67 (patch)
tree	bf8156f0a2b894f76ce8b0e9207528fe1a31ff73 /meta/classes-recipe
parent	16f1f4d63f0e6d7aaeb8537c9753a5c6af04e202 (diff)
download	poky-2ce210011c733cbbda13706322652dabf97d6e67.tar.gz

diff --git a/meta/classes-recipe/pypi.bbclass b/meta/classes-recipe/pypi.bbclass index c6bbe8119a..b0bc167cdf 100644 --- a/meta/classes-recipe/pypi.bbclass +++ b/meta/classes-recipe/pypi.bbclass
@@ -28,6 +28,14 @@ def pypi_src_uri(d):
28	archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name	28	archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name
29	return 'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' % (package[0], package, archive_name, archive_downloadname)	29	return 'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' % (package[0], package, archive_name, archive_downloadname)
30		30
		31	def pypi_normalize(d):
		32	""""
		33	Normalize the package names to match PEP625 (https://peps.python.org/pep-0625/).
		34	For non-compliant packages, maintainers can set UPSTREAM_CHECK_PYPI_PACKAGE to override the normalization
		35	"""
		36	import re
		37	return re.sub(r"[-_.]+", "-", d.getVar('PYPI_PACKAGE')).lower()
		38
31	PYPI_SRC_URI ?= "${@pypi_src_uri(d)}"	39	PYPI_SRC_URI ?= "${@pypi_src_uri(d)}"
32		40
33	HOMEPAGE ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/"	41	HOMEPAGE ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/"
@@ -36,8 +44,14 @@ SRC_URI:prepend = "${PYPI_SRC_URI} "
36	S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"	44	S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
37		45
38	# Replace any '_' characters in the pypi URI with '-'s to follow the PyPi website naming conventions	46	# Replace any '_' characters in the pypi URI with '-'s to follow the PyPi website naming conventions
39	UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@d.getVar('PYPI_PACKAGE').replace('_', '-')}"	47	UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@pypi_normalize(d)}"
40	UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${UPSTREAM_CHECK_PYPI_PACKAGE}/"	48
41	UPSTREAM_CHECK_REGEX ?= "/${UPSTREAM_CHECK_PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"	49	# Use the simple repository API rather than the potentially unstable project URL
		50	# More information on the pypi API specification is avaialble here:
		51	# https://packaging.python.org/en/latest/specifications/simple-repository-api/
		52	#
		53	# NOTE: All URLs for the simple API MUST request canonical normalized URLs per the spec
		54	UPSTREAM_CHECK_URI ?= "https://pypi.org/simple/${@pypi_normalize(d)}"
		55	UPSTREAM_CHECK_REGEX ?= "${UPSTREAM_CHECK_PYPI_PACKAGE}-(?P<pver>(\d+[\.\-_]*)+).(tar\.gz\|tgz\|zip\|tar\.bz2)"
42		56
43	CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"	57	CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"