iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
python-peps/pep-0625/index.html

305 lines
22 KiB
HTML
Raw Permalink Normal View History

Deploying to gh-pages from @ python/peps@334ba7871eafb26d7edfd21c05c0527b74ee3c74 🚀
2025-01-22 04:42:51 -05:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="color-scheme" content="light dark">
<title>PEP 625 Filename of a Source Distribution | peps.python.org</title>
<link rel="shortcut icon" href="../_static/py.png">
<link rel="canonical" href="https://peps.python.org/pep-0625/">
<link rel="stylesheet" href="../_static/style.css" type="text/css">
<link rel="stylesheet" href="../_static/mq.css" type="text/css">
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" media="(prefers-color-scheme: light)" id="pyg-light">
<link rel="stylesheet" href="../_static/pygments_dark.css" type="text/css" media="(prefers-color-scheme: dark)" id="pyg-dark">
<link rel="alternate" type="application/rss+xml" title="Latest PEPs" href="https://peps.python.org/peps.rss">
<meta property="og:title" content='PEP 625 Filename of a Source Distribution | peps.python.org'>
<meta property="og:description" content="This PEP describes a standard naming scheme for a Source Distribution, also known as an sdist. An sdist is distinct from an arbitrary archive file containing source code of Python packages, and can be used to communicate information about the distributi...">
<meta property="og:type" content="website">
<meta property="og:url" content="https://peps.python.org/pep-0625/">
<meta property="og:site_name" content="Python Enhancement Proposals (PEPs)">
<meta property="og:image" content="https://peps.python.org/_static/og-image.png">
<meta property="og:image:alt" content="Python PEPs">
<meta property="og:image:width" content="200">
<meta property="og:image:height" content="200">
<meta name="description" content="This PEP describes a standard naming scheme for a Source Distribution, also known as an sdist. An sdist is distinct from an arbitrary archive file containing source code of Python packages, and can be used to communicate information about the distributi...">
<meta name="theme-color" content="#3776ab">
</head>
<body>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
<symbol id="svg-sun-half" viewBox="0 0 24 24" pointer-events="all">
<title>Following system colour scheme</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none"
stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<circle cx="12" cy="12" r="9"></circle>
<path d="M12 3v18m0-12l4.65-4.65M12 14.3l7.37-7.37M12 19.6l8.85-8.85"></path>
</svg>
</symbol>
<symbol id="svg-moon" viewBox="0 0 24 24" pointer-events="all">
<title>Selected dark colour scheme</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none"
stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
<path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z"></path>
</svg>
</symbol>
<symbol id="svg-sun" viewBox="0 0 24 24" pointer-events="all">
<title>Selected light colour scheme</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none"
stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<circle cx="12" cy="12" r="5"></circle>
<line x1="12" y1="1" x2="12" y2="3"></line>
<line x1="12" y1="21" x2="12" y2="23"></line>
<line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
<line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
<line x1="1" y1="12" x2="3" y2="12"></line>
<line x1="21" y1="12" x2="23" y2="12"></line>
<line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
<line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
</svg>
</symbol>
</svg>
<script>
document.documentElement.dataset.colour_scheme = localStorage.getItem("colour_scheme") || "auto"
</script>
<section id="pep-page-section">
<header>
<h1>Python Enhancement Proposals</h1>
<ul class="breadcrumbs">
<li><a href="https://www.python.org/" title="The Python Programming Language">Python</a> &raquo; </li>
<li><a href="../pep-0000/">PEP Index</a> &raquo; </li>
<li>PEP 625</li>
</ul>
<button id="colour-scheme-cycler" onClick="setColourScheme(nextColourScheme())">
<svg aria-hidden="true" class="colour-scheme-icon-when-auto"><use href="#svg-sun-half"></use></svg>
<svg aria-hidden="true" class="colour-scheme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg aria-hidden="true" class="colour-scheme-icon-when-light"><use href="#svg-sun"></use></svg>
<span class="visually-hidden">Toggle light / dark / auto colour theme</span>
</button>
</header>
<article>
<section id="pep-content">
<h1 class="page-title">PEP 625 Filename of a Source Distribution</h1>
<dl class="rfc2822 field-list simple">
<dt class="field-odd">Author<span class="colon">:</span></dt>
<dd class="field-odd">Tzu-ping Chung &lt;uranusjr&#32;&#97;t&#32;gmail.com&gt;,
