Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add filename qualifier to pypi. #170

Merged
merged 4 commits into from
Nov 21, 2024
Merged

Add filename qualifier to pypi. #170

merged 4 commits into from
Nov 21, 2024

Conversation

MarkLodato
Copy link
Contributor

This allows the PURL to specify the exact file that was used.

Fixes #90.

iamwillbar
iamwillbar reviewed Aug 26, 2022
View reviewed changes
PURL-TYPES.rst Outdated Show resolved Hide resolved
@MarkLodato
Add format qualifier to pypi.
be50a0b 
This allows the PURL to specify the specific artifact that was used.

Signed-off-by: Mark Lodato <[email protected]>
@MarkLodato MarkLodato changed the title Add format and tag qualifiers to pypi. Add filename qualifier to pypi. Oct 5, 2023
sethmlarson
sethmlarson reviewed Oct 5, 2023
View reviewed changes
PURL-TYPES.rst Outdated Show resolved Hide resolved
@MarkLodato
Copy link
Contributor Author

@iamwillbar friendly ping :) I think this is ready to be merged if you agree with the changes.

@MarkLodato
Copy link
Contributor Author

Friendly ping. Any chance this can get merged?

@stevespringett
Copy link
Member

@pombredanne there are likely other purl types that could benefit from the filename qualifier. Is this something we want to include as a global qualifier in the next purl spec?

@jkowalleck jkowalleck added the PURL type definition Non-core definitions that describe and standardize PURL types label Oct 17, 2024
@johnmhoran johnmhoran added the Ecma specification Work on the core specification label Nov 5, 2024
@pombredanne
Copy link
Member

@stevespringett you wrote:

There are likely other purl types that could benefit from the filename qualifier. Is this something we want to include as a global qualifier in the next purl spec?

@MarkLodato : @adaaaam and @johnmhoran just pointed to me that we have had a file_name in the spec for a very long time cdf28ff#diff-7b3ed02bc73dc06b7db906cf97aa91dec2b2eb21f2d92bc5caa761df5bbc168fR656 🤦 🤦 🤦 🤦 🤦 🤦 🤦 🤦 🤯

See

purl-spec/PURL-SPECIFICATION.rst

Line 457 in 33d772d

- ``file_name`` is an extra file name of a package archive.

I also pondered using a more specific qualifier for PyPI, as we still have a small problem to consider with a file_name.

  • If I go to PyPI I can know the filename of a sourec distribution or wheel, for instance for numpy: https://pypi.org/project/numpy/#files , we would have this downloadable wheel out of many:

... https://files.pythonhosted.org/packages/05/db/5d9c91b2e1e2e72be1369278f696356d44975befcae830daf2e667dcb54f/numpy-2.1.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

... with this file_name: numpy-2.1.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

... which is for a combination of tags, as specified here: https://packaging.python.org/en/latest/specifications/platform-compatibility-tags/

BUT if I have an installed nupmy wheel, I do not have direct access to the file_name unless I look the installed extracted wheel in site-packages, specifically in the the WHEEL metadata file, for instance at site-packages/numpy-2.1.3.dist-info/WHEEL in an installed numpy environment.

This WHEEL file has these tags:

Tag: cp310-cp310-manylinux_2_17_x86_64
Tag: cp310-cp310-manylinux2014_x86_64

And I would need process the package, version, and these tags to reconstruct a file_name as explained at:

@MarkLodato So to recap, I think we can use the existing file_name qualifier as-is, but we would need to provide guidance on how a tool can reconstruct this from an installed distribution. Can you update this PR along these lines, using file_name and providing some guidance on its usage, including pointers on how to reconstruct a filename from an installed PyPI wheel? This would be wonderful! (Sorry for it taking so long!)

Some examples of these PURLs would be:

@MarkLodato MarkLodato force-pushed the pypi branch 2 times, most recently from 1436b08 to 0f57b4c Compare November 15, 2024 16:00
@MarkLodato
pypi: switch to standard file_name, add links docs
ec6768e 
- Use the standard `file_name` qualifier, not `filename`.
- Link to the Python Packaging User Guide for filename conventions.

Thanks to @pombredanne for the suggestions.

Signed-off-by: Mark Lodato <[email protected]>
@MarkLodato
Copy link
Contributor Author

@pombredanne Thanks for the suggestions! Please take a look at the latest version.

@pombredanne pombredanne mentioned this pull request Nov 21, 2024
Open
pombredanne
pombredanne approved these changes Nov 21, 2024
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MarkLodato Thanks! merging.
I also created #349 as a follow up to provide extra guidance for tools authors.

@pombredanne pombredanne merged commit 23c77c4 into package-url:master Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sethmlarson sethmlarson sethmlarson approved these changes

@pombredanne pombredanne pombredanne approved these changes

@di di di approved these changes

@iamwillbar iamwillbar Awaiting requested review from iamwillbar

Assignees
No one assigned
Labels
Ecma specification Work on the core specification PURL qualifiers component PURL type definition Non-core definitions that describe and standardize PURL types type: pypi
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clarification on how to refer to platform-specific pypi packages
8 participants
@MarkLodato @stevespringett @pombredanne @di @iamwillbar @sethmlarson @jkowalleck @johnmhoran