commit: f6240b308abc84c6f83711cdcb4d5bad707d1eba Author: Eli Schwartz <eschwartz <AT> gentoo <DOT> org> AuthorDate: Fri Jul 5 19:22:04 2024 +0000 Commit: Eli Schwartz <eschwartz <AT> gentoo <DOT> org> CommitDate: Fri Nov 29 21:12:07 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6240b30
dev-python/setuptools: allow disabling validation of pypi.org allowed strings Trove classifiers, and their officialness, have no effect on a wheel other than determining whether they are allowed to be uploaded to a non-Gentoo website, and enabling the search index of that other site. We don't need this, and we don't need to validate it. Setuptools will disable validation if both of: - network downloads failed - cannot successfully import the `trove_classifiers` module occurs. If trove-classifiers is installed by coincidence, this breaks builds when it doesn't get updated on an extremely rapid basis and some random package in dev-python/* uses a classifier that was made official just the other day. We could solve this another way, by making dev-python/setuptools PDEPEND on trove-classifiers, and constantly bump the >= dependency. But this is a pointless hassle. In fact, we're actually doing it, and it's been a pointless hassle. We need to maintain up-to-the-minute minimum bounds on the very latest version, and bump setuptools to a new -rX just to update the minimum version of a package it doesn't even depend on. We need to package new versions of trove-classifiers before *other* Gentoo Devs outside of the python project, can successfully revbump their own packages. We need to coordinate stabilization of trove-classifiers in combination with those other packages. We force people to install a pointless package. We overuse PDEPEND. Instead, apply a *rejected* upstream patch to add an environment variable that skips this specific validation code block entirely. Upstream doesn't want to maintain code that contains branches, so we will maintain it locally. Since it is Gentoo-specific, the variable is also prefixed with GENTOO_ and is expected to be used solely inside of distribution packaging while not affecting manual usage of setuptools outside of portage. Bug: https://github.com/pypa/setuptools/issues/4459 Signed-off-by: Eli Schwartz <eschwartz <AT> gentoo.org> ...edgeable-users-to-disable-validating-trov.patch | 65 ++++++++++++++++++++++ ...tuptools-75.6.0-disable-trove-classifiers.patch | 32 ----------- ...4.1.3-r1.ebuild => setuptools-74.1.3-r2.ebuild} | 7 +-- ...s-75.5.0.ebuild => setuptools-75.5.0-r1.ebuild} | 7 +-- ...5.6.0-r1.ebuild => setuptools-75.6.0-r2.ebuild} | 9 +-- 5 files changed, 68 insertions(+), 52 deletions(-) diff --git a/dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch b/dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch new file mode 100644 index 000000000000..4ab6bbae7af4 --- /dev/null +++ b/dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch @@ -0,0 +1,65 @@ +From f694e474ab3c45af6241a3f2bf575f8188e9cbea Mon Sep 17 00:00:00 2001 +From: Eli Schwartz <eschwa...@gentoo.org> +Date: Mon, 11 Nov 2024 19:51:54 -0500 +Subject: [PATCH] Allow knowledgeable users to disable validating + trove-classifiers + +Classifiers are based on a "blessed list" of search terms that are +allowed on https://pypi.org and need to be regularly kept up to date in +order to validate them. + +Many people don't care about this. Arguably, *no one* cares about this, +since wheels that have search terms that PyPI doesn't consider popular +enough will simply fail uploading to PyPI. But also, not everyone wants +to download new lists of "allowed words" from the internet every time +they check to see if e.g. pyproject.toml contains a valid format that +won't traceback when someone tries to read the "name" field and gets an +integer instead of a string. Or their entrypoints are malformed because +they aren't a valid python object reference. + +This is also an issue because one might have an old version of the +classifiers cached, and then a new classifier is added to +https://pypi.org and you want to use it immediately, and the local +validator in the form of validate_pyproject fails but actually uploading +a wheel to https://pypi.org would work fine. + +Signed-off-by: Eli Schwartz <eschwa...@gentoo.org> +Signed-off-by: Eli Schwartz <eschwart...@gmail.com> +--- + .../config/_validate_pyproject/formats.py | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/setuptools/config/_validate_pyproject/formats.py b/setuptools/config/_validate_pyproject/formats.py +index 153b1f0b2..50b8520e9 100644 +--- a/setuptools/config/_validate_pyproject/formats.py ++++ b/setuptools/config/_validate_pyproject/formats.py +@@ -205,15 +205,19 @@ class _TroveClassifier: + return value in self.downloaded or value.lower().startswith("private ::") + + +-try: +- from trove_classifiers import classifiers as _trove_classifiers +- ++if os.getenv("GENTOO_VALIDATE_PYPROJECT_NO_TROVE_CLASSIFIERS"): + def trove_classifier(value: str) -> bool: +- """See https://pypi.org/classifiers/""" +- return value in _trove_classifiers or value.lower().startswith("private ::") ++ return True ++else: ++ try: ++ from trove_classifiers import classifiers as _trove_classifiers + +-except ImportError: # pragma: no cover +- trove_classifier = _TroveClassifier() ++ def trove_classifier(value: str) -> bool: ++ """See https://pypi.org/classifiers/""" ++ return value in _trove_classifiers or value.lower().startswith("private ::") ++ ++ except ImportError: # pragma: no cover ++ trove_classifier = _TroveClassifier() + + + # ------------------------------------------------------------------------------------- +-- +2.45.2 + diff --git a/dev-python/setuptools/files/setuptools-75.6.0-disable-trove-classifiers.patch b/dev-python/setuptools/files/setuptools-75.6.0-disable-trove-classifiers.patch deleted file mode 100644 index c5111e985f61..000000000000 --- a/dev-python/setuptools/files/setuptools-75.6.0-disable-trove-classifiers.