mirror of
https://github.com/flatcar/scripts.git
synced 2025-10-21 04:11:38 +02:00
eclass/pypi: Sync with Gentoo
It's from Gentoo commit 731acc06d17f48ab238354070d5a46d5a1853305. Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot
Krzesimir Nowak
parent
9caab17c1b
commit
0e0af949d1
@ -1,4 +1,4 @@
|
||||
# Copyright 2023-2024 Gentoo Authors
|
||||
# Copyright 2023-2025 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
# @ECLASS: pypi.eclass
|
||||
@ -11,22 +11,31 @@
|
||||
# @DESCRIPTION:
|
||||
# The pypi.eclass can be used to easily obtain URLs for artifacts
|
||||
# uploaded to PyPI.org. When inherited, the eclass defaults SRC_URI
|
||||
# and S to fetch .tar.gz sdist. The project filename is normalized
|
||||
# by default (unless PYPI_NO_NORMALIZE is set prior to inheriting
|
||||
# the eclass), and the version is translated using
|
||||
# and S to fetch .tar.gz sdist. The eclass defaults to using ${PN}
|
||||
# as PyPI project name; PYPI_PN can be set prior to inheriting it
|
||||
# to override that. The source distribution filename is assumed
|
||||
# to be normalized by default; PYPI_NO_NORMALIZE can be set prior
|
||||
# to inherit to override that. The version is translated using
|
||||
# pypi_translate_version.
|
||||
#
|
||||
# If necessary, SRC_URI and S can be overridden by the ebuild. Two
|
||||
# helper functions, pypi_sdist_url and pypi_wheel_url are provided
|
||||
# to generate URLs to artifacts of specified type, with customizable
|
||||
# URL components. Additionally, pypi_wheel_name can be used to generate
|
||||
# wheel filename.
|
||||
# If PYPI_VERIFY_REPO is set to a non-empty value, verify-provenance
|
||||
# flag is added along with necessary BDEPEND. The provenance file
|
||||
# for the default source distribution is added to SRC_URI, and a default
|
||||
# src_unpack() is exported to verify its provenance.
|
||||
#
|
||||
# If necessary, SRC_URI and S can be overridden by the ebuild. Three
|
||||
# helper functions, pypi_sdist_url, pypi_wheel_url
|
||||
# and pypi_provenance_url are provided to generate URLs to artifacts
|
||||
# of specified type, with customizable URL components. Additionally,
|
||||
# pypi_wheel_name can be used to generate the wheel filename.
|
||||
#
|
||||
# pypi_normalize_name can be used to normalize an arbitrary project name
|
||||
# according to sdist/wheel normalization rules. pypi_translate_version
|
||||
# can be used to translate a Gentoo version string into its PEP 440
|
||||
# equivalent.
|
||||
#
|
||||
# pypi_verify_provenance can be used to verify the provenance directly.
|
||||
#
|
||||
# @EXAMPLE:
|
||||
# @CODE
|
||||
# inherit pypi
|
||||
@ -63,6 +72,15 @@ _PYPI_ECLASS=1
|
||||
# @CODE
|
||||
: "${PYPI_PN:=${PN}}"
