iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 710: Add ``index_url`` key to ``provenance_url.json`` (#3246)

This commit is contained in:
Fridolín Pokorný 2024-07-02 15:24:26 +02:00 committed by GitHub
parent c21ff55815
commit 7df3ef8738
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
peps/pep-0710.rst
View File

@ -118,9 +118,9 @@ may be present in a given ``.dist-info`` directory; installers MUST NOT add both
The ``provenance_url.json`` JSON file MUST be a dictionary, compliant with
:rfc:`8259` and UTF-8 encoded.
If present, it MUST contain exactly two keys. The first one is ``url``, with
If present, it MUST contain exactly three keys. The first MUST be ``url``, with
type ``string``. The second key MUST be ``archive_info`` with a value defined
below.
below. The third key MUST be ``index_url`` with type ``string``.
The value of the ``url`` key MUST be the URL from which the distribution package was downloaded. If a wheel is
built from a source distribution, the ``url`` value MUST be the URL from which
@ -140,6 +140,11 @@ Additionally, the user:password section of the URL MAY be a well-known,
non-security sensitive string. A typical example is ``git`` in the case of an
URL such as ``ssh://git@gitlab.com``.
The value of the ``index_url`` key MUST be a base URL of a :term:`Package Index`
used to download the given distribution package, such as
``https://pypi.org/simple/``. The recorded URL SHOULD point to a repository
compliant with :pep:`503`.
The value of ``archive_info`` MUST be a dictionary with a single key
``hashes``. The value of ``hashes`` is a dictionary mapping hash function names to a
hex-encoded digest of the file referenced by the ``url`` value. Multiple hashes
@ -264,6 +269,7 @@ A valid ``provenance_url.json`` list multiple hashes:
"sha512": "6bad5536c30a0b2d5905318a1592948929fbac9baf3bcf2e7faeaf90f445f82bc2b656d0a89070d8a6a9395761f4793c83187bd640c64b2656a112b5be41f73d"
}
},
"index_url": "https://pypi.org/simple/",
"url": "https://files.pythonhosted.org/packages/07/51/2c0959c5adf988c44d9e1e0d940f5b074516ecc87e96b1af25f59de9ba38/pip-23.0.1-py3-none-any.whl"
}
@ -277,6 +283,7 @@ A valid ``provenance_url.json`` listing a single hash entry:
"sha256": "236bcb61156d76c4b8a05821b988c7b8c35bf0da28a4b614e8d6ab5212c25c6f"
}
},
"index_url": "https://pypi.org/simple/",
"url": "https://files.pythonhosted.org/packages/07/51/2c0959c5adf988c44d9e1e0d940f5b074516ecc87e96b1af25f59de9ba38/pip-23.0.1-py3-none-any.whl"
}
@ -291,6 +298,7 @@ build and install a wheel:
"sha256": "8bfe29f17c10e2f2e619de8033a07a224058d96b3bfe2ed61777596f7ffd7fa9"
}
},
"index_url": "https://pypi.org/simple/",
"url": "https://files.pythonhosted.org/packages/1d/43/ad8ae671de795ec2eafd86515ef9842ab68455009d864c058d0c3dcf680d/micropipenv-0.0.1.tar.gz"
}
@ -313,6 +321,7 @@ values in sync.
"sha256": "236bcb61156d76c4b8a05821b988c7b8c35bf0da28a4b614e8d6ab5212c25c6f"
}
},
"index_url": "https://pypi.org/simple/",
"url": "https://files.pythonhosted.org/packages/07/51/2c0959c5adf988c44d9e1e0d940f5b074516ecc87e96b1af25f59de9ba38/pip-23.0.1-py3-none-any.whl"
}
@ -328,6 +337,7 @@ in the Python docs under :attr:`py3.11:hashlib.hash.name`.
"SHA-256": "236bcb61156d76c4b8a05821b988c7b8c35bf0da28a4b614e8d6ab5212c25c6f"
}
},
"index_url": "https://pypi.org/simple/",
"url": "https://files.pythonhosted.org/packages/07/51/2c0959c5adf988c44d9e1e0d940f5b074516ecc87e96b1af25f59de9ba38/pip-23.0.1-py3-none-any.whl"
}