[Buildroot] [PATCH] scanpypi: add support for the new PyPI infrastructure
Yegor Yefremov
yegorslists at googlemail.com
Thu Apr 19 06:57:30 UTC 2018
Hi Arnout,
On Wed, Apr 18, 2018 at 11:22 PM, Arnout Vandecappelle <arnout at mind.be> wrote:
>
>
> On 18-04-18 11:55, yegorslists at googlemail.com wrote:
>> From: Yegor Yefremov <yegorslists at googlemail.com>
>>
>> https://pypi.python.org URL has been changed to https://pypi.org.
>>
>> Package's JSON object now contains sha256 checksum, so use it
>> instead of locally computed one. Change comments in the hash
>> file accordingly.
>>
>> Signed-off-by: Yegor Yefremov <yegorslists at googlemail.com>
>> ---
>> utils/scanpypi | 29 +++++++++++++++--------------
>> 1 file changed, 15 insertions(+), 14 deletions(-)
>>
>> diff --git a/utils/scanpypi b/utils/scanpypi
>> index f03ad0bb64..8a2ae00434 100755
>> --- a/utils/scanpypi
>> +++ b/utils/scanpypi
>> @@ -153,7 +153,7 @@ class BuildrootPackage():
>> """
>> Fetch a package's metadata from the python package index
>> """
>> - self.metadata_url = 'https://pypi.python.org/pypi/{pkg}/json'.format(
>> + self.metadata_url = 'https://pypi.org/pypi/{pkg}/json'.format(
>> pkg=self.real_name)
>> try:
>> pkg_json = six.moves.urllib.request.urlopen(self.metadata_url).read().decode()
>> @@ -187,7 +187,7 @@ class BuildrootPackage():
>> self.metadata['urls'] = [{
>> 'packagetype': 'sdist',
>> 'url': self.metadata['info']['download_url'],
>> - 'md5_digest': None}]
>> + 'digests': None}]
>> # In this case, we can't get the name of the downloaded file
>> # from the pypi api, so we need to find it, this should work
>> urlpath = six.moves.urllib.parse.urlparse(
>> @@ -208,10 +208,10 @@ class BuildrootPackage():
>> else:
>> self.used_url = download_url
>> self.as_string = download.read()
>> - if not download_url['md5_digest']:
>> + if not download_url['digests']['md5']:
>> break
>> self.md5_sum = hashlib.md5(self.as_string).hexdigest()
>> - if self.md5_sum == download_url['md5_digest']:
>> + if self.md5_sum == download_url['digests']['md5']:
>> break
>> else:
>> if download.__class__ == six.moves.urllib.error.HTTPError:
>> @@ -529,22 +529,23 @@ class BuildrootPackage():
>> path_to_hash = os.path.join(self.pkg_dir, pkg_hash)
>> print('Creating {filename}...'.format(filename=path_to_hash))
>> lines = []
>> - if self.used_url['md5_digest']:
>> - md5_comment = '# md5 from {url}, sha256 locally computed\n'.format(
>> + if self.used_url['digests']['md5'] and self.used_url['digests']['sha256']:
>
> If there is a sha256, there is no point adding the md5.
>
> If there is no sha256 for whatever reason (can this happen?), we don't get any
> hash at all...
>
> So I think this should be (pseudocode):
>
> if self.used_url['digests']['sha256']:
> hash_header = '# sha256 from ...'
> ...
> else if self.used_url['digests']['md5']:
> hash_header = '# md5 from {url}, sha256 locally computed\n'
> # original code
You're right. We don't need md5 at all. And I doubt there are any
packages without sha256 as those checksums will be calculated and put
into JSON automatically (at least I believe it is so). I've seen
sha256 checksum for older package version so it seems to be
consistent.
What do you think?
Yegor
More information about the buildroot
mailing list