Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow packaging specifiers in packages when auditing on PyPI #128

Merged
merged 1 commit into from
Jan 8, 2025
Merged

Allow packaging specifiers in packages when auditing on PyPI #128

merged 1 commit into from
Jan 8, 2025

Conversation

nicholasjng
Copy link
Contributor

Packaging specifiers are implemented as described in https://packaging.python.org/en/latest/specifications/version-specifiers/, although I did not find a specific PEP for them. Everything is done using packaging's own APIs, so there are no egregious hacks brought into the spec parsing logic.

This allows to audit version-specific packages, which makes it easier to pin down regressions in ABI3 compatibility.

Usage: abi3audit cryptography==42.0.7 -v.

Currently lacks support for version ranges, but that is only a regex tweak away thanks to the terrific SpecifierSet API.

Hello again, I'm on a roll! I was surprised to see that version-specific auditing of a PyPI package was not supported, so I quickly added it. On this branch (please try it out as well), I get:

$ abi3audit -v cryptography==42.0.7
[17:49:56] 💁 cryptography==42.0.7: 23 extensions scanned; 0 ABI version mismatches and 0 ABI violations found

$ abi3audit -v cryptography==lolwat      
[17:50:21] 👎 processing error: 'cryptography==lolwat' does not look like a valid wheel, shared object, or package name

The error message in the second one could be improved, since packaging throws a good error on a wrong specifier. But that would probably require meddling with the spec parsing routine as a whole, which I skipped for now.

nicholasjng
nicholasjng commented Jan 7, 2025
View reviewed changes
abi3audit/_extract.py Outdated Show resolved Hide resolved
@nicholasjng
Allow packaging specifiers in packages when auditing on PyPI
5a06609 
Packaging specifiers are implemented as described in https://packaging.python.org/en/latest/specifications/version-specifiers/,
although I did not find a specific PEP for them. Everything is done using `packaging`'s own APIs,
so there are no egregious hacks brought into the spec parsing logic.

This allows to audit version-specific packages, which makes it easier to pin down
regressions in ABI3 compatibility.

Usage: `abi3audit cryptography==42.0.7 -v`.

Currently lacks support for version ranges, but that is only a regex tweak away thanks to the
terrific `SpecifierSet` API.
@nicholasjng nicholasjng force-pushed the add-version-identifiers branch from d697934 to 5a06609 Compare January 7, 2025 17:34
@woodruffw
Copy link
Member

Thanks @nicholasjng! This has been on my wishlist for a while 🙂

Everything is done using packaging's own APIs, so there are no egregious hacks brought into the spec parsing logic.

Much appreciated!

woodruffw
woodruffw approved these changes Jan 8, 2025
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nicholasjng, this is great!

@woodruffw woodruffw merged commit 2b67602 into pypa:main Jan 8, 2025
12 checks passed
@nicholasjng
Copy link
Contributor Author

My pleasure. I'll throw you the followup (dep ranges) over the fence either today or tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nicholasjng @woodruffw