From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3AD6D158042 for ; Tue, 12 Nov 2024 18:38:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DB3C4E0801; Tue, 12 Nov 2024 18:38:01 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 98578E07EF for ; Tue, 12 Nov 2024 18:38:01 +0000 (UTC) Message-ID: Subject: Re: [gentoo-dev] [PATCH 1/2] distutils-r1.eclass: disable setuptools validation of pypi.org allowed strings From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Tue, 12 Nov 2024 19:37:56 +0100 In-Reply-To: <20241112172117.2176777-1-eschwartz@gentoo.org> References: <20241112172117.2176777-1-eschwartz@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-UZm7josyrHLPYItrM8NT" User-Agent: Evolution 3.52.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: de463069-efa6-446f-b27c-cfabbbcd049d X-Archives-Hash: a26f11652a777c2ecd78d39d7e6db2fd --=-UZm7josyrHLPYItrM8NT Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2024-11-12 at 12:21 -0500, Eli Schwartz wrote: > Trove classifiers, and their officialness, have no effect on a wheel > other than determining whether they are allowed to be uploaded to a > non-Gentoo website, and enabling the search index of that other site. >=20 > We don't need this, and we don't need to validate it. Setuptools will > disable validation if both of: >=20 > - network downloads failed >=20 > - cannot successfully import the `trove_classifiers` module >=20 > occurs. If trove-classifiers is installed by coincidence, this breaks > builds when it doesn't get updated on an extremely rapid basis and some > random package in dev-python/* uses a classifier that was made official > just the other day. >=20 > We could solve this another way, by making dev-python/setuptools > PDEPEND on trove-classifiers, and constantly bump the >=3D dependency. Bu= t > this is a pointless hassle. In fact, we're actually doing it, and it's > been a pointless hassle. We need to maintain up-to-the-minute minimum > bounds on the very latest version, and bump setuptools to a new -rX just > to update the minimum version of a package it doesn't even depend on. We > need to package new versions of trove-classifiers before *other* Gentoo > Devs outside of the python project, can successfully revbump their own > packages. We need to coordinate stabilization of trove-classifiers in > combination with those other packages. We force people to install a > pointless package. We overuse PDEPEND. >=20 > Instead, prevent the module from being successfully imported if the > package being built, doesn't actually depend on it. Then we don't > actually need it to be installed, and all is well. This can be done at > the small cost of installing a fake "trove_classifiers" module and > mutating PYTHONPATH. It is inelegant and meh, but upstream has stated > that they will not implement a real fix. >=20 > Bug: https://github.com/pypa/setuptools/issues/4459 > Signed-off-by: Eli Schwartz > --- > eclass/distutils-r1.eclass | 11 +++++++++++ > 1 file changed, 11 insertions(+) >=20 > diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass > index 7ab8dcae3265..9b9ba4b803ac 100644 > --- a/eclass/distutils-r1.eclass > +++ b/eclass/distutils-r1.eclass > @@ -1360,6 +1360,17 @@ distutils_pep517_install() { > EOF > ) > fi > + if [[ ${BDEPEND} !=3D *dev-python/trove-classifiers* ]]; then It's not valid to access stacked variables like BDEPEND from ebuilds. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-UZm7josyrHLPYItrM8NT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQFGBAABCgAwFiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAmczoIQSHG1nb3JueUBn ZW50b28ub3JnAAoJEGOa2uIyniQOPZgIAM6+o6/KMZmcRe8cMrVt8MiiHieT8kJm LtKfXQcfA8NnPl/HEtDvS0uLxeswazm6b0Ms70ju5WPP61CjhGzICiXtvLu0yyUJ gAcQ/MwRYMf/FaBgLtI/p3J7nclVySo0j8s6EJc46ie43ydO9cPp+NYKB4psdGlj z77MbfsvgVqVBn8u3PKPM5SAGmlwvsCY5I5V/FiBOTjj/ZcqknjX5srJEXgnV74o 3QO6a9EppX+nKZp7ee6X0GPEwv4d92G+aFn0iI2Pvlp0+j7IGrW0DZDEmz0Wpudv RxmVAnDJSZafJX7LC3mwiyPfgkzjM/CBKK9zpb3MtSYIDoyyIUMolBs= =2KSF -----END PGP SIGNATURE----- --=-UZm7josyrHLPYItrM8NT--