Paul Moore &lt;p.f.moore&#32;&#97;t&#32;gmail.com&gt;</dd>
<dt class="field-even">PEP-Delegate<span class="colon">:</span></dt>
<dd class="field-even">Pradyun Gedam &lt;pradyunsg&#32;&#97;t&#32;gmail.com&gt;</dd>
<dt class="field-odd">Discussions-To<span class="colon">:</span></dt>
<dd class="field-odd"><a class="reference external" href="https://discuss.python.org/t/draft-pep-file-name-of-a-source-distribution/4686">Discourse thread</a></dd>
<dt class="field-even">Status<span class="colon">:</span></dt>
<dd class="field-even"><abbr title="Normative proposal accepted for implementation">Accepted</abbr></dd>
<dt class="field-odd">Type<span class="colon">:</span></dt>
<dd class="field-odd"><abbr title="Normative PEP with a new feature for Python, implementation change for CPython or interoperability standard for the ecosystem">Standards Track</abbr></dd>
<dt class="field-even">Topic<span class="colon">:</span></dt>
<dd class="field-even"><a class="reference external" href="../topic/packaging/">Packaging</a></dd>
<dt class="field-odd">Created<span class="colon">:</span></dt>
<dd class="field-odd">08-Jul-2020</dd>
<dt class="field-even">Post-History<span class="colon">:</span></dt>
<dd class="field-even">08-Jul-2020</dd>
<dt class="field-odd">Resolution<span class="colon">:</span></dt>
<dd class="field-odd"><a class="reference external" href="https://discuss.python.org/t/pep-625-file-name-of-a-source-distribution/4686/159">Discourse message</a></dd>
</dl>
<hr class="docutils" />
<section id="contents">
<details><summary>Table of Contents</summary><ul class="simple">
<li><a class="reference internal" href="#abstract">Abstract</a></li>
<li><a class="reference internal" href="#motivation">Motivation</a></li>
<li><a class="reference internal" href="#rationale">Rationale</a></li>
<li><a class="reference internal" href="#specification">Specification</a></li>
<li><a class="reference internal" href="#backwards-compatibility">Backwards Compatibility</a></li>
<li><a class="reference internal" href="#rejected-ideas">Rejected Ideas</a><ul>
<li><a class="reference internal" href="#rely-on-the-specification-for-sdist-metadata">Rely on the specification for sdist metadata</a></li>
<li><a class="reference internal" href="#use-a-dedicated-file-extension">Use a dedicated file extension</a></li>
<li><a class="reference internal" href="#augment-a-currently-common-sdist-naming-scheme">Augment a currently common sdist naming scheme</a></li>
</ul>
</li>
<li><a class="reference internal" href="#open-issues">Open Issues</a></li>
<li><a class="reference internal" href="#copyright">Copyright</a></li>
</ul>
</details></section>
<section id="abstract">
<h2><a class="toc-backref" href="#abstract" role="doc-backlink">Abstract</a></h2>
<p>This PEP describes a standard naming scheme for a Source Distribution, also
known as an <em>sdist</em>. An sdist is distinct from an arbitrary archive file
containing source code of Python packages, and can be used to communicate
information about the distribution to packaging tools.</p>
<p>A standard sdist specified here is a gzipped tar file with a specially
formatted filename and the usual <code class="docutils literal notranslate"><span class="pre">.tar.gz</span></code> suffix. This PEP does not specify
the contents of the tarball, as that is covered in other specifications.</p>
</section>
<section id="motivation">
<h2><a class="toc-backref" href="#motivation" role="doc-backlink">Motivation</a></h2>
<p>An sdist is a Python package distribution that contains “source code” of the
Python package, and requires a build step to be turned into a wheel on
installation. This format is often considered as an unbuilt counterpart of a
<a class="pep reference internal" href="../pep-0427/" title="PEP 427 The Wheel Binary Package Format 1.0">PEP 427</a> wheel, and given special treatments in various parts of the
packaging ecosystem.</p>
<p>The content of an sdist is specified in <a class="pep reference internal" href="../pep-0517/" title="PEP 517 A build-system independent format for source trees">PEP 517</a> and <a class="pep reference internal" href="../pep-0643/" title="PEP 643 Metadata for Package Source Distributions">PEP 643</a>, but currently
the filename of the sdist is incompletely specified, meaning that consumers
of the format must download and process the sdist to confirm the name and
version of the distribution included within.</p>
<p>Installers currently rely on heuristics to infer the name and/or version from
the filename, to help the installation process. pip, for example, parses the
filename of an sdist from a <a class="pep reference internal" href="../pep-0503/" title="PEP 503 Simple Repository API">PEP 503</a> index, to obtain the distributions
project name and version for dependency resolution purposes. But due to the
