pulp-python 3.23.1__tar.gz → 3.24.0__tar.gz

{pulp_python-3.23.1 → pulp_python-3.24.0}/CHANGES.md

@@ -8,9 +8,16 @@
 
 [//]: # (towncrier release notes start)
 
-## 3.23.1 (2026-01-20) {: #3.23.1 }
+## 3.24.0 (2026-01-20) {: #3.24.0 }
 
-#### Bugfixes {: #3.23.1-bugfix }
+#### Features {: #3.24.0-feature }
+
+- Added core metadata to Simple API (PEP 714)
+  [#997](https://github.com/pulp/pulp_python/issues/997)
+- Added data-requires-python to Simple HTML API.
+  [#1054](https://github.com/pulp/pulp_python/issues/1054)
+
+#### Bugfixes {: #3.24.0-bugfix }
 
 - Fixed migration error in 0019_create_missing_metadata_artifacts.
   [#1067](https://github.com/pulp/pulp_python/issues/1067)
@@ -33,6 +40,14 @@
 
 ---
 
+## 3.22.2 (2026-01-06) {: #3.22.2 }
+
+#### Bugfixes {: #3.22.2-bugfix }
+
+- Added missing Provenance content `package` and `sha256` filters.
+
+---
+
 ## 3.22.1 (2025-12-10) {: #3.22.1 }
 
 #### Bugfixes {: #3.22.1-bugfix }

{pulp_python-3.23.1 → pulp_python-3.24.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pulp-python
-Version: 3.23.1
+Version: 3.24.0
 Summary: pulp-python plugin for the Pulp Project
 Author-email: Pulp Team <pulp-list@redhat.com>
 Project-URL: Homepage, https://pulpproject.org

{pulp_python-3.23.1 → pulp_python-3.24.0}/pulp_python/app/__init__.py

@@ -10,7 +10,7 @@ class PulpPythonPluginAppConfig(PulpPluginAppConfig):
 
     name = "pulp_python.app"
     label = "python"
-    version = "3.23.1"
+    version = "3.24.0"
     python_package_name = "pulp-python"
     domain_compatible = True
 

{pulp_python-3.23.1 → pulp_python-3.24.0}/pulp_python/app/utils.py

@@ -47,7 +47,7 @@ simple_index_template = """<!DOCTYPE html>
 </html>
 """
 
-# TODO in the future: data-requires-python (PEP 503)
+# TODO in the future: data-yanked (not implemented yet because it is mutable)
 simple_detail_template = """<!DOCTYPE html>
 <html>
   <head>
@@ -58,13 +58,14 @@ simple_detail_template = """<!DOCTYPE html>
     <h1>Links for {{ project_name }}</h1>
     {%- for pkg in project_packages %}
       <a href="{{ pkg.url }}#sha256={{ pkg.sha256 }}" rel="internal"
-      {%- if pkg.metadata_sha256 %} data-dist-info-metadata="sha256={{ pkg.metadata_sha256 }}"
+      {%- if pkg.requires_python %} data-requires-python="{{ pkg.requires_python }}" {%- endif %}
+      {%- if pkg.metadata_sha256 %} data-dist-info-metadata="sha256={{ pkg.metadata_sha256 }}" data-core-metadata="sha256={{ pkg.metadata_sha256 }}"
       {%- endif %} {% if pkg.provenance -%}
       data-provenance="{{ pkg.provenance }}"{% endif %}>{{ pkg.filename }}</a><br/>
     {%- endfor %}
   </body>
 </html>
-"""
+"""  # noqa: E501
 
 DIST_EXTENSIONS = {
     ".whl": "bdist_wheel",
@@ -501,7 +502,7 @@ def write_simple_index(project_names, streamed=False):
 
 def write_simple_detail(project_name, project_packages, streamed=False):
     """Writes the simple detail page of a package."""
-    detail = Template(simple_detail_template)
+    detail = Template(simple_detail_template, autoescape=True)
     context = {
         "SIMPLE_API_VERSION": SIMPLE_API_VERSION,
         "project_name": project_name,
@@ -536,12 +537,14 @@ def write_simple_detail_json(project_name, project_packages):
                 "data-dist-info-metadata": (
                     {"sha256": package["metadata_sha256"]} if package["metadata_sha256"] else False
                 ),
+                # PEP 714
+                "core-metadata": (
+                    {"sha256": package["metadata_sha256"]} if package["metadata_sha256"] else False
+                ),
                 # yanked and yanked_reason are not implemented because they are mutable
                 # (v1.1, PEP 700)
                 "size": package["size"],
                 "upload-time": format_upload_time(package["upload_time"]),
-                # TODO in the future:
-                # core-metadata (PEP 7.14)
                 # (v1.3, PEP 740)
                 "provenance": package.get("provenance", None),
             }

