On 19. 08. 23 23:57, Maxwell G wrote:
On Sat Aug 19, 2023 at 22:13 +0200, Miro Hrončok wrote:
On 19. 08. 23 19:44, Maxwell G wrote:
Hi Pythonistas,
%pyproject_save_files automatically handles marking license files with %license when a build backend installs them into a package's dist-info directory and the License-File header is specified in the METADATA file. Currently, only setuptools and hatchling meet this criteria. Notably, poetry and flit do not support this. They will install license texts into the dist-info directory, but they do not add the License-File metadata. The License-File tag is not standardized, and discussion on PEP 639 which defines this standard has stalled. I believe relying on this feature is a problem, as if a project changes build systems or some other config and a packager doesn't realize, suddenly the license file won't be marked with %license or even worse, not installed at all. Since the pyproject macros read the build backend from pyproject.toml without packagers having to manually specify anything (which is generally great!), this situation seems likely to occur.
Until these issues are resolved, I propose banning this in Fedora and requiring packagers to manually mark files with %license or at least adding a large warning to the Packaging Guidelines. It can be similar to the `'*' +auto` flags which are used by pyp2spec for automatic PyPI builds in Copr but not allowed in Fedora proper. What do y'all think? Am I missing something?
Hey. Alternatively to banning this: what if we make %pyproject_save_files fail without a license? Obviously, that would be a breaking change, so it could be opt-in first.
%pyproject_save_files -l ...
When used like this, no License-File header would result in an error.
We could introduce a reverse flag -L (don't fail without a license), and have a discussion about changing the default later.
The guidelines could than say something like: If there is a license file you MUST do one of the following when using %pyproject_save_files:
- use -l and don't list it in %files explicitly
- use -L and list it in %files explicitly
That way, we ensure the license is packaged (and marked as %license) while not reducing automation.
I like -l flag idea, but I don't think we can make it fail by default for the foreseeable future, given the status of PEP 639 and build system adoption. We could use a heuristic (such as a hardcoded list of globs) to match license files in dist-info directories if License-File doesn't exist, but I'm not sure that's the best idea. I'm hesitant about adding a noop -L flag until we actually have a plan/criteria on when to start enforcing -l, but I don't feel strongly.
I've drafted the implementation:
https://src.fedoraproject.org/rpms/pyproject-rpm-macros/pull-request/422
The -l flag asserts at least 1 License-File is present. The -L flag disables the assert (i.e. it does nothing).
I was considering the idea that the -L flag would assert no License-File was found, but I don't think that will be that useful.