Update the UPSTREAM_CHECK_URI to leverage the simple repo API. The
project URLs require javascript which breaks the version checking fetch
and subsequent logic. The simple repo API provides similar
functionality with a well defined spec which is used by tools such as
pip. Also update the UPSTREAM_CHECK_REGEX to be compatible with the
information retrieved via the API
Signed-off-by: Derek Straka <de...@asterius.io>
---
meta/classes-recipe/pypi.bbclass | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/pypi.bbclass b/meta/classes-recipe/pypi.bbclass
index c6bbe8119a..15172e97b4 100644
--- a/meta/classes-recipe/pypi.bbclass
+++ b/meta/classes-recipe/pypi.bbclass
@@ -37,7 +37,11 @@ S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
# Replace any '_' characters in the pypi URI with '-'s to follow the PyPi
website naming conventions
UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@d.getVar('PYPI_PACKAGE').replace('_', '-')}"
-UPSTREAM_CHECK_URI ?=
"https://pypi.org/project/${UPSTREAM_CHECK_PYPI_PACKAGE}/";
-UPSTREAM_CHECK_REGEX ?=
"/${UPSTREAM_CHECK_PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
+
+# Use the simple repository API rather than the potentially unstable project
URL
+# More information on the pypi API specification is avaialble here:
+# https://packaging.python.org/en/latest/specifications/simple-repository-api/
+UPSTREAM_CHECK_URI ?= "https://pypi.org/simple/${UPSTREAM_CHECK_PYPI_PACKAGE}/";
+UPSTREAM_CHECK_REGEX ?=
"${UPSTREAM_CHECK_PYPI_PACKAGE}-(?P<pver>(\d+[\.\-_]*)+).(tar\.gz|tgz)"
CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#208665):
https://lists.openembedded.org/g/openembedded-core/message/208665
Mute This Topic: https://lists.openembedded.org/mt/110085421/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