{pulp_python-3.23.1 → pulp_python-3.24.0}/pulp_python/tests/functional/api/test_pypi_simple_api.py

@@ -5,17 +5,23 @@ import requests
 
 from pulp_python.tests.functional.constants import (
     PYPI_SERIAL_CONSTANT,
-    PYTHON_EGG_FILENAME,
-    PYTHON_EGG_SHA256,
-    PYTHON_EGG_URL,
     PYTHON_SM_FIXTURE_CHECKSUMS,
     PYTHON_SM_FIXTURE_RELEASES,
     PYTHON_SM_PROJECT_SPECIFIER,
-    PYTHON_WHEEL_FILENAME,
-    PYTHON_WHEEL_METADATA_SHA256,
-    PYTHON_WHEEL_SHA256,
-    PYTHON_WHEEL_URL,
-    PYTHON_XS_FIXTURE_CHECKSUMS,
+    TWINE_EGG_FILENAME,
+    TWINE_EGG_REQUIRES_PYTHON,
+    TWINE_EGG_SHA256,
+    TWINE_EGG_SIZE,
+    TWINE_EGG_URL,
+    TWINE_FIXTURE_CHECKSUMS,
+    TWINE_FIXTURE_METADATA_SHA256,
+    TWINE_FIXTURE_REQUIRES_PYTHON,
+    TWINE_WHEEL_FILENAME,
+    TWINE_WHEEL_METADATA_SHA256,
+    TWINE_WHEEL_REQUIRES_PYTHON,
+    TWINE_WHEEL_SHA256,
+    TWINE_WHEEL_SIZE,
+    TWINE_WHEEL_URL,
 )
 from pulp_python.tests.functional.utils import ensure_simple
 
@@ -55,30 +61,27 @@ def test_simple_html_detail_api(
     python_distribution_factory,
     python_repo_factory,
 ):
-    content_1 = python_content_factory(PYTHON_WHEEL_FILENAME, url=PYTHON_WHEEL_URL)
-    content_2 = python_content_factory(PYTHON_EGG_FILENAME, url=PYTHON_EGG_URL)
+    content_1 = python_content_factory(TWINE_WHEEL_FILENAME, url=TWINE_WHEEL_URL)
+    content_2 = python_content_factory(TWINE_EGG_FILENAME, url=TWINE_EGG_URL)
     body = {"add_content_units": [content_1.pulp_href, content_2.pulp_href]}
 
     repo = python_repo_factory()
     monitor_task(python_bindings.RepositoriesPythonApi.modify(repo.pulp_href, body).task)
     distro = python_distribution_factory(repository=repo)
 
-    url = f'{urljoin(distro.base_url, "simple/")}shelf-reader'
+    url = f'{urljoin(distro.base_url, "simple/")}twine'
     headers = {"Accept": PYPI_SIMPLE_V1_HTML}
 
     response = requests.get(url, headers=headers)
     assert response.headers["Content-Type"] == PYPI_SIMPLE_V1_HTML
     assert response.headers["X-PyPI-Last-Serial"] == str(PYPI_SERIAL_CONSTANT)
 
-    metadata_sha_digests = {
-        PYTHON_WHEEL_FILENAME: PYTHON_WHEEL_METADATA_SHA256,
-        PYTHON_EGG_FILENAME: None,  # egg files should not have metadata
-    }
     proper, msgs = ensure_simple(
         urljoin(distro.base_url, "simple/"),
-        {"shelf-reader": [PYTHON_WHEEL_FILENAME, PYTHON_EGG_FILENAME]},
-        sha_digests=PYTHON_XS_FIXTURE_CHECKSUMS,
-        metadata_sha_digests=metadata_sha_digests,
+        {"twine": [TWINE_WHEEL_FILENAME, TWINE_EGG_FILENAME]},
+        sha_digests=TWINE_FIXTURE_CHECKSUMS,
+        metadata_sha_digests=TWINE_FIXTURE_METADATA_SHA256,
+        requires_python=TWINE_FIXTURE_REQUIRES_PYTHON,
     )
     assert proper, f"Simple API validation failed: {msgs}"
 
@@ -114,15 +117,15 @@ def test_simple_json_detail_api(
     python_distribution_factory,
     python_repo_factory,
 ):
-    content_1 = python_content_factory(PYTHON_WHEEL_FILENAME, url=PYTHON_WHEEL_URL)
-    content_2 = python_content_factory(PYTHON_EGG_FILENAME, url=PYTHON_EGG_URL)
+    content_1 = python_content_factory(TWINE_WHEEL_FILENAME, url=TWINE_WHEEL_URL)
+    content_2 = python_content_factory(TWINE_EGG_FILENAME, url=TWINE_EGG_URL)
     body = {"add_content_units": [content_1.pulp_href, content_2.pulp_href]}
 
     repo = python_repo_factory()
     monitor_task(python_bindings.RepositoriesPythonApi.modify(repo.pulp_href, body).task)
     distro = python_distribution_factory(repository=repo)
 
-    url = f'{urljoin(distro.base_url, "simple/")}shelf-reader'
+    url = f'{urljoin(distro.base_url, "simple/")}twine'
     headers = {"Accept": PYPI_SIMPLE_V1_JSON}
 
     response = requests.get(url, headers=headers)
@@ -131,27 +134,31 @@ def test_simple_json_detail_api(
 
     data = response.json()
     assert data["meta"] == {"api-version": API_VERSION, "_last-serial": PYPI_SERIAL_CONSTANT}
-    assert data["name"] == "shelf-reader"
+    assert data["name"] == "twine"
     assert data["files"]
-    assert data["versions"] == ["0.1"]
+    assert data["versions"] == ["5.1.0"]
 
     # Check data of a wheel
-    file_whl = next((i for i in data["files"] if i["filename"] == PYTHON_WHEEL_FILENAME), None)
+    file_whl = next((i for i in data["files"] if i["filename"] == TWINE_WHEEL_FILENAME), None)
     assert file_whl is not None, "wheel file not found"
     assert file_whl["url"]
-    assert file_whl["hashes"] == {"sha256": PYTHON_WHEEL_SHA256}
-    assert file_whl["requires-python"] is None
-    assert file_whl["data-dist-info-metadata"] == {"sha256": PYTHON_WHEEL_METADATA_SHA256}
-    assert file_whl["size"] == 22455
+    assert file_whl["hashes"] == {"sha256": TWINE_WHEEL_SHA256}
+    assert file_whl["requires-python"] == TWINE_WHEEL_REQUIRES_PYTHON
+    assert file_whl["data-dist-info-metadata"] == {"sha256": TWINE_WHEEL_METADATA_SHA256}
+    assert file_whl["core-metadata"] == {"sha256": TWINE_WHEEL_METADATA_SHA256}
+    assert file_whl["size"] == TWINE_WHEEL_SIZE
     assert file_whl["upload-time"] is not None
+    assert file_whl["provenance"] is None
+
     # Check data of a tarball
-    file_tar = next((i for i in data["files"] if i["filename"] == PYTHON_EGG_FILENAME), None)
+    file_tar = next((i for i in data["files"] if i["filename"] == TWINE_EGG_FILENAME), None)
     assert file_tar is not None, "tar file not found"
     assert file_tar["url"]
-    assert file_tar["hashes"] == {"sha256": PYTHON_EGG_SHA256}
-    assert file_tar["requires-python"] is None
+    assert file_tar["hashes"] == {"sha256": TWINE_EGG_SHA256}
+    assert file_tar["requires-python"] == TWINE_EGG_REQUIRES_PYTHON
     assert file_tar["data-dist-info-metadata"] is False
-    assert file_tar["size"] == 19097
+    assert file_tar["core-metadata"] is False
+    assert file_tar["size"] == TWINE_EGG_SIZE
     assert file_tar["upload-time"] is not None
     assert file_tar["provenance"] is None
 

