[Distutils] use of '_' in package name causing version parsing issue?
mbaiju at zeomega.com
Thu Mar 11 06:35:00 CET 2010
On Thu, Mar 11, 2010 at 10:09 AM, P.J. Eby <pje at telecommunity.com> wrote:
> At 09:50 AM 3/10/2010 +0530, Baiju M wrote:
>> I spend some time with Buildout and setuptools code to identify the issue.
>> I will try to explain my findings.
>> 1. Buildout is relying on pkg_resources.Requirement.parse function to
>> get the "project_name" like this:
>> I can see from the code of `Requirement` class that, the `__init__`
>> method is deprecated and recommend to use `parse`
> It is undocumented, not deprecated. You are simply not supposed to create
> instances via that (private) constructor.
Okay, fine. Buildout doesn't create any instance directly.
>> Does this mean that we should not use the attributes
>> of an instance of `Requirement` class? This is very important as
>> the `parse` function return a list of instances of `Requirement` class.
> Requirement objects are documented; see:
So, according to the EBNF given there, "_" is a valid project_name identifier:
project_name ::= identifier
identifier ::= [-A-Za-z0-9_]+
>> So, if it is acceptable to use the "project_name" attribute, then
>> Buildout can rely on it, right ?
>> According to this code, this will be the result:
>> Is this behavior correct ?
> Yes it is. All non-alphanumeric, non-dot characters are replaced with '-' in
> a project name. This turns project names like e.g. "Foo's Bar Factory" into
> their canonical form (i.e., "Foo-s-Bar-Factory").
If "_" is a valid project_name identifier, why it is replaces with "-" ?
>> If you think what setuptools doing is fine, we will make changes
>> in Buildout code to use the "safe_name" method where ever it directly
>> get "project_name".
> Why do you think you need that? (Most likely, you are mistaken, since the
> only reason the unsafe_name attribute exists is to deal with a limitation in
> older versions of the PyPI software, which did not support doing "safe_name"
> If you can describe what you're actually trying to do with this information,
> perhaps there is a safer/more documented way that I can suggest.
Buildout has a functionality to "pin-down" ("lock down"/"nail down") versions
of eggs (distribution?). There is another functionality to enforce
versions of all eggs used in a particular Buildout configuration. If we
use "_" as the package name (distribution name?), this functionality is not
I need some time to explain this further with a proper test case in Buildout.
More information about the Distutils-SIG