From 2ce210011c733cbbda13706322652dabf97d6e67 Mon Sep 17 00:00:00 2001 From: Derek Straka Date: Fri, 13 Dec 2024 19:48:01 +0000 Subject: classes/pypi: update the default UPSTREAM_CHECK_URI to use the simple repo API Update the UPSTREAM_CHECK_URI to leverage the simple repo API. The project URLs require javascript which breaks the version checking fetch and subsequent logic. The simple repo API provides similar functionality with a well defined spec which is used by tools such as pip. Also update the UPSTREAM_CHECK_REGEX to be compatible with the information retrieved via the API (From OE-Core rev: 10febb0e8193d15aec8bbf80b849ae6732da3c22) Signed-off-by: Derek Straka Signed-off-by: Richard Purdie --- meta/classes-recipe/pypi.bbclass | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'meta/classes-recipe') diff --git a/meta/classes-recipe/pypi.bbclass b/meta/classes-recipe/pypi.bbclass index c6bbe8119a..b0bc167cdf 100644 --- a/meta/classes-recipe/pypi.bbclass +++ b/meta/classes-recipe/pypi.bbclass @@ -28,6 +28,14 @@ def pypi_src_uri(d): archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name return 'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' % (package[0], package, archive_name, archive_downloadname) +def pypi_normalize(d): + """" + Normalize the package names to match PEP625 (https://peps.python.org/pep-0625/). + For non-compliant packages, maintainers can set UPSTREAM_CHECK_PYPI_PACKAGE to override the normalization + """ + import re + return re.sub(r"[-_.]+", "-", d.getVar('PYPI_PACKAGE')).lower() + PYPI_SRC_URI ?= "${@pypi_src_uri(d)}" HOMEPAGE ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/" @@ -36,8 +44,14 @@ SRC_URI:prepend = "${PYPI_SRC_URI} " S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}" # Replace any '_' characters in the pypi URI with '-'s to follow the PyPi website naming conventions -UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@d.getVar('PYPI_PACKAGE').replace('_', '-')}" -UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${UPSTREAM_CHECK_PYPI_PACKAGE}/" -UPSTREAM_CHECK_REGEX ?= "/${UPSTREAM_CHECK_PYPI_PACKAGE}/(?P(\d+[\.\-_]*)+)/" +UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@pypi_normalize(d)}" + +# Use the simple repository API rather than the potentially unstable project URL +# More information on the pypi API specification is avaialble here: +# https://packaging.python.org/en/latest/specifications/simple-repository-api/ +# +# NOTE: All URLs for the simple API MUST request canonical normalized URLs per the spec +UPSTREAM_CHECK_URI ?= "https://pypi.org/simple/${@pypi_normalize(d)}" +UPSTREAM_CHECK_REGEX ?= "${UPSTREAM_CHECK_PYPI_PACKAGE}-(?P(\d+[\.\-_]*)+).(tar\.gz|tgz|zip|tar\.bz2)" CVE_PRODUCT ?= "python:${PYPI_PACKAGE}" -- cgit v1.2.3-54-g00ecf