On 19. 08. 23 23:57, Maxwell G wrote:
On Sat Aug 19, 2023 at 22:13 +0200, Miro Hrončok wrote:
> On 19. 08. 23 19:44, Maxwell G wrote:
>> Hi Pythonistas,
>>
>> %pyproject_save_files automatically handles marking license files
>> with %license when a build backend installs them into a package's
>> dist-info directory and the License-File header is specified in the
>> METADATA file. Currently, only setuptools and hatchling meet this
>> criteria. Notably, poetry and flit do not support this. They will
>> install license texts into the dist-info directory, but they do not add
>> the License-File metadata. The License-File tag is not standardized, and
>> discussion on PEP 639 which defines this standard has stalled. I believe
>> relying on this feature is a problem, as if a project changes build
>> systems or some other config and a packager doesn't realize, suddenly
>> the license file won't be marked with %license or even worse, not
>> installed at all. Since the pyproject macros read the build backend from
>> pyproject.toml without packagers having to manually specify anything
>> (which is generally great!), this situation seems likely to occur.
>>
>> Until these issues are resolved, I propose banning this in Fedora and
>> requiring packagers to manually mark files with %license or at least
>> adding a large warning to the Packaging Guidelines. It can be similar to
>> the `'*' +auto` flags which are used by pyp2spec for automatic PyPI
>> builds in Copr but not allowed in Fedora proper.
>> What do y'all think? Am I missing something?
>
> Hey. Alternatively to banning this: what if we make %pyproject_save_files fail
> without a license? Obviously, that would be a breaking change, so it could be
> opt-in first.
>
> %pyproject_save_files -l ...
>
> When used like this, no License-File header would result in an error.
>
> We could introduce a reverse flag -L (don't fail without a license), and have a
> discussion about changing the default later.
>
> The guidelines could than say something like: If there is a license file you
> MUST do one of the following when using %pyproject_save_files:
>
> 1) use -l and don't list it in %files explicitly
> 2) use -L and list it in %files explicitly
>
> That way, we ensure the license is packaged (and marked as %license) while not
> reducing automation.
>
I like -l flag idea, but I don't think we can make it fail by default
for the foreseeable future, given the status of PEP 639 and build system
adoption.
We could use a heuristic (such as a hardcoded list of globs) to match
license files in dist-info directories if License-File doesn't exist,
but I'm not sure that's the best idea.
I'm hesitant about adding a noop -L flag until we actually have a
plan/criteria on when to start enforcing -l, but I don't feel strongly.
I've drafted the implementation:
https://src.fedoraproject.org/rpms/pyproject-rpm-macros/pull-request/422
The -l flag asserts at least 1 License-File is present.
The -L flag disables the assert (i.e. it does nothing).
I was considering the idea that the -L flag would assert no License-File was
found, but I don't think that will be that useful.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok