[Distutils] Re: FW: Extracting meta-data from distributions

Greg Ward gward@python.net
Fri, 4 Aug 2000 21:10:37 -0400

On 04 August 2000, Amos Latteier said:
> I'm sending this to you directly since there seems to be some problem
> with the distutils sig -- my mail bounced with a mailman error. Anyway
> if you have any suggestions I'd love to hear them. If you want, I'll
> summarize your response to the distutils sig later when the mailinglist
> is fixed.

Odd.  I'll try cc'ing the list and see what happens.  I did notice http
connections to python.org were appallingly slow yesterday -- and I still
work in the same building (same LAN, modulo firewalls and so forth) as
that machine!

> -----Original Message-----
> From: Amos Latteier 
> Sent: Friday, August 04, 2000 2:17 PM
> To: 'distutils-sig@python.org'
> Subject: Extracting meta-data from distributions
> I've been thinking about how to query distutils packages. One thing I'd
> like to do is download archives from the net and programmatically find
> meta-data about the archive.

  $ ./setup.py --help
  Information display options (just display information, ignore any commands)
    --help-commands     list all available commands
    --name              print package name
    --version (-V)      print package version
    --fullname          print <package name>-<version>
    --author            print the author's name
    --author-email      print the author's email address
    --maintainer        print the maintainer's name
    --maintainer-email  print the maintainer's email address
    --contact           print the maintainer's name if known, else the author's
    --contact-email     print the maintainer's email address if known, else the
    --url               print the URL for this package
    --licence           print the licence of the package
    --license           alias for --licence
    --description       print the package description
    --long-description  print the long package description

  $ ./setup.py --name --version --author-email --url

Clear enough?

>   * It seems that I must execute potentially untrusted code to get the
> meta-data. Is there anyway around this? I guess RExec is the answer... 

Curses.  I knew someone would get paranoid about writing dist-bots at
some point.  I have no answers to this... however, the above
"informational" command shouldn't be doing any filesystem access apart
from importing stuff, so it's probably "securable".  Obviously, general
Distutils usage makes extensive use of the filesystem, so writing
general dist-bots securely will probably be tricky.  Sigh.

>   * It seems that there is no distutils command to return all the
> meta-data that I can poke into sys.argv before importing setup.py.
> Should I replace distutils.core.setup with my own function before
> importing the archive's setup.py. Or is there a less hackish way to get
> back the meta-data all in one piece?

There's no "give me all meta-data" option -- you have to "just know" the
options listed in the --help command.  Also, obviously, the output
assumes you "just know" the order of options as you supplied them on the
command line.  Oh well, it's a heck of a lot better than nothing.

> Perhaps there are other better strategies for getting at distutils
> archive meta-data, since I'm pretty sure that this scenario has been
> already thought through by someone smart.

*blush* Actually, I can only take credit for knowing a good idea when I
see it (the meta-data display options were Bastian Kleineidam's idea),
and for tearing the command-line parsing code to shreds in order to
allow the above semantics, where multiple options can be used together
and their order is preserved.

Greg Ward - just another /P(erl|ython)/ hacker          gward@python.net
I invented skydiving in 1989!