lack of specification, the installer does not have any guarantee as to the
correctness of the inferred data, and must verify it at some point by locally
building the distribution metadata.</p>
<p>This build step is awkward for a certain class of operations, when the user
does not expect the build process to occur. <a class="reference external" href="https://github.com/pypa/pip/issues/8387">pypa/pip#8387</a> describes an
example. The command <code class="docutils literal notranslate"><span class="pre">pip</span> <span class="pre">download</span> <span class="pre">--no-deps</span> <span class="pre">--no-binary=numpy</span> <span class="pre">numpy</span></code> is
expected to only download an sdist for numpy, since we do not need to check
for dependencies, and both the name and version are available by introspecting
the downloaded filename. pip, however, cannot assume the downloaded archive
follows the convention, and must build and check the metadata. For a <a class="pep reference internal" href="../pep-0518/" title="PEP 518 Specifying Minimum Build System Requirements for Python Projects">PEP 518</a>
project, this means running the <code class="docutils literal notranslate"><span class="pre">prepare_metadata_for_build_wheel</span></code> hook
specified in <a class="pep reference internal" href="../pep-0517/" title="PEP 517 A build-system independent format for source trees">PEP 517</a>, which incurs significant overhead.</p>
</section>
<section id="rationale">
<h2><a class="toc-backref" href="#rationale" role="doc-backlink">Rationale</a></h2>
<p>By creating a special filename scheme for the sdist format, this PEP frees up
tools from the time-consuming metadata verification step when they only need
the metadata available in the filename.</p>
<p>This PEP also serves as the formal specification to the long-standing
filename convention used by the current sdist implementations. The filename
contains the distribution name and version, to aid tools identifying a
distribution without needing to download, unarchive the file, and perform
costly metadata generation for introspection, if all the information they need
is available in the filename.</p>
</section>
<section id="specification">
<h2><a class="toc-backref" href="#specification" role="doc-backlink">Specification</a></h2>
<p>The name of an sdist should be <code class="docutils literal notranslate"><span class="pre">{distribution}-{version}.tar.gz</span></code>.</p>
<ul class="simple">
<li><code class="docutils literal notranslate"><span class="pre">distribution</span></code> is the name of the distribution as defined in <a class="pep reference internal" href="../pep-0345/" title="PEP 345 Metadata for Python Software Packages 1.2">PEP 345</a>,
and normalised as described in <a class="reference external" href="https://packaging.python.org/en/latest/specifications/binary-distribution-format/">the wheel spec</a> e.g. <code class="docutils literal notranslate"><span class="pre">'pip'</span></code>,
<code class="docutils literal notranslate"><span class="pre">'flit_core'</span></code>.</li>
<li><code class="docutils literal notranslate"><span class="pre">version</span></code> is the version of the distribution as defined in <a class="pep reference internal" href="../pep-0440/" title="PEP 440 Version Identification and Dependency Specification">PEP 440</a>,
e.g. <code class="docutils literal notranslate"><span class="pre">20.2</span></code>, and normalised according to the rules in that PEP.</li>
</ul>
<p>An sdist must be a gzipped tar archive in pax format, that is able to be
extracted by the standard library <code class="docutils literal notranslate"><span class="pre">tarfile</span></code> module with the open flag
<code class="docutils literal notranslate"><span class="pre">'r:gz'</span></code>.</p>
<p>Code that produces an sdist file MUST give the file a name that matches this
specification. The specification of the <code class="docutils literal notranslate"><span class="pre">build_sdist</span></code> hook from <a class="pep reference internal" href="../pep-0517/" title="PEP 517 A build-system independent format for source trees">PEP 517</a> is
extended to require this naming convention.</p>
<p>Code that processes sdist files MAY determine the distribution name and version
by simply parsing the filename, and is not required to verify that information
by generating or reading the metadata from the sdist contents.</p>
<p>Conforming sdist files can be recognised by the presence of the <code class="docutils literal notranslate"><span class="pre">.tar.gz</span></code>
suffix and a <em>single</em> hyphen in the filename. Note that some legacy files may
also match these criteria, but this is not expected to be an issue in practice.
