nab-python 0.0.1__tar.gz → 0.0.2__tar.gz

{nab_python-0.0.1 → nab_python-0.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nab-python
-Version: 0.0.1
+Version: 0.0.2
 Summary: Index-backed provider, lockfile emitter, and downloader for nab
 Project-URL: Homepage, https://github.com/notatallshaw/nab
 Project-URL: Documentation, https://nab.readthedocs.io/
@@ -20,8 +20,8 @@ Classifier: Typing :: Typed
 Requires-Python: >=3.10
 Requires-Dist: build>=1.2
 Requires-Dist: installer>=0.7
-Requires-Dist: nab-index==0.0.1
-Requires-Dist: nab-resolver==0.0.1
+Requires-Dist: nab-index==0.0.2
+Requires-Dist: nab-resolver==0.0.2
 Requires-Dist: pyproject-hooks>=1.2
 Requires-Dist: tomli-w>=1.2
 Requires-Dist: tomli>=2.0

{nab_python-0.0.1 → nab_python-0.0.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "nab-python"
-version = "0.0.1"
+version = "0.0.2"
 description = "Index-backed provider, lockfile emitter, and downloader for nab"
 readme = "README.md"
 license = "MIT"
@@ -19,8 +19,8 @@ classifiers = [
     "Typing :: Typed",
 ]
 dependencies = [
-    "nab-resolver==0.0.1",
-    "nab-index==0.0.1",
+    "nab-resolver==0.0.2",
+    "nab-index==0.0.2",
     "tomli>=2.0",
     "tomli_w>=1.2",
     "build>=1.2",

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/_build/env.py

@@ -117,7 +117,7 @@ class NabBuildEnv:
         self._requires = list(requires)
         self._config = config
         self._python_version = python_version
-        self._transport = transport_factory()
+        self._transport_factory = transport_factory
 
         self._tmpdir: tempfile.TemporaryDirectory[str] | None = None
         self._venv_path: Path | None = None
@@ -273,9 +273,13 @@ class NabBuildEnv:
             uploaded_prior_to=self._config.uploaded_prior_to,
             uploaded_prior_to_overrides=self._config.uploaded_prior_to_overrides,
         )
+        # download_lock closes its transport, and ``install`` may call
+        # this again for ``get_requires_for_build_wheel`` follow-ups;
+        # build a fresh transport each time.
+        transport = self._transport_factory()
         result = resolve_pyproject(
             synthetic,
-            self._transport,
+            transport,
             config=inner_config,
             python_version=self._python_version,
         )
@@ -298,7 +302,7 @@ class NabBuildEnv:
             )
             raise BuildEnvError(msg)
 
-        download_result = download_lock(result.lock_input, self._transport, wheel_dir)
+        download_result = download_lock(result.lock_input, transport, wheel_dir)
         # Both wheels and sdists are downloaded; only wheels feed
         # ``installer.install``.  The sdists are inert clutter under
         # the temp dir, cleaned up with the env.

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/_lockfile/builder.py

@@ -81,6 +81,10 @@ class LockInputProvider(Protocol):
         """Return the configured VcsSource for ``canonical_name`` or None."""
         ...
 
+    def vcs_pin_for(self, canonical_name: str, /) -> str | None:
+        """Return the resolved 40-char SHA captured during materialisation."""
+        ...
+
     def dist_files_for(
         self, canonical_name: str, version: Version, /
     ) -> list[WheelFile | SdistFile]:
@@ -176,7 +180,12 @@ def build_lock_input_from_provider(
             continue
         vcs_source = provider.vcs_source_for(canonical)
         if vcs_source is not None:
-            lock_pins[canonical] = _vcs_pin_from_source(canonical, version, vcs_source)
+            lock_pins[canonical] = _vcs_pin_from_source(
+                canonical,
+                version,
+                vcs_source,
+                resolved_sha=provider.vcs_pin_for(canonical),
+            )
             continue
         lock_pins[canonical] = _index_pin_from_listing(
             provider, canonical, version, indexes
@@ -314,23 +323,32 @@ def _common_requires_python(files: Iterable[WheelFile | SdistFile]) -> str | Non
     return None
 
 
-def _vcs_pin_from_source(canonical: str, version: Version, source: VcsSource) -> VcsPin:
+def _vcs_pin_from_source(
+    canonical: str,
+    version: Version,
+    source: VcsSource,
+    *,
+    resolved_sha: str | None,
+) -> VcsPin:
     """Build a :class:`VcsPin` from a :class:`VcsSource`.
 
