[Distutils] URL Structure of Packages URLs

Barry Warsaw barry at python.org
Fri Oct 18 21:27:45 CEST 2013 

On Oct 12, 2013, at 06:15 PM, Donald Stufft wrote:

>Just to be clear, I don't fault folks for using the /packages/ urls. I was
>just trying to get some sort of idea if anyone actually used that url
>structure or not. I also don't plan on breaking anything for people who do.
>
>That being said, do you know if the Debian case requires something to be
>served at /packages/source/D/Django/ in order to locate a file at
>/packages/source/D/Django/Django-*.tar.gz?

It does.

uscan(1) is the tool that parses and acts on debian/watch files.  My Perl-fu
is pretty rusty so I'm not sure I'm reading it correctly, but I think it's
evident what the tool does (modulo tons of corner cases that mostly aren't
relevant for PyPI urls).

Here for example is tox's debian/watch file:

-----snip snip-----
version=3
http://pypi.python.org/packages/source/t/tox/tox-(.*).tar.gz
-----snip snip-----

And verbose output:

% uscan --verbose
-- Scanning for watchfiles in .
-- Found watchfile in ./debian
-- In debian/watch, processing watchfile line:
   http://pypi.python.org/packages/source/t/tox/tox-(.*).tar.gz
-- Found the following matching hrefs:
     tox-0.5.tar.gz (0.5)
     tox-0.5.tar.gz (0.5)
     tox-0.6.tar.gz (0.6)
     tox-0.6.tar.gz (0.6)
     tox-0.7.tar.gz (0.7)
     tox-0.7.tar.gz (0.7)
     tox-0.8.tar.gz (0.8)
     tox-0.8.tar.gz (0.8)
     tox-1.4.3.tar.gz (1.4.3)
     tox-1.4.3.tar.gz (1.4.3)
     tox-1.5.0.tar.gz (1.5.0)
     tox-1.5.0.tar.gz (1.5.0)
     tox-1.6.0.tar.gz (1.6.0)
     tox-1.6.0.tar.gz (1.6.0)
     tox-1.6.1.tar.gz (1.6.1)
     tox-1.6.1.tar.gz (1.6.1)
Newest version on remote site is 1.6.1, local version is 1.6.0
 => Newer version available from
    http://pypi.python.org/packages/source/t/tox/tox-1.6.1.tar.gz
-- Downloading updated package tox-1.6.1.tar.gz
-- Successfully downloaded updated package tox-1.6.1.tar.gz
    and symlinked tox_1.6.1.orig.tar.gz to it
-- Scan finished


And a directory listing of the URL leading up to the pattern (edited for
readability):

Index of /raw-packages/source/t/tox/

../
tox-0.5.tar.gz	 	12-Jul-2010 11:30               40853
tox-0.6.tar.gz	 	12-Jul-2010 18:21               41424
tox-0.7.tar.gz	 	14-Jul-2010 20:48               45934
tox-0.8.tar.gz	 	30-Jul-2010 23:41               41828
tox-0.9.zip	 	25-Nov-2010 20:05               57001
tox-1.0.zip	 	28-May-2011 14:59               61367
tox-1.1.zip	 	09-Jul-2011 10:09               99297
tox-1.2.zip	 	10-Nov-2011 18:40               66284
tox-1.3.zip	 	21-Dec-2011 08:40               67862
tox-1.4.1.zip	 	03-Jul-2012 09:34               76920
tox-1.4.2.zip	 	20-Jul-2012 11:05               77565
tox-1.4.3.tar.gz 	01-Mar-2013 09:44               71661
tox-1.4.zip	 	13-Jun-2012 15:01               76147
tox-1.5.0.tar.gz 	22-Jun-2013 13:05               73866
tox-1.6.0.tar.gz 	15-Aug-2013 13:39              130734
tox-1.6.1.tar.gz 	04-Sep-2013 14:17              131654

So yes there needs to be some url that uscan can get a list of to determine
the highest available version matching a wildcarded pattern.

Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20131018/c6722d9d/attachment.sig>

More information about the Distutils-SIG mailing list