Add support for Metadata 2.2

[bhrutledge]

Closes #753, though I'm starting this as a draft PR because I'm not sure there's enough here.

Changes so far:

• Require the latest version of pkginfo, which now has support for 2.2
• Update PackageFile and related tests to recognize new version and the dynamic field

Questions:

• The PyPUG defines some rules for Dynamic, and says Name and Version may not be specified as Dynamic. Looking over the relevant pkginfo changes, I don't see any validation of those rules. Where should that happen? Maybe @pfmoore and @tseaver have thoughts?

• @FFY00 Does this meet your needs for Add support for metadata 2.2 #753?

[FFY00]

I have not tried it, but the code seems fine to me.

[bhrutledge]

I have not tried it, but the code seems fine to me.

@FFY00 Are you able to install Twine from this branch and test it?

[FFY00]

I am, but I don't have time right now, I will try to see if I can find a moment later today.

[tseaver]

@bhrutledge

The PyPUG defines some rules for Dynamic, and says Name and Version may not be specified as Dynamic. Looking over the relevant pkginfo changes, I don't see any validation of those rules. Where should that happen? Maybe @pfmoore and @tseaver have thoughts?

The mission of pkginfo is to parse metadata from packages released into the wild -- I don't see it as in scope for it to be trying to enforce such rules. That rule, and the Dynamic field in general, are mostly germane for the tools which build distributions from a given sdist -- those tools care about the semantics, and could emit warnings or errors as appropriate.

[pfmoore]

I tend to think of those rules as more about "tools consuming Metadata 2.2 can assume Name and Version are static", rather than anyone needing to validate them. Tools that claim to produce Metadata 2.2 are in violation of the spec if they declare Name or Version as dynamic, so checking the rule is essentially checking whether the producer lied about what it does.

I guess a consumer could check and flag an error if the fields were dynamic. It's no different than flagging if the file is in the wrong format, or a mandatory field is missing, or any other sanity check that a producer delivered what it said it would. I've no opinion on whether pkginfo should do so, though - as far as I'm concerned, that's a decision for the pkginfo authors.

[bhrutledge]

Thanks all. I wasn't necessarily suggesting that pkginfo should do validation of dynamic; I was more wondering if Twine should. But it sounds like that might be in the same bucket as enhancements to the check command, which is currently blocked on pypa/packaging#147 (which specifically mentions dynamic).

With that in mind, I'll open this up for review and merge.

[bhrutledge]

@FFY00 Have you had a chance to try this out?

[FFY00]

Not yet, sorry! But the weekend is just around the corner, so hopefully I will have a couple minutes to spare 😅

[FFY00]

I did a quick test and it seems good, thanks!

[hroncok]

Just a quick check here: Is a release with this planned soon, or should we backport it in Fedora if we want to update pkginfo?

[tseaver]

The latest release of pkginfo has the feature already.

[hroncok]

I've meant a release of twine.

[bhrutledge]

I was already planning on releasing this morning. 😉

https://pypi.org/project/twine/3.7.0/