|
||||
|
||||
# @ECLASS_VARIABLE: PYPI_VERIFY_REPO
|
||||
# @DEFAULT_UNSET
|
||||
# @PRE_INHERIT
|
||||
# @DESCRIPTION:
|
||||
# The repository to verify provenance against. If set to a non-empty
|
||||
# value, the eclass will add a "verify-provenance" flag that can be used
|
||||
# to download the provenance for the distribution, and verify it
|
||||
# against the provenance and the specified repository.
|
||||
|
||||
# @FUNCTION: _pypi_normalize_name
|
||||
# @INTERNAL
|
||||
# @USAGE: <name>
|
||||
@ -161,7 +179,7 @@ _pypi_sdist_url() {
|
||||
# generated using build systems that did not follow PEP 625
|
||||
# (i.e. the sdist name contains uppercase letters, hyphens or dots).
|
||||
#
|
||||
# If <package> is unspecified, it defaults to ${PYPI_PN}. The package
|
||||
# If <project> is unspecified, it defaults to ${PYPI_PN}. The package
|
||||
# name is normalized according to the specification unless
|
||||
# `--no-normalize` is passed.
|
||||
#
|
||||
@ -183,7 +201,7 @@ pypi_sdist_url() {
|
||||
# @DESCRIPTION:
|
||||
# Output the wheel filename for the specified project/version tuple.
|
||||
#
|
||||
# If <package> is unspecified, it defaults to ${PYPI_PN}. The package
|
||||
# If <project> is unspecified, it defaults to ${PYPI_PN}. The package
|
||||
# name is normalized according to the wheel specification.
|
||||
#
|
||||
# If <version> is unspecified, it defaults to ${PV} translated
|
||||
@ -221,7 +239,7 @@ pypi_wheel_name() {
|
||||
# the wheel contents will be unpacked straight into ${WORKDIR}.
|
||||
# You need to add a BDEPEND on app-arch/unzip.
|
||||
#
|
||||
# If <package> is unspecified, it defaults to ${PYPI_PN}.
|
||||
# If <project> is unspecified, it defaults to ${PYPI_PN}.
|
||||
#
|
||||
# If <version> is unspecified, it defaults to ${PV} translated
|
||||
# via pypi_translate_version. If it is specified, then it is used
|
||||
@ -257,6 +275,76 @@ pypi_wheel_url() {
|
||||
fi
|
||||
}
|
||||
|
||||
# @FUNCTION: _pypi_provenance_url
|
||||
# @INTERNAL
|
||||
# @USAGE: <dist> [<project> [<version>]]
|
||||
# @DESCRIPTION:
|
||||
# Internal function to generate provenance URL for <dist>, using
|
||||
# specified <project> and <version>. Returns the result
|
||||
# via _PYPI_ATTESTATION_URL.
|
||||
_pypi_provenance_url() {
|
||||
if [[ ${#} -lt 1 || ${#} -gt 3 ]]; then
|
||||
die "Usage: ${FUNCNAME} <dist> [<project> [<version>]]"
|
||||
fi
|
||||
|
||||
local dist=${1}
|
||||
local project=${2-"${PYPI_PN}"}
|
||||
local version=${3-"$(pypi_translate_version "${PV}")"}
|
||||
_PYPI_ATTESTATION_URL="https://pypi.org/integrity/${project}/v${version}/${dist}/provenance"
|
||||
}
|
||||
|
||||
# @FUNCTION: pypi_provenance_url
|
||||
# @USAGE: <dist> [<project> [<version>]]
|
||||
# @DESCRIPTION:
|
||||
# Output the URL to PyPI provenance for the specified artifact.
|
||||
pypi_provenance_url() {
|
||||
local _PYPI_PROVENANCE_URL
|
||||
_pypi_provenance_url "${@}"
|
||||
echo "${_PYPI_PROVENANCE_URL}"
|
||||
}
|
||||
|
||||
# @FUNCTION: pypi_verify_provenance
|
||||
# @USAGE: <dist> <provenance> [<repo>]
|
||||
# @DESCRIPTION:
|
||||
# Verify the specified artifact's provenance. <dist> is the path
|
||||
# to the artifact to verify, while <provenance> is the provenance file.
|
||||
#
|
||||
# The function defaults to using PYPI_VERIFY_REPO as the expected
|
||||
# repository URL. This can be overridden by specfying <repo>.
|
||||
#
|
||||
# The function dies on verification failure.
|
||||
pypi_verify_provenance() {
|
||||
if [[ ${#} -lt 2 || ${#} -gt 3 ]]; then
|
||||
die "Usage: ${FUNCNAME} <dist> <provenance> [<repo>]"
|
||||
fi
|
||||
|
||||
local dist=${1}
|
||||
local provenance=${2}
|
||||
local repo=${3-"${PYPI_VERIFY_REPO}"}
|
||||
|
||||
einfo "Verifying ${dist##*/} ..."
|
||||
pypi-attestations verify pypi --offline \
|
||||
--repository "${repo}" \
|
||||
--provenance-file "${provenance}" \
|
||||
"${dist}" ||
|
||||
die "Provenance verification failed for ${dist##*/}"
|
||||
}
|
||||
|
||||
# @FUNCTION: pypi_src_unpack
|
||||
# @DESCRIPTION:
|
||||
# A src_unpack implementation that verifies provenances. Exported only
|
||||
# with PYPI_VERIFY_REPO.
|
||||
pypi_src_unpack() {
|
||||
if use verify-provenance; then
|
||||
local sdist_url=$(pypi_sdist_url)
|
||||
local filename=${sdist_url##*/}
|
||||
|
||||
pypi_verify_provenance "${DISTDIR}/${filename}"{,.provenance}
|
||||
fi
|
||||
|
||||
default
|
||||
}
|
||||
|
||||
# @FUNCTION: _pypi_set_globals
|
||||
# @INTERNAL
|
||||
# @DESCRIPTION:
|
||||
@ -276,8 +364,31 @@ _pypi_set_globals() {
|
||||
fi
|
||||
|
||||
SRC_URI=${_PYPI_SDIST_URL}
|
||||
|
||||
if [[ -n ${PYPI_VERIFY_REPO} ]]; then
|
||||
local dist=${_PYPI_SDIST_URL##*/}
|
||||
local _PYPI_ATTESTATION_URL
|
||||
_pypi_provenance_url "${dist}" "${PYPI_PN}" \
|
||||
"${_PYPI_TRANSLATED_VERSION}"
|
||||
|
||||
IUSE="verify-provenance"
|
||||
SRC_URI+="
|
||||
verify-provenance? (
|
||||
${_PYPI_ATTESTATION_URL} -> ${dist}.provenance
|
||||
)
|
||||
"
|
||||
BDEPEND="
|
||||
verify-provenance? (
|
||||
dev-python/pypi-attestations
|
||||
)
|
||||
"
|
||||
fi
|
||||
}
|
||||
|
||||
_pypi_set_globals
|
||||
|
||||
if [[ -n ${PYPI_VERIFY_REPO} ]]; then
|
||||
EXPORT_FUNCTIONS src_unpack
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user