[gentoo-dev] [PATCH v2 1/2] dev-python/setuptools: allow disabling validation of pypi.org allowed strings

[gentoo-dev] [PATCH v2 1/2] dev-python/setuptools: allow disabling validation of pypi.org allowed strings

[Eli Schwartz]

Trove classifiers, and their officialness, have no effect on a wheel
other than determining whether they are allowed to be uploaded to a
non-Gentoo website, and enabling the search index of that other site.

We don't need this, and we don't need to validate it. Setuptools will
disable validation if both of:

- network downloads failed

- cannot successfully import the `trove_classifiers` module

occurs. If trove-classifiers is installed by coincidence, this breaks
builds when it doesn't get updated on an extremely rapid basis and some
random package in dev-python/* uses a classifier that was made official
just the other day.

We could solve this another way, by making dev-python/setuptools
PDEPEND on trove-classifiers, and constantly bump the >= dependency. But
this is a pointless hassle. In fact, we're actually doing it, and it's
been a pointless hassle. We need to maintain up-to-the-minute minimum
bounds on the very latest version, and bump setuptools to a new -rX just
to update the minimum version of a package it doesn't even depend on. We
need to package new versions of trove-classifiers before *other* Gentoo
Devs outside of the python project, can successfully revbump their own
packages. We need to coordinate stabilization of trove-classifiers in
combination with those other packages. We force people to install a
pointless package. We overuse PDEPEND.

Instead, apply a *rejected* upstream patch to add an environment
variable that skips this specific validation code block entirely.
Upstream doesn't want to maintain code that contains branches, so we
will maintain it locally.

Since it is Gentoo-specific, the variable is also prefixed with GENTOO_
and is expected to be used solely inside of distribution packaging while
not affecting manual usage of setuptools outside of portage.

Bug: https://github.com/pypa/setuptools/issues/4459
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
---

v2: patch setuptools instead of adding a trove_classifiers.py shim

 ...ble-users-to-disable-validating-trov.patch | 65 +++++++++++++++++++
 ...-r1.ebuild => setuptools-74.1.3-r2.ebuild} |  7 +-
 ...2.0.ebuild => setuptools-75.2.0-r1.ebuild} |  7 +-
 ...3.0.ebuild => setuptools-75.3.0-r1.ebuild} |  7 +-
 .../setuptools/setuptools-75.4.0.ebuild       |  1 +
 5 files changed, 69 insertions(+), 18 deletions(-)
 create mode 100644 dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
 rename dev-python/setuptools/{setuptools-74.1.3-r1.ebuild => setuptools-74.1.3-r2.ebuild} (93%)
 rename dev-python/setuptools/{setuptools-75.2.0.ebuild => setuptools-75.2.0-r1.ebuild} (93%)
 rename dev-python/setuptools/{setuptools-75.3.0.ebuild => setuptools-75.3.0-r1.ebuild} (93%)

