Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v0.2.7 requires latest hatchling #6

Closed
FelixSchwarz opened this issue Nov 20, 2024 · 5 comments
Closed

v0.2.7 requires latest hatchling #6

FelixSchwarz opened this issue Nov 20, 2024 · 5 comments

Comments

@FelixSchwarz
Copy link

In 0.2.7 you started to require hatchling 1.26.3 which was released just a week ago:

requires = ["hatchling>=1.26.3","setuptools >= 40.6.0", "wheel"]

Fedora uses modern tools but not that modern: https://src.fedoraproject.org/rpms/python-hatchling

Do you really need 1.26.3 or can we maybe use 1.21 which is the current version for Fedora 41 (and RHEL 9)?

Besides: Are you sure you need both setuptools AND hatchling? Also it would be nice if the license file is declared in pyproject.toml as this would declare the license properly in the built RPM (at least with the setuptools backend, not sure about hatchling.

@yaroslaff
Copy link
Owner

Probably something changed in pypi, but my old pyproject.toml with my old virtualenv (with old hatchling) stopped working (and I upgraded hatchling and maybe changed pyproject.toml to make it work again).

Now I recreated that situation, I pinned hatchling to 1.21.1 for test, hatch build worked but hatch upload gave error:

dist/showcert-0.2.10-py3-none-any.whl ... failed
Error uploading to repository: https://upload.pypi.org/legacy/ - Client error '400 license-file introduced in metadata version 2.4, not 2.1. See https://packaging.python.org/specifications/core-metadata for more information.' for url 'https://upload.pypi.org/legacy/'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400

I played with license key in [project] section, and with license-files in bottom of file, but anyway it gave this error. Probably we need to use latest hatchling if we want to have license-files specified in project? Even if I commented everything related to license (and renamed LICENSE file to LICENSE-) but pinned hatchling to 1.21.1, I'm getting this problem. Maybe you know the reason? Here is current pyproject.toml file. You can change package name to abracadabra-not-showcert and try to upload it to pypi if you want.

I do not understand why/how hatchling adds license-file to metadata out of nowhere.

[build-system]
# requires = ["setuptools >= 40.6.0", "wheel"]
# requires = ["hatchling>=1.26.3","setuptools >= 40.6.0", "wheel"]
requires = ["hatchling==1.21.1", "wheel"]

# build-backend = "setuptools.build_meta"
build-backend = "hatchling.build"

[project]
name="showcert"
# license = "MIT"
# license = { file = "LICENSE" }
dynamic = [ "version" ]
keywords = [ "SSL", "TLS", "certificate", "verify", "remote", "local", "X.509", "X509", "simple", 
  "openssl", "alternative", "CA", "generate", "showcert", "gencert" ]

dependencies = [
    'cryptography >= 41.0.0',
    'pyopenssl >= 21.0.0',
    'pem >= 23.1.0',
    'certifi >= 2018.10.15'
]
authors = [
  { name="Yaroslav Polyakov", email="[email protected]" },
]
description = "Simple OpenSSL for humans: all you need for X.509 TLS certificates (and nothing more)"
readme = "README.md"
requires-python = ">=3.8"
classifiers = [
    "Programming Language :: Python :: 3",
#    "License :: OSI Approved :: MIT License",
    "Operating System :: OS Independent",
    "Topic :: Security :: Cryptography"
]

[project.urls]
Homepage = "https://github.com/yaroslaff/showcert"
Issues = "https://github.com/yaroslaff/showcert/issues"


[project.scripts]
showcert = "showcert.showcert:main"
gencert = "showcert.gencert:main"

[tool.hatch.version]
# path = 'showcert:showcert/__main__.py'
path = 'showcert/__init__.py'

[tool.hatch.metadata]
# license-files = ["LICENSE"]

for setuptools - it was not needed, I just added it because nothing worked so I tried every stupid thing hoping something will finally work.

@FelixSchwarz
Copy link
Author

Hmm, I never really worked with hatchling. For my personal projects, I just stick to setuptools + setup.cfg, building wheels using uv build --wheel + twine upload. That works beautifully.

I just added showcert 0.2.11 to Fedora (rawhide) which has all the latest versions. Even without explicit license files setting, the Fedora RPM gets the right licensing information.

The pypi rejection seems to be a well-known problem in hatchling, see for example pypa/hatch#1786 (comment)

@FelixSchwarz
Copy link
Author

More precisely, the relevant commit is likely pypa/hatch@1867a90

@yaroslaff
Copy link
Owner

Thank you!

Just to clarify (maybe you know it) - (latest) hatchling is needed only to build package which would be accepted by pypi. Any random Fedora user do not need hatch/hatchling to use showcert.

As I understand, hatch checks [build-system] requires=... and (if needed) installs proper packages into isolated build environment (something similar to virtualenv, but not exactly). So, if machine connected to internet, even with old hatch packages it will pull correct hatchling and correctly build showcert.

I had a slightly different problem with hatch/pypi,

Error uploading to repository: https://upload.pypi.org/legacy/ - Client error '400 license-file introduced in metadata version 2.4, not 2.1. See https://packaging.python.org/specifications/core-metadata for more information.' for url 'https://upload.pypi.org/legacy/'

fortunately, I was given a solution to specify proper required version of hatchling in build-system > requires (because otherwise old cached hatchling was used). Old version produced medatada with version set to 2.3 , but actually it was 2.4 format. While packages were good enough to install and use, pypi rejected it.

pypa/hatch#1856 (comment)

@FelixSchwarz
Copy link
Author

Just to clarify (maybe you know it) - (latest) hatchling is needed only to build package which would be accepted by pypi. Any random Fedora user do not need hatch/hatchling to use showcert.

Sure but for Fedora packages we have to build from source. Every bit we ship in Fedora must be built on Fedora infrastructure. We must not use any wheels, pyc files, not even metadata in .egg-info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants