[Distutils] Re: FW: Extracting meta-data from distributions
Fri, 4 Aug 2000 21:10:37 -0400
On 04 August 2000, Amos Latteier said:
> I'm sending this to you directly since there seems to be some problem
> with the distutils sig -- my mail bounced with a mailman error. Anyway
> if you have any suggestions I'd love to hear them. If you want, I'll
> summarize your response to the distutils sig later when the mailinglist
> is fixed.
Odd. I'll try cc'ing the list and see what happens. I did notice http
connections to python.org were appallingly slow yesterday -- and I still
work in the same building (same LAN, modulo firewalls and so forth) as
> -----Original Message-----
> From: Amos Latteier
> Sent: Friday, August 04, 2000 2:17 PM
> To: 'firstname.lastname@example.org'
> Subject: Extracting meta-data from distributions
> I've been thinking about how to query distutils packages. One thing I'd
> like to do is download archives from the net and programmatically find
> meta-data about the archive.
$ ./setup.py --help
Information display options (just display information, ignore any commands)
--help-commands list all available commands
--name print package name
--version (-V) print package version
--fullname print <package name>-<version>
--author print the author's name
--author-email print the author's email address
--maintainer print the maintainer's name
--maintainer-email print the maintainer's email address
--contact print the maintainer's name if known, else the author's
--contact-email print the maintainer's email address if known, else the
--url print the URL for this package
--licence print the licence of the package
--license alias for --licence
--description print the package description
--long-description print the long package description
$ ./setup.py --name --version --author-email --url
> * It seems that I must execute potentially untrusted code to get the
> meta-data. Is there anyway around this? I guess RExec is the answer...
Curses. I knew someone would get paranoid about writing dist-bots at
some point. I have no answers to this... however, the above
"informational" command shouldn't be doing any filesystem access apart
from importing stuff, so it's probably "securable". Obviously, general
Distutils usage makes extensive use of the filesystem, so writing
general dist-bots securely will probably be tricky. Sigh.
> * It seems that there is no distutils command to return all the
> meta-data that I can poke into sys.argv before importing setup.py.
> Should I replace distutils.core.setup with my own function before
> importing the archive's setup.py. Or is there a less hackish way to get
> back the meta-data all in one piece?
There's no "give me all meta-data" option -- you have to "just know" the
options listed in the --help command. Also, obviously, the output
assumes you "just know" the order of options as you supplied them on the
command line. Oh well, it's a heck of a lot better than nothing.
> Perhaps there are other better strategies for getting at distutils
> archive meta-data, since I'm pretty sure that this scenario has been
> already thought through by someone smart.
*blush* Actually, I can only take credit for knowing a good idea when I
see it (the meta-data display options were Bastian Kleineidam's idea),
and for tearing the command-line parsing code to shreds in order to
allow the above semantics, where multiple options can be used together
and their order is preserved.
Greg Ward - just another /P(erl|ython)/ hacker email@example.com
I invented skydiving in 1989!