diff --git a/dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch b/dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
new file mode 100644
index 000000000000..4ab6bbae7af4
--- /dev/null
+++ b/dev-python/setuptools/files/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
@@ -0,0 +1,65 @@
+From f694e474ab3c45af6241a3f2bf575f8188e9cbea Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@gentoo.org>
+Date: Mon, 11 Nov 2024 19:51:54 -0500
+Subject: [PATCH] Allow knowledgeable users to disable validating
+ trove-classifiers
+
+Classifiers are based on a "blessed list" of search terms that are
+allowed on https://pypi.org and need to be regularly kept up to date in
+order to validate them.
+
+Many people don't care about this. Arguably, *no one* cares about this,
+since wheels that have search terms that PyPI doesn't consider popular
+enough will simply fail uploading to PyPI. But also, not everyone wants
+to download new lists of "allowed words" from the internet every time
+they check to see if e.g. pyproject.toml contains a valid format that
+won't traceback when someone tries to read the "name" field and gets an
+integer instead of a string. Or their entrypoints are malformed because
+they aren't a valid python object reference.
+
+This is also an issue because one might have an old version of the
+classifiers cached, and then a new classifier is added to
+https://pypi.org and you want to use it immediately, and the local
+validator in the form of validate_pyproject fails but actually uploading
+a wheel to https://pypi.org would work fine.
+
+Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
+Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
+---
+ .../config/_validate_pyproject/formats.py      | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/setuptools/config/_validate_pyproject/formats.py b/setuptools/config/_validate_pyproject/formats.py
+index 153b1f0b2..50b8520e9 100644
+--- a/setuptools/config/_validate_pyproject/formats.py
++++ b/setuptools/config/_validate_pyproject/formats.py
+@@ -205,15 +205,19 @@ class _TroveClassifier:
+         return value in self.downloaded or value.lower().startswith("private ::")
+ 
+ 
+-try:
+-    from trove_classifiers import classifiers as _trove_classifiers
+-
++if os.getenv("GENTOO_VALIDATE_PYPROJECT_NO_TROVE_CLASSIFIERS"):
+     def trove_classifier(value: str) -> bool:
+-        """See https://pypi.org/classifiers/"""
+-        return value in _trove_classifiers or value.lower().startswith("private ::")
++        return True
++else:
++    try:
++        from trove_classifiers import classifiers as _trove_classifiers
+ 
+-except ImportError:  # pragma: no cover
+-    trove_classifier = _TroveClassifier()
++        def trove_classifier(value: str) -> bool:
++            """See https://pypi.org/classifiers/"""
++            return value in _trove_classifiers or value.lower().startswith("private ::")
++
++    except ImportError:  # pragma: no cover
++        trove_classifier = _TroveClassifier()
+ 
+ 
+ # -------------------------------------------------------------------------------------
+-- 
+2.45.2
+
diff --git a/dev-python/setuptools/setuptools-74.1.3-r1.ebuild b/dev-python/setuptools/setuptools-74.1.3-r2.ebuild
similarity index 93%
rename from dev-python/setuptools/setuptools-74.1.3-r1.ebuild
rename to dev-python/setuptools/setuptools-74.1.3-r2.ebuild
index 9cc97e5921d2..62bcc9708b4a 100644
--- a/dev-python/setuptools/setuptools-74.1.3-r1.ebuild
+++ b/dev-python/setuptools/setuptools-74.1.3-r2.ebuild
@@ -64,20 +64,15 @@ BDEPEND="
 "
 # setuptools-scm is here because installing plugins apparently breaks stuff at
 # runtime, so let's pull it early. See bug #663324.
-#
-# trove-classifiers are optionally used in validation, if they are
-# installed.  Since we really oughtn't block them, let's always enforce
-# the newest version for the time being to avoid errors.
-# https://github.com/pypa/setuptools/issues/4459
 PDEPEND="
 	dev-python/setuptools-scm[${PYTHON_USEDEP}]
-	>=dev-python/trove-classifiers-2024.10.16[${PYTHON_USEDEP}]
 "
 
 src_prepare() {
 	local PATCHES=(
 		# TODO: remove this when we're 100% PEP517 mode
 		"${FILESDIR}/setuptools-62.4.0-py-compile.patch"
+		"${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
 	)
 
 	distutils-r1_src_prepare
diff --git a/dev-python/setuptools/setuptools-75.2.0.ebuild b/dev-python/setuptools/setuptools-75.2.0-r1.ebuild
similarity index 93%
rename from dev-python/setuptools/setuptools-75.2.0.ebuild
rename to dev-python/setuptools/setuptools-75.2.0-r1.ebuild
index c66232a1e7d2..4b06e8451606 100644
--- a/dev-python/setuptools/setuptools-75.2.0.ebuild
+++ b/dev-python/setuptools/setuptools-75.2.0-r1.ebuild
@@ -66,20 +66,15 @@ BDEPEND="
 "
 # setuptools-scm is here because installing plugins apparently breaks stuff at
 # runtime, so let's pull it early. See bug #663324.
-#
-# trove-classifiers are optionally used in validation, if they are
-# installed.  Since we really oughtn't block them, let's always enforce
-# the newest version for the time being to avoid errors.
-# https://github.com/pypa/setuptools/issues/4459
 PDEPEND="
 	dev-python/setuptools-scm[${PYTHON_USEDEP}]
-	>=dev-python/trove-classifiers-2024.10.16[${PYTHON_USEDEP}]
 "
 
 src_prepare() {
 	local PATCHES=(
 		# TODO: remove this when we're 100% PEP517 mode
 		"${FILESDIR}/setuptools-62.4.0-py-compile.patch"
+		"${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
 	)
 
 	distutils-r1_src_prepare
diff --git a/dev-python/setuptools/setuptools-75.3.0.ebuild b/dev-python/setuptools/setuptools-75.3.0-r1.ebuild
similarity index 93%
rename from dev-python/setuptools/setuptools-75.3.0.ebuild
rename to dev-python/setuptools/setuptools-75.3.0-r1.ebuild
index aa6b581cf0dd..4219ae3d4792 100644
--- a/dev-python/setuptools/setuptools-75.3.0.ebuild
+++ b/dev-python/setuptools/setuptools-75.3.0-r1.ebuild
@@ -66,20 +66,15 @@ BDEPEND="
 "
 # setuptools-scm is here because installing plugins apparently breaks stuff at
 # runtime, so let's pull it early. See bug #663324.
-#
-# trove-classifiers are optionally used in validation, if they are
-# installed.  Since we really oughtn't block them, let's always enforce
-# the newest version for the time being to avoid errors.
-# https://github.com/pypa/setuptools/issues/4459
 PDEPEND="
 	dev-python/setuptools-scm[${PYTHON_USEDEP}]
-	>=dev-python/trove-classifiers-2024.10.16[${PYTHON_USEDEP}]
 "
 
 src_prepare() {
 	local PATCHES=(
 		# TODO: remove this when we're 100% PEP517 mode
 		"${FILESDIR}/setuptools-62.4.0-py-compile.patch"
+		"${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
 	)
 
 	distutils-r1_src_prepare
diff --git a/dev-python/setuptools/setuptools-75.4.0.ebuild b/dev-python/setuptools/setuptools-75.4.0.ebuild
index 8bd616a1e315..f4481af68e03 100644
--- a/dev-python/setuptools/setuptools-75.4.0.ebuild
+++ b/dev-python/setuptools/setuptools-75.4.0.ebuild
@@ -80,6 +80,7 @@ src_prepare() {
 	local PATCHES=(
 		# TODO: remove this when we're 100% PEP517 mode
 		"${FILESDIR}/setuptools-62.4.0-py-compile.patch"
+		"${FILESDIR}"/0001-Allow-knowledgeable-users-to-disable-validating-trov.patch
 	)
 
 	distutils-r1_src_prepare
-- 
2.45.2

[gentoo-dev] [PATCH v2 2/2] distutils-r1.eclass: disable setuptools validation of pypi.org allowed strings

[Eli Schwartz]

In the previous commit, a change was patched into setuptools to enable
skipping pypi.org specific validations we do not want. Export the
environment variable which activates this, whenever the build backend is
setuptools.

Bug: https://github.com/pypa/setuptools/issues/4459
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
---
 eclass/distutils-r1.eclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass
index 7ab8dcae3265..4cbe3e091c52 100644
--- a/eclass/distutils-r1.eclass
+++ b/eclass/distutils-r1.eclass
@@ -1360,6 +1360,7 @@ distutils_pep517_install() {
 					EOF
 				)
 			fi
+			local -x GENTOO_VALIDATE_PYPROJECT_NO_TROVE_CLASSIFIERS=1
 			;;
 		sip)
 			if [[ -n ${DISTUTILS_ARGS[@]} ]]; then
-- 
2.45.2