See the “Backwards Compatibility” section of this document for more details.</p>
</section>
<section id="backwards-compatibility">
<h2><a class="toc-backref" href="#backwards-compatibility" role="doc-backlink">Backwards Compatibility</a></h2>
<p>The new filename scheme is a subset of the current informal naming
convention for sdist files, so tools that create or publish files conforming
to this standard will be readable by older tools that only understand the
previous naming conventions.</p>
<p>Tools that consume sdist filenames would technically not be able to determine
whether a file is using the new standard or a legacy form. However, a review
of the filenames on PyPI determined that 37% of files are obviously legacy
(because they contain multiple or no hyphens) and of the remainder, parsing
according to this PEP gives the correct answer in all but 0.004% of cases.</p>
<p>Currently, tools that consume sdists should, if they are to be fully correct,
treat the name and version parsed from the filename as provisional, and verify
them by downloading the file and generating the actual metadata (or reading it,
if the sdist conforms to <a class="pep reference internal" href="../pep-0643/" title="PEP 643 Metadata for Package Source Distributions">PEP 643</a>). Tools supporting this specification can
treat the name and version from the filename as definitive. In theory, this
could risk mistakes if a legacy filename is assumed to conform to this PEP,
but in practice the chance of this appears to be vanishingly small.</p>
</section>
<section id="rejected-ideas">
<h2><a class="toc-backref" href="#rejected-ideas" role="doc-backlink">Rejected Ideas</a></h2>
<section id="rely-on-the-specification-for-sdist-metadata">
<h3><a class="toc-backref" href="#rely-on-the-specification-for-sdist-metadata" role="doc-backlink">Rely on the specification for sdist metadata</a></h3>
<p>Since this PEP was first written, <a class="pep reference internal" href="../pep-0643/" title="PEP 643 Metadata for Package Source Distributions">PEP 643</a> has been accepted, defining a
trustworthy, standard sdist metadata format. This allows distribution metadata
(and in particular name and version) to be determined statically.</p>
<p>This is not considered sufficient, however, as in a number of significant
cases (for example, reading filenames from a package index) the application
only has access to the filename, and reading metadata would involve a
potentially costly download.</p>
</section>
<section id="use-a-dedicated-file-extension">
<h3><a class="toc-backref" href="#use-a-dedicated-file-extension" role="doc-backlink">Use a dedicated file extension</a></h3>
<p>The original version of this PEP proposed a filename of
<code class="docutils literal notranslate"><span class="pre">{distribution}-{version}.sdist</span></code>. This has the advantage of being explicit,
as well as allowing a future change to the storage format without needing a
further change of the file naming convention.</p>
<p>However, there are significant compatibility issues with a new extension. Index
servers may currently disallow unknown extensions, and if we introduced a new
one, it is not clear how to handle cases like a legacy index trying to mirror an
index that hosts new-style sdists. Is it acceptable to only partially mirror,
omitting sdists for newer versions of projects? Also, build backends that produce
the new format would be incompaible with index servers that only accept the old
format, and as there is often no way for a user to request an older version of a
backend when doing a build, this could make it impossible to build and upload
sdists.</p>
</section>
<section id="augment-a-currently-common-sdist-naming-scheme">
