[Distutils] use of '_' in package name causing version parsing issue?

Baiju M mbaiju at zeomega.com
Thu Mar 11 06:35:00 CET 2010

On Thu, Mar 11, 2010 at 10:09 AM, P.J. Eby <pje at telecommunity.com> wrote:
> At 09:50 AM 3/10/2010 +0530, Baiju M wrote:
>> I spend some time with Buildout and setuptools code to identify the issue.
>> I will try to explain my findings.
>> 1. Buildout is relying on pkg_resources.Requirement.parse function to
>>    get the "project_name" like this:
>>     pkg_resources.Requirement.parse('jiva_interface').project_name
>>    I can see from the code of `Requirement` class that, the `__init__`
>>    method is deprecated and recommend to use `parse`
>>    function.
> It is undocumented, not deprecated.  You are simply not supposed to create
> instances via that (private) constructor.

Okay, fine.  Buildout doesn't create any instance directly.

>>  Does this mean that we should not use the attributes
>>    of an instance of `Requirement` class?  This is very important as
>>    the `parse` function return a list of instances of `Requirement` class.
> Requirement objects are documented; see:
>  http://peak.telecommunity.com/DevCenter/PkgResources#requirement-objects

So, according to the EBNF given there, "_" is a valid project_name identifier:

  project_name ::= identifier
  identifier   ::= [-A-Za-z0-9_]+

>>   So, if it is acceptable to use the "project_name" attribute, then
>>   Buildout can rely on it, right ?
> Yes.
>>   According to this code, this will be the result:
>>     pkg_resources.safe_name('jiva_interface')
>>     'jiva-interface'
>>   And:
>>     pkg_resources.Requirement.parse('jiva_interface').project_name
>>     'jiva-interface'
>>    Is this behavior correct ?
> Yes it is. All non-alphanumeric, non-dot characters are replaced with '-' in
> a project name.  This turns project names like e.g. "Foo's Bar Factory" into
> their canonical form (i.e., "Foo-s-Bar-Factory").

If "_" is a valid project_name identifier, why it is replaces with "-" ?

>>    If you think what setuptools doing is fine, we will make changes
>>    in Buildout code to use the "safe_name" method where ever it directly
>>    get "project_name".
> Why do you think you need that?  (Most likely, you are mistaken, since the
> only reason the unsafe_name attribute exists is to deal with a limitation in
> older versions of the PyPI software, which did not support doing "safe_name"
> redirection.)
> If you can describe what you're actually trying to do with this information,
> perhaps there is a safer/more documented way that I can suggest.

Buildout has a functionality to "pin-down" ("lock down"/"nail down") versions
of eggs (distribution?).  There is another functionality to enforce
versions of all eggs used in a particular Buildout configuration.  If we
use "_" as the package name (distribution name?), this functionality is not

I need some time to explain this further with a proper test case in Buildout.

Baiju M

More information about the Distutils-SIG mailing list