search

pypa / flit

Simplified packaging of Python modules
https://flit.pypa.io/
BSD 3-Clause "New" or "Revised" License
2.15k stars 131 forks source link

Missing license in sdist #379

Open mayeut opened 3 years ago

mayeut commented 3 years ago

License file are automatically added when building wheel:

https://github.com/takluyver/flit/blob/8f93601d05abe00c833663df541200114dbf3ad1/flit_core/flit_core/wheel.py#L202-L204

However those files are missing in the sdist (unless using a specific include config). Shouldn't those license files be included in the sdist automatically ?

xref pypa/packaging#357 / pypa/packaging#358

pombredanne commented 2 years ago

See also https://github.com/pypa/flit/issues/525

takluyver commented 1 year ago

As a partial workaround, a license file specified in project.license.file (new-style metadata in pyproject.toml) should always be included in an sdist. This only works for one file per project, though.

If the license files are checked in to the VCS, flit build should also always include them, although this doesn't apply if you use Flit as a backend for other tools - see #522 and #540 for more discussion about that discrepancy.

henryiii commented 9 months ago

FYI, the wheel pulls the LICENSE file via a name-based search: https://github.com/pypa/flit/blob/ee17c70cdef4c9bd2f1d076f2dd8aacabdd38098/flit_core/flit_core/wheel.py#L185. It seems like the default SDist file inclusion should respect this too by including the same pattern. It means that pipx run build --wheel produces a wheel with the license file(s), but pipx run build doesn't, since it builds the wheel from the SDist, which is missing these files by default.

Specifying project.license.file isn't a great idea IMO, since it's changing if PEP 639 is accepted, it seems to indicate that Flit will treat this file as a license file (it doesn't, the wheel still uses a name-based pattern), and it only works for one file.

jayqi commented 5 months ago

I ran into this today and found it very surprising. The documentation from PyPA for pyproject.toml says that project.license.text should be fine, and suggests that project.license is even entirely unnecessary for a common license, so requiring project.license.file feels inconsistent here with the documented standard practices.

It's especially annoying when trying to release a package on conda-forge, which both builds conda packages from SDist and is pretty strict about requiring a LICENSE file. Now I need to do another PyPI release in order to get a valid conda-forge package.