-    The commit id is the ``@<ref>`` portion of the source URL when
-    present, parsed via :class:`nab_index.vcs.VcsRequest`.  Unparseable
-    URLs fall through to an empty commit id; the source URL itself is
-    recorded verbatim.
+    Prefer ``resolved_sha`` (the post-clone SHA recorded on the
+    provider) over the URL's ``@<ref>``: annotated tags and floating
+    refs only resolve to a commit after the clone runs.  Fall back to
+    the URL ref when the source was never materialised.
     """
     from nab_index.vcs import VcsCloneError, VcsRequest
 
     from ..lockfile import VcsPin
 
-    try:
-        parsed = VcsRequest.parse(source.url)
-        commit_id = parsed.ref
-    except VcsCloneError:
-        commit_id = ""
+    if resolved_sha is not None:
+        commit_id = resolved_sha
+    else:
+        try:
+            parsed = VcsRequest.parse(source.url)
+            commit_id = parsed.ref
+        except VcsCloneError:
+            commit_id = ""
     return VcsPin(
         name=canonical,
         version=str(version),

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/_provider/sources.py

@@ -151,8 +151,13 @@ def index_vcs_sources(
     :func:`extract_source_metadata`).  ``VcsPolicy.BLOCK`` still refuses
     any declaration up-front because that is an independent decision
     about whether VCS fetching is permitted at all.
+
+    Each URL is passed through :func:`admit_vcs_url` so the scheme,
+    repo, and pin allowlists apply to ``[[tool.nab.vcs-sources]]``
+    just like project-root direct-URL requirements.
     """
     # Late import: ``pypi`` imports this module at module load.
+    from .._vcs_admission import admit_vcs_url
     from ..provider import VcsPolicy
 
     if not sources:
@@ -168,6 +173,7 @@ def index_vcs_sources(
 
     out: dict[str, VcsSource] = {}
     for src in sources:
+        admit_vcs_url(src.url, provider.vcs_config)
         canonical = canonicalize_name(src.name)
         if canonical in out or canonical in provider.local_sources:
             msg = f"duplicate source declared for {src.name!r}"
@@ -204,6 +210,7 @@ def materialize_vcs_source(
     except VcsCloneError as exc:
         msg = f"vcs source {source.name!r}: {exc}"
         raise UnsupportedSdistError(msg) from exc
+    provider.vcs_pins[canonicalize_name(source.name)] = clone.commit_sha
     path = clone.path / clone.subdirectory if clone.subdirectory else clone.path
     metadata = extract_source_metadata(
         provider,

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/_vcs_admission.py

@@ -77,49 +77,26 @@ _VCS_SCHEMES: frozenset[str] = frozenset(
         "git+http",
         "git+file",
         "git+git",
-        "git",
-        "hg+https",
-        "hg+ssh",
-        "hg+http",
-        "hg+file",
-        "hg+static-http",
-        "bzr+https",
-        "bzr+ssh",
-        "bzr+sftp",
-        "bzr+ftp",
-        "bzr+lp",
-        "bzr+file",
-        "svn",
-        "svn+https",
-        "svn+ssh",
-        "svn+http",
-        "svn+file",
     }
 )
 
-_VCS_INSECURE_SCHEMES: frozenset[str] = frozenset(
-    {"git", "git+git", "git+http", "hg+http", "bzr+http", "svn", "svn+http"}
-)
+_VCS_INSECURE_SCHEMES: frozenset[str] = frozenset({"git+git", "git+http"})
 
 
 def split_vcs_scheme(url: str) -> tuple[str | None, str]:
     """Strip a recognized VCS scheme prefix.
 
     ``"git+https://example.com/r.git@v1"`` -> ``("git+https", "https://example.com/r.git@v1")``.
-    ``"svn://example.com/r"``              -> ``("svn",       "svn://example.com/r")``.
     ``"https://example.com/file.whl"``     -> ``(None,        "https://example.com/file.whl")``.
 
     Returns ``(None, url)`` for non-VCS URLs (e.g. plain ``https://``
     archives or ``file://`` paths) so the caller can refuse them
-    separately.  Pip-compatible scheme list; not standardized by any PEP.
+    separately.  Only ``git+`` schemes are recognised; ``hg+``/``bzr+``/``svn+``
+    are intentionally absent so they are refused as non-VCS.
     """
     for vcs_scheme in _VCS_SCHEMES:
-        if not url.startswith(f"{vcs_scheme}://"):
-            continue
-        inner_scheme, plus, _ = vcs_scheme.partition("+")
-        if not plus:
-            return (vcs_scheme, url)
-        return (vcs_scheme, url[len(inner_scheme) + 1 :])
+        if url.startswith(f"{vcs_scheme}://"):
+            return (vcs_scheme, url[len("git+") :])
     return (None, url)
 
 
@@ -128,9 +105,7 @@ def has_full_commit_sha(url: str) -> bool:
 
     Looks for ``@<sha>`` after the scheme://host portion; ignores any
     ``#`` fragment.  Tolerates ``user@host`` syntax by taking the last
-    ``@`` in the path/ref portion.  Mercurial uses 40-char SHA1 too, so
-    the same regex covers git+hg.  Bzr/svn revisions are not hashes;
-    ``vcs_require_pin = False`` is the way to allow those.
+    ``@`` in the path/ref portion.
     """
     fragmentless = url.split("#", 1)[0]
     after_authority = fragmentless.split("://", 1)[-1]
@@ -152,8 +127,9 @@ def admit_vcs_url(url: str, config: VcsConfig) -> str:
         msg = (
             "refusing direct-URL requirement (not a recognized VCS scheme)\n"
             f"    {url}\n"
-            "    note: nab supports git+/hg+/bzr+/svn+ schemes only;"
-            " plain http(s)/file archive URLs are not supported."
+            "    note: nab supports git+https / git+ssh / git+http /"
+            " git+file / git+git only; hg/bzr/svn and plain"
+            " http(s)/file archive URLs are not supported."
         )
         raise UnsupportedVcsError(msg)
 

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/download.py

@@ -136,29 +136,36 @@ async def _run_downloads(
     client = AsyncSimpleClient(transport)
     written: list[Path] = []
     skipped: list[Path] = []
-    try:
 
-        async def _one(entry: DownloadEntry) -> None:
-            async with sem:
-                target = output_dir / entry.filename
-                if _already_present(target, entry.hash_algo, entry.digest):
-                    skipped.append(target)
-                    logger.info("skip %s (%s matches)", entry.filename, entry.hash_algo)
-                    return
-                data = await client.download(entry.url)
-                actual = hashlib.new(entry.hash_algo, data).hexdigest()
-                if actual != entry.digest:
-                    msg = (
-                        f"{entry.package}=={entry.version}: {entry.hash_algo}"
-                        f" mismatch for {entry.filename}\n"
-                        f"  expected: {entry.digest}\n  actual:   {actual}"
-                    )
-                    raise DownloadError(msg)
-                target.write_bytes(data)
-                written.append(target)
-                logger.info("wrote %s", target)
-
-        await asyncio.gather(*(_one(a) for a in artefacts))
+    async def _one(entry: DownloadEntry) -> None:
+        async with sem:
+            target = output_dir / entry.filename
+            if _already_present(target, entry.hash_algo, entry.digest):
+                skipped.append(target)
+                logger.info("skip %s (%s matches)", entry.filename, entry.hash_algo)
+                return
+            data = await client.download(entry.url)
+            actual = hashlib.new(entry.hash_algo, data).hexdigest()
+            if actual != entry.digest:
+                msg = (
+                    f"{entry.package}=={entry.version}: {entry.hash_algo}"
+                    f" mismatch for {entry.filename}\n"
+                    f"  expected: {entry.digest}\n  actual:   {actual}"
+                )
+                raise DownloadError(msg)
+            target.write_bytes(data)
+            written.append(target)
+            logger.info("wrote %s", target)
+
+    tasks = [asyncio.create_task(_one(a)) for a in artefacts]
+    try:
+        await asyncio.gather(*tasks)
+    except BaseException:
+        for t in tasks:
+            if not t.done():
+                t.cancel()
+        await asyncio.gather(*tasks, return_exceptions=True)
+        raise
     finally:
         await client.aclose()
     return DownloadResult(written=tuple(written), skipped=tuple(skipped))

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/fetch.py

@@ -740,6 +740,7 @@ class FetchCoordinator:
                 # transitive dep 404s or fails any other way.
                 if req.kind is FetchKind.LISTING:
                     self.index.store_listing(req.package, [])
+                    self._record_serving_index(client, req.package)
                 else:
                     assert req.version is not None
                     if req.kind is FetchKind.METADATA:

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/provider.py

@@ -425,6 +425,7 @@ class Provider:
         self.vcs_config = vcs_config or VcsConfig()
         self.local_sources = _sources.index_local_sources(self, local_sources or [])
         self.vcs_cache_dir = vcs_cache_dir
+        self.vcs_pins: dict[str, str] = {}
         self.vcs_sources = _sources.index_vcs_sources(self, vcs_sources or [])
 
         # default_environment() returns a TypedDict whose ``.items()`` view
@@ -1223,6 +1224,14 @@ class Provider:
         """Return the VCS source registered under ``canonical_name`` or None."""
         return self.vcs_sources.get(canonicalize_name(canonical_name))
 
+    def vcs_pin_for(self, canonical_name: str) -> str | None:
+        """Return the post-clone commit SHA for ``canonical_name``, or None.
+
+        Written by :func:`~nab_python._provider.sources.materialize_vcs_source`
+        after the shallow clone resolves the ref to a 40-char SHA.
+        """
+        return self.vcs_pins.get(canonicalize_name(canonical_name))
+
     def dist_files_for(self, canonical_name: str, version: Version) -> list[DistFile]:
         """Return every distribution file the resolver saw at ``version``.
 

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/universal/resolve.py

@@ -495,8 +495,16 @@ def _resolve_one_tuple(  # noqa: PLR0913
         lock_input = build_lock_input_from_provider(
             provider, pins, indexes=coordinator.indexes
         )
-    except MissingHashError:
-        lock_input = None
+    except MissingHashError as exc:
+        return TupleResult(
+            tuple_=t,
+            success=False,
+            pins=pins,
+            error=f"MissingHashError: {exc}"[:_ERROR_MESSAGE_LIMIT],
+            wall_time=elapsed,
+            rounds=resolver.stats.rounds,
+            decisions=resolver.stats.decisions,
+        )
     return TupleResult(
         tuple_=t,
         success=True,

{nab_python-0.0.1 → nab_python-0.0.2}/src/nab_python/universal/wheel_selection.py

@@ -131,11 +131,12 @@ def _linux_platform_tags(
     out = [f"manylinux_{major}_{m}_{arch}" for m in range(minor, -1, -1)]
     # Legacy aliases (PEPs 513/571/599).  These map to specific
     # glibc versions: manylinux1=2.5, manylinux2010=2.12,
-    # manylinux2014=2.17.  We include them when they're <= floor.
+    # manylinux2014=2.17.  Listed highest-glibc first so the output
+    # stays in install-preference order alongside the PEP 600 forms.
     legacy_aliases = [
-        ("manylinux1", (2, 5)),
-        ("manylinux2010", (2, 12)),
         ("manylinux2014", (2, 17)),
+        ("manylinux2010", (2, 12)),
+        ("manylinux1", (2, 5)),
     ]
     out.extend(
         f"{name}_{arch}" for name, lver in legacy_aliases if lver <= manylinux_floor