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0d9e8bc7d6df86381ac56770dc95fc75276f49ef Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgo...@gentoo.org> -Date: Thu, 21 Nov 2024 20:40:14 +0100 -Subject: [PATCH] Add an option to disable using trove-classifiers package - -As requested in https://github.com/pypa/setuptools/issues/4459, add -a VALIDATE_PYPROJECT_NO_TROVE_CLASSIFIERS environment variable that can -be used to disable using trove_classifiers package even if it is -available. This can be used when the system features an outdated -trove_classifiers, and therefore incorrectly triggers validation error. -The change is designed to be absolutely minimal and non-intrusive. ---- - setuptools/config/_validate_pyproject/formats.py | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/setuptools/config/_validate_pyproject/formats.py b/setuptools/config/_validate_pyproject/formats.py -index aacf4092b..0b05ab17b 100644 ---- a/setuptools/config/_validate_pyproject/formats.py -+++ b/setuptools/config/_validate_pyproject/formats.py -@@ -210,6 +210,9 @@ try: - """See https://pypi.org/classifiers/""" - return value in _trove_classifiers or value.lower().startswith("private ::") - -+ if os.getenv("VALIDATE_PYPROJECT_NO_TROVE_CLASSIFIERS"): # pragma: no cover -+ raise ImportError() -+ - except ImportError: # pragma: no cover - trove_classifier = _TroveClassifier() - --- -2.47.0 - diff --git a/dev-python/setuptools/setuptools-74.1.3-r1.ebuild b/dev-python/setuptools/setuptools-74.1.3-r2.ebuild similarity index 93% rename from dev-python/setuptools/setuptools-74.1.3-r1.ebuild rename to dev-python/setuptools/setuptools-74.1.3-r2.ebuild index 9cc97e5921d2..62bcc9708b4a 100644 --- a/dev-python/setuptools/setuptools-74.1.3-r1.ebuild +++ b/dev-python/setuptools/setuptools-74.1.3-r2.ebuild @@ -64,20 +64,15 @@ BDEPEND=" " # setuptools-scm is here because installing plugins apparently breaks stuff at # runtime, so let's pull it early. See bug #663324. -# -# trove-classifiers are optionally used in validation, if they are -# installed. Since we really oughtn't block them, let's always enforce -# the newest version for the time being to avoid errors. -# https://github.com/pypa/setuptools/issues/4459 PDEPEND=" dev-python/setuptools-scm[${PYTHON_USEDEP}] - >=dev-python/trove-classifiers-2024.10.16[${PYTHON_USEDEP}] " src_prepare() { local PATCHES=( # TODO: remove this when we're 100% PEP517 mode "${FILESDIR}/setuptools-62.4.0-py-compile.patch" + "${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch ) distutils-r1_src_prepare diff --git a/dev-python/setuptools/setuptools-75.5.0.ebuild b/dev-python/setuptools/setuptools-75.5.0-r1.ebuild similarity index 93% rename from dev-python/setuptools/setuptools-75.5.0.ebuild rename to dev-python/setuptools/setuptools-75.5.0-r1.ebuild index 8bd616a1e315..9e5a6fe7eb3f 100644 --- a/dev-python/setuptools/setuptools-75.5.0.ebuild +++ b/dev-python/setuptools/setuptools-75.5.0-r1.ebuild @@ -66,20 +66,15 @@ BDEPEND=" " # setuptools-scm is here because installing plugins apparently breaks stuff at # runtime, so let's pull it early. See bug #663324. -# -# trove-classifiers are optionally used in validation, if they are -# installed. Since we really oughtn't block them, let's always enforce -# the newest version for the time being to avoid errors. -# https://github.com/pypa/setuptools/issues/4459 PDEPEND=" dev-python/setuptools-scm[${PYTHON_USEDEP}] - >=dev-python/trove-classifiers-2024.10.16[${PYTHON_USEDEP}] " src_prepare() { local PATCHES=( # TODO: remove this when we're 100% PEP517 mode "${FILESDIR}/setuptools-62.4.0-py-compile.patch" + "${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch ) distutils-r1_src_prepare diff --git a/dev-python/setuptools/setuptools-75.6.0-r1.ebuild b/dev-python/setuptools/setuptools-75.6.0-r2.ebuild similarity index 90% rename from dev-python/setuptools/setuptools-75.6.0-r1.ebuild rename to dev-python/setuptools/setuptools-75.6.0-r2.ebuild index a9961b9303cc..9e5a6fe7eb3f 100644 --- a/dev-python/setuptools/setuptools-75.6.0-r1.ebuild +++ b/dev-python/setuptools/setuptools-75.6.0-r2.ebuild @@ -66,22 +66,15 @@ BDEPEND=" " # setuptools-scm is here because installing plugins apparently breaks stuff at # runtime, so let's pull it early. See bug #663324. -# -# trove-classifiers are optionally used in validation, if they are -# installed. Since we really oughtn't block them, let's always enforce -# the newest version for the time being to avoid errors. -# https://github.com/pypa/setuptools/issues/4459 PDEPEND=" dev-python/setuptools-scm[${PYTHON_USEDEP}] - >=dev-python/trove-classifiers-2024.10.16[${PYTHON_USEDEP}] " src_prepare() { local PATCHES=( # TODO: remove this when we're 100% PEP517 mode "${FILESDIR}/setuptools-62.4.0-py-compile.patch" - # https://github.com/abravalheri/validate-pyproject/pull/221 - "${FILESDIR}/setuptools-75.6.0-disable-trove-classifiers.patch" + "${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch ) distutils-r1_src_prepare