<h3><a class="toc-backref" href="#augment-a-currently-common-sdist-naming-scheme" role="doc-backlink">Augment a currently common sdist naming scheme</a></h3>
<p>A scheme <code class="docutils literal notranslate"><span class="pre">{distribution}-{version}.sdist.tar.gz</span></code> was raised during the
initial discussion. This was abandoned due to backwards compatibility issues
with currently available installation tools. pip 20.1, for example, would
parse <code class="docutils literal notranslate"><span class="pre">distribution-1.0.sdist.tar.gz</span></code> as project <code class="docutils literal notranslate"><span class="pre">distribution</span></code> with
version <code class="docutils literal notranslate"><span class="pre">1.0.sdist</span></code>. This would cause the sdist to be downloaded, but fail to
install due to inconsistent metadata.</p>
<p>The main advantage of this proposal was that it is easier for tools to
recognise the new-style naming. But this is not a particularly significant
benefit, given that all sdists with a single hyphen in the name are parsed
the same way under the old and new rules.</p>
</section>
</section>
<section id="open-issues">
<h2><a class="toc-backref" href="#open-issues" role="doc-backlink">Open Issues</a></h2>
<p>The contents of an sdist are required to contain a single top-level directory
named <code class="docutils literal notranslate"><span class="pre">{name}-{version}</span></code>. Currently no normalisation rules are required
for the components of this name. Should this PEP require that the same normalisation
rules are applied here as for the filename? Note that in practice, it is likely
that tools will create the two names using the same code, so normalisation is
likely to happen naturally, even if it is not explicitly required.</p>
</section>
<section id="copyright">
<h2><a class="toc-backref" href="#copyright" role="doc-backlink">Copyright</a></h2>
<p>This document is placed in the public domain or under the CC0-1.0-Universal
license, whichever is more permissive.</p>
</section>
</section>
<hr class="docutils" />
<p>Source: <a class="reference external" href="https://github.com/python/peps/blob/main/peps/pep-0625.rst">https://github.com/python/peps/blob/main/peps/pep-0625.rst</a></p>
<p>Last modified: <a class="reference external" href="https://github.com/python/peps/commits/main/peps/pep-0625.rst">2023-09-09 17:39:29 GMT</a></p>
</article>
<nav id="pep-sidebar">
<h2>Contents</h2>
<ul>
<li><a class="reference internal" href="#abstract">Abstract</a></li>
<li><a class="reference internal" href="#motivation">Motivation</a></li>
<li><a class="reference internal" href="#rationale">Rationale</a></li>
<li><a class="reference internal" href="#specification">Specification</a></li>
<li><a class="reference internal" href="#backwards-compatibility">Backwards Compatibility</a></li>
<li><a class="reference internal" href="#rejected-ideas">Rejected Ideas</a><ul>
<li><a class="reference internal" href="#rely-on-the-specification-for-sdist-metadata">Rely on the specification for sdist metadata</a></li>
<li><a class="reference internal" href="#use-a-dedicated-file-extension">Use a dedicated file extension</a></li>
<li><a class="reference internal" href="#augment-a-currently-common-sdist-naming-scheme">Augment a currently common sdist naming scheme</a></li>
</ul>
</li>
<li><a class="reference internal" href="#open-issues">Open Issues</a></li>
<li><a class="reference internal" href="#copyright">Copyright</a></li>
</ul>
<br>
<a id="source" href="https://github.com/python/peps/blob/main/peps/pep-0625.rst">Page Source (GitHub)</a>
</nav>
</section>
<script src="../_static/colour_scheme.js"></script>
<script src="../_static/wrap_tables.js"></script>
<script src="../_static/sticky_banner.js"></script>
</body>
</html>