Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tar.gz release does not contain LICENSE #1160

Closed
jku opened this issue Oct 4, 2020 · 4 comments · Fixed by #1162
Closed

tar.gz release does not contain LICENSE #1160

jku opened this issue Oct 4, 2020 · 4 comments · Fixed by #1162

Comments

@jku
Copy link
Member

jku commented Oct 4, 2020

Description of issue or feature request:
Release tarballs (like tuf-0.14.0.tar.gz) do not contain a LICENSE file

This prevents vendoring tuf using the vendoring tool: I could patch the license in but unfortunately the license file check is done on unpatched sources

python3 setup.py sdist produces a tarball with the LICENSE file (and many other files that are not in our release tarball) -- what's this about?

@jku
Copy link
Member Author

jku commented Oct 5, 2020

Wow. python2 setup.py sdist and python3 setup.py sdist produce radically different results 😮 I guess the 'universal' in universal wheels only refers to target python...

I have no idea why but setuptools3 seems to include all files in project root directory -- this seems to not be documented. The documentation says we should add files into MANIFEST.in if we want to distribute but not install (which seems to be what most projects do with LICENSE files).

@joshuagl
Copy link
Member

joshuagl commented Oct 5, 2020

Yikes. I thought I had produced the last two release tarballs with Python 3's setuptools3...

We should update the docs/RELEASE.md to strongly recommend using python3 and add LICENSE to MANIFEST.in.

I can make those changes today.

@jku
Copy link
Member Author

jku commented Oct 5, 2020

I think at least being explicit about LICENSE* in MANIFEST.in makes sense.

I don't think I understand how these different results happen yet: distutils is the one that actually does the sdist building and I can't see anything in the dosc (https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute) or the code that would imply that what I saw with python3 is intentional: no mention of including all files in root by default as an example.

@jku
Copy link
Member Author

jku commented Oct 5, 2020

Documenting for posterity: the differences between py3 and py2 were the results of having setuptools_scm installed: that will by default add all files from git.

The original issue tar.gz release does not contain LICENSE is still valid.

jku pushed a commit to jku/python-tuf that referenced this issue Oct 5, 2020
This seems to be a common way to handle license files. Also, vendoring
tool fails to handle tuf without a LICENSE file.

Fixes theupdateframework#1160

Signed-off-by: Jussi Kukkonen <[email protected]>
sechkova pushed a commit to sechkova/tuf that referenced this issue Oct 8, 2020
This seems to be a common way to handle license files. Also, vendoring
tool fails to handle tuf without a LICENSE file.

Fixes theupdateframework#1160

Signed-off-by: Jussi Kukkonen <[email protected]>
MVrachev pushed a commit to MVrachev/tuf that referenced this issue Oct 14, 2020
This seems to be a common way to handle license files. Also, vendoring
tool fails to handle tuf without a LICENSE file.

Fixes theupdateframework#1160

Signed-off-by: Jussi Kukkonen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants