search

tuna / issues

Code Unrelated Issues
362 stars 28 forks source link

[功能请求] 为 pypi 镜像实现 PEP 658 和 PEP 714,在 API 中提供包元数据 #1775

Open GalaxySnail opened 1 year ago

GalaxySnail commented 1 year ago

参见:

现在上游 pypi.org 已经实现此 API,示例如下,注意其中的 data-core-metadata 属性:

$ curl https://pypi.org/simple/cryptography/
<!DOCTYPE html>
<html>
  <head>
    <meta name="pypi:repository-version" content="1.1">
    <title>Links for cryptography</title>
  </head>
  <body>
    <h1>Links for cryptography</h1>
    <!-- (删掉了一些不重要的内容) -->
    <a href="https://files.pythonhosted.org/packages/d8/80/e32f30266381f6ca05ee4aa92ce5f305aa1acbef4117a9a8d94d9b60bb67/cryptography-41.0.1-cp37-abi3-macosx_10_12_universal2.whl#sha256=f73bff05db2a3e5974a6fd248af2566134d8981fd7ab012e5dd4ddb1d9a70699" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-macosx_10_12_universal2.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/eb/09/6b2c7f6dcf756f318cc232576c2198c114758510317ddade9490e568362a/cryptography-41.0.1-cp37-abi3-macosx_10_12_x86_64.whl#sha256=1a5472d40c8f8e91ff7a3d8ac6dfa363d8e3138b961529c996f3e2df0c7a411a" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-macosx_10_12_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/12/82/8d41bda1fc6e5a51ae4f47abc910e40c0207233bf44f2bcd794272db2c69/cryptography-41.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=7fa01527046ca5facdf973eef2535a27fec4cb651e4daec4d043ef63f6ecd4ca" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/32/86/2037a52402f8d03f7a2be172ffb4bbac0250c54e51d50136c0c6c4e0cf70/cryptography-41.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=b46e37db3cc267b4dea1f56da7346c9727e1209aa98487179ee8ebed09d21e43" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/b7/88/3e6c5eda9ab474fa9b0cf84e6119385aaefbe5c9700a5eacd6e0a9f415bb/cryptography-41.0.1-cp37-abi3-manylinux_2_28_aarch64.whl#sha256=d198820aba55660b4d74f7b5fd1f17db3aa5eb3e6893b0a41b75e84e4f9e0e4b" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-manylinux_2_28_aarch64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/49/35/80c346e1a9509210defa857a05e9b7931093719aab25665d4d54f9b3ba83/cryptography-41.0.1-cp37-abi3-manylinux_2_28_x86_64.whl#sha256=948224d76c4b6457349d47c0c98657557f429b4e93057cf5a2f71d603e2fc3a3" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-manylinux_2_28_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/ef/78/d391ec7a08d4adf8a93d0fd9fa9fd468493ef50b6213c28deadf5322379d/cryptography-41.0.1-cp37-abi3-musllinux_1_1_aarch64.whl#sha256=059e348f9a3c1950937e1b5d7ba1f8e968508ab181e75fc32b879452f08356db" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-musllinux_1_1_aarch64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/52/4c/a5b0cabca7033510d490b5a9fddce62f87a0420ddc4d96b1ab4435f10f75/cryptography-41.0.1-cp37-abi3-musllinux_1_1_x86_64.whl#sha256=b4ceb5324b998ce2003bc17d519080b4ec8d5b7b70794cbd2836101406a9be31" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-cp37-abi3-musllinux_1_1_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/e5/1d/184779dc4c1e9686bc87628c0bf1b1c846885c6c9ff79c954fda0a4b2498/cryptography-41.0.1-cp37-abi3-win32.whl#sha256=8f4ab7021127a9b4323537300a2acfb450124b2def3756f64dc3a3d2160ee4b5" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624" data-core-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624">cryptography-41.0.1-cp37-abi3-win32.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/6a/35/7d7ac1ecd59c88f760584d3b9606ebfd48c5442377d67a8d3081226be424/cryptography-41.0.1-cp37-abi3-win_amd64.whl#sha256=1fee5aacc7367487b4e22484d3c7e547992ed726d14864ee33c0176ae43b0d7c" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624" data-core-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624">cryptography-41.0.1-cp37-abi3-win_amd64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/c9/f1/94c71c6fd96ae2ec799c8e5d7a953944a7c7b2ddd8ba941ddc89443645c3/cryptography-41.0.1-pp38-pypy38_pp73-macosx_10_12_x86_64.whl#sha256=9a6c7a3c87d595608a39980ebaa04d5a37f94024c9f24eb7d10262b92f739ddb" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-pp38-pypy38_pp73-macosx_10_12_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/2d/18/1c1098a3faeb21e73d83acccaa01f25bcfe6218f59b8dfc59bc31505cbe0/cryptography-41.0.1-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl#sha256=5d092fdfedaec4cbbffbf98cddc915ba145313a6fdaab83c6e67f4e6c218e6f3" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/fc/db/bccda95237c4a823164d2f243aac25036f8d81c1083a49e85457d185dd31/cryptography-41.0.1-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl#sha256=1a8e6c2de6fbbcc5e14fd27fb24414507cb3333198ea9ab1258d916f00bc3039" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/a6/09/ac646c5f3ae56a2a895014ede63148a6e2be2689d7bfbdbaab02ed9fe684/cryptography-41.0.1-pp38-pypy38_pp73-win_amd64.whl#sha256=cb33ccf15e89f7ed89b235cff9d49e2e62c6c981a6061c9c8bb47ed7951190bc" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624" data-core-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624">cryptography-41.0.1-pp38-pypy38_pp73-win_amd64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/2c/74/5ccc293b24678010611eb43185663064a9c195cdebfbcef8fc323f71eb41/cryptography-41.0.1-pp39-pypy39_pp73-macosx_10_12_x86_64.whl#sha256=5f0ff6e18d13a3de56f609dd1fd11470918f770c6bd5d00d632076c727d35485" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-pp39-pypy39_pp73-macosx_10_12_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/06/04/71b679d76336fc5fd82041e492e4c372c6b605dba15047e3184654aa5fc7/cryptography-41.0.1-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl#sha256=7bfc55a5eae8b86a287747053140ba221afc65eb06207bedf6e019b8934b477c" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/92/12/f33c6911b70c59b92af870b2e4a8c11f8293a12a4d1318be96082e09318f/cryptography-41.0.1-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl#sha256=eb8163f5e549a22888c18b0d53d6bb62a20510060a22fd5a995ec8a05268df8a" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98" data-core-metadata="sha256=5e50aa0e9feae307d9a3785b929e471bb5877ab9157006ad1a14c84491675a98">cryptography-41.0.1-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/00/5e/39850ff94df530b24c5600f56769d56da44ede9f2c6ef5f2a204dd6c0881/cryptography-41.0.1-pp39-pypy39_pp73-win_amd64.whl#sha256=8dde71c4169ec5ccc1087bb7521d54251c016f126f922ab2dfe6649170a3b8c5" data-requires-python="&gt;=3.7" data-dist-info-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624" data-core-metadata="sha256=855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624">cryptography-41.0.1-pp39-pypy39_pp73-win_amd64.whl</a><br />
    <a href="https://files.pythonhosted.org/packages/19/8c/47f061de65d1571210dc46436c14a0a4c260fd0f3eaf61ce9b9d445ce12f/cryptography-41.0.1.tar.gz#sha256=d34579085401d3f49762d2f7d6634d6b6c2ae1242202e860f4d26b046e3a1006" data-requires-python="&gt;=3.7" >cryptography-41.0.1.tar.gz</a><br />
    </body>
</html>
<!--SERIAL 18395794-->

元数据文件示例:

$ curl https://files.pythonhosted.org/packages/6a/35/7d7ac1ecd59c88f760584d3b9606ebfd48c5442377d67a8d3081226be424/cryptography-41.0.1-cp37-abi3-win_amd64.whl.metadata
Metadata-Version: 2.1
Name: cryptography
Version: 41.0.1
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>
License: Apache-2.0 OR BSD-3-Clause
Project-URL: homepage, https://github.com/pyca/cryptography
Project-URL: documentation, https://cryptography.io/
Project-URL: source, https://github.com/pyca/cryptography/
Project-URL: issues, https://github.com/pyca/cryptography/issues
Project-URL: changelog, https://cryptography.io/en/latest/changelog/
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: License :: OSI Approved :: BSD License
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX
Classifier: Operating System :: POSIX :: BSD
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: Microsoft :: Windows
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.7
Description-Content-Type: text/x-rst
License-File: LICENSE
License-File: LICENSE.APACHE
License-File: LICENSE.BSD
Requires-Dist: cffi (>=1.12)
Provides-Extra: docs
Requires-Dist: sphinx (>=5.3.0) ; extra == 'docs'
Requires-Dist: sphinx-rtd-theme (>=1.1.1) ; extra == 'docs'
Provides-Extra: docstest
Requires-Dist: pyenchant (>=1.6.11) ; extra == 'docstest'
Requires-Dist: twine (>=1.12.0) ; extra == 'docstest'
Requires-Dist: sphinxcontrib-spelling (>=4.0.1) ; extra == 'docstest'
Provides-Extra: nox
Requires-Dist: nox ; extra == 'nox'
Provides-Extra: pep8test
Requires-Dist: black ; extra == 'pep8test'
Requires-Dist: ruff ; extra == 'pep8test'
Requires-Dist: mypy ; extra == 'pep8test'
Requires-Dist: check-sdist ; extra == 'pep8test'
Provides-Extra: sdist
Requires-Dist: build ; extra == 'sdist'
Provides-Extra: ssh
Requires-Dist: bcrypt (>=3.1.5) ; extra == 'ssh'
Provides-Extra: test
Requires-Dist: pytest (>=6.2.0) ; extra == 'test'
Requires-Dist: pytest-benchmark ; extra == 'test'
Requires-Dist: pytest-cov ; extra == 'test'
Requires-Dist: pytest-xdist ; extra == 'test'
Requires-Dist: pretend ; extra == 'test'
Provides-Extra: test-randomorder
Requires-Dist: pytest-randomly ; extra == 'test-randomorder'

pyca/cryptography
=================

.. image:: https://img.shields.io/pypi/v/cryptography.svg
    :target: https://pypi.org/project/cryptography/
    :alt: Latest Version

.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest
    :target: https://cryptography.io
    :alt: Latest Docs

.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain

``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
standard library". It supports Python 3.7+ and PyPy3 7.3.10+.

``cryptography`` includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests, and
key derivation functions. For example, to encrypt something with
``cryptography``'s high level symmetric encryption recipe:

.. code-block:: pycon

    >>> from cryptography.fernet import Fernet
    >>> # Put this somewhere safe!
    >>> key = Fernet.generate_key()
    >>> f = Fernet(key)
    >>> token = f.encrypt(b"A really secret message. Not for prying eyes.")
    >>> token
    b'...'
    >>> f.decrypt(token)
    b'A really secret message. Not for prying eyes.'

You can find more information in the `documentation`_.

You can install ``cryptography`` with:

.. code-block:: console

    $ pip install cryptography

For full details see `the installation documentation`_.

Discussion
~~~~~~~~~~

If you run into bugs, you can file them in our `issue tracker`_.

We maintain a `cryptography-dev`_ mailing list for development discussion.

You can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get
involved.

Security
~~~~~~~~

Need to report a security issue? Please consult our `security reporting`_
documentation.

.. _`documentation`: https://cryptography.io/
.. _`the installation documentation`: https://cryptography.io/en/latest/installation/
.. _`issue tracker`: https://github.com/pyca/cryptography/issues
.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`security reporting`: https://cryptography.io/en/latest/security/
GalaxySnail commented 1 year ago

如果实现了 PEP 691(#1774),则相应字段也应当出现在 json API 的响应中。比如(响应经过编辑):

$ curl https://pypi.org/simple/cryptography/ -H 'Accept: application/vnd.pypi.simple.v1+json'
{
    "files": [
        {
            "core-metadata": {
                "sha256": "855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624"
            },
            "data-dist-info-metadata": {
                "sha256": "855ed42caab9fbdcc6a95c098a02bc58c9035757d40129a9b715d8f7f4189624"
            },
            "filename": "cryptography-41.0.1-pp39-pypy39_pp73-win_amd64.whl",
            "hashes": {
                "sha256": "8dde71c4169ec5ccc1087bb7521d54251c016f126f922ab2dfe6649170a3b8c5"
            },
            "requires-python": ">=3.7",
            "size": 2516661,
            "upload-time": "2023-06-01T12:31:13.509041Z",
            "url": "https://files.pythonhosted.org/packages/00/5e/39850ff94df530b24c5600f56769d56da44ede9f2c6ef5f2a204dd6c0881/cryptography-41.0.1-pp39-pypy39_pp73-win_amd64.whl",
            "yanked": false
        },
        {
            "core-metadata": false,
            "data-dist-info-metadata": false,
            "filename": "cryptography-41.0.1.tar.gz",
            "hashes": {
                "sha256": "d34579085401d3f49762d2f7d6634d6b6c2ae1242202e860f4d26b046e3a1006"
            },
            "requires-python": ">=3.7",
            "size": 629124,
            "upload-time": "2023-06-01T12:31:29.299341Z",
            "url": "https://files.pythonhosted.org/packages/19/8c/47f061de65d1571210dc46436c14a0a4c260fd0f3eaf61ce9b9d445ce12f/cryptography-41.0.1.tar.gz",
            "yanked": false
        }
    ],
    "meta": {
        "_last-serial": 18395794,
        "api-version": "1.1"
    },
    "name": "cryptography"
}
ZenithalHourlyRate commented 1 year ago

@GalaxySnail 原则上镜像站只提供静态文件服务

GalaxySnail commented 1 year ago

原则上镜像站只提供静态文件服务

因为软件包本身是静态文件,所以包元数据仍然是静态文件,理论上镜像只需要直接从上游获取这些数据就行了

shankerwangmiao commented 1 year ago

原则上镜像站只提供静态文件服务

因为软件包本身是静态文件,所以包元数据仍然是静态文件,理论上镜像只需要直接从上游获取这些数据就行了

嗯,等 bandersnatch 更新支持吧

GalaxySnail commented 1 year ago

嗯,等 bandersnatch 更新支持吧

经你提醒我才刚注意到 tuna 的 pypi 镜像是用 bandersnatch 同步的

这是上游的 PEP 658 相关 issue:https://github.com/pypa/bandersnatch/issues/937 ,那就只能先等上游支持了。