{pulp_python-3.23.1 → pulp_python-3.24.0}/pulp_python/tests/functional/constants.py

@@ -226,6 +226,32 @@ PYTHON_INFO_DATA = {
     # maybe add description, license is long for this one
 }
 
+# twine pkg data for PyPI Simple API
+TWINE_EGG_FILENAME = "twine-5.1.0.tar.gz"
+TWINE_EGG_URL = urljoin(urljoin(PYTHON_FIXTURES_URL, "packages/"), TWINE_EGG_FILENAME)
+TWINE_EGG_SHA256 = "4d74770c88c4fcaf8134d2a6a9d863e40f08255ff7d8e2acb3cbbd57d25f6e9d"
+TWINE_EGG_SIZE = 224997
+TWINE_EGG_REQUIRES_PYTHON = ">=3.8"
+
+TWINE_WHEEL_FILENAME = "twine-5.1.0-py3-none-any.whl"
+TWINE_WHEEL_URL = urljoin(urljoin(PYTHON_FIXTURES_URL, "packages/"), TWINE_WHEEL_FILENAME)
+TWINE_WHEEL_SHA256 = "fe1d814395bfe50cfbe27783cb74efe93abeac3f66deaeb6c8390e4e92bacb43"
+TWINE_WHEEL_SIZE = 38563
+TWINE_WHEEL_REQUIRES_PYTHON = ">=3.8"
+TWINE_WHEEL_METADATA_SHA256 = "0ac5cf457bd47512b3477949ff6274cc2258414f3e1f136e049585aac92e4ddb"
+
+TWINE_FIXTURE_CHECKSUMS = {
+    TWINE_EGG_FILENAME: TWINE_EGG_SHA256,
+    TWINE_WHEEL_FILENAME: TWINE_WHEEL_SHA256,
+}
+TWINE_FIXTURE_METADATA_SHA256 = {
+    TWINE_WHEEL_FILENAME: TWINE_WHEEL_METADATA_SHA256,
+    TWINE_EGG_FILENAME: None,  # egg files should not have metadata
+}
+TWINE_FIXTURE_REQUIRES_PYTHON = {
+    TWINE_WHEEL_FILENAME: TWINE_EGG_REQUIRES_PYTHON,
+    TWINE_EGG_FILENAME: TWINE_WHEEL_REQUIRES_PYTHON,
+}
 
 # Current tests use PYTHON_FIXTURES_URL with an 'S', remove after adding api tests
 PYTHON_FIXTURE_URL = urljoin(PULP_FIXTURES_BASE_URL, "python-pypi/")

{pulp_python-3.23.1 → pulp_python-3.24.0}/pulp_python/tests/functional/utils.py

@@ -6,27 +6,55 @@ from lxml import html
 
 def _validate_metadata_sha_digest(link, filename, metadata_sha_digests):
     """
-    Validate data-dist-info-metadata attribute for a release link.
+    Validate data-dist-info-metadata and data-core-metadata attributes for a release link.
     """
-    data_dist_info_metadata = link.get("data-dist-info-metadata")
+    expected_metadata_sha = metadata_sha_digests.get(filename)
+    expected_attr = f"sha256={expected_metadata_sha}" if expected_metadata_sha else None
 
-    if expected_metadata_sha := metadata_sha_digests.get(filename):
-        expected_attr = f"sha256={expected_metadata_sha}"
-        if data_dist_info_metadata != expected_attr:
-            return (
-                f"\nFile {filename} has incorrect data-dist-info-metadata: "
-                f"expected '{expected_attr}', got '{data_dist_info_metadata}'"
-            )
-    else:
-        if data_dist_info_metadata:
-            return (
-                f"\nFile {filename} should not have data-dist-info-metadata "
-                f"but has '{data_dist_info_metadata}'"
+    msgs = ""
+    for attr_name in ["data-dist-info-metadata", "data-core-metadata"]:
+        attr_value = link.get(attr_name)
+        if attr_value != expected_attr:
+            if expected_attr:
+                msgs += (
+                    f"\nFile {filename} has incorrect {attr_name}: "
+                    f"expected '{expected_attr}', got '{attr_value}'"
+                )
+            else:
+                msgs += f"\nFile {filename} should not have {attr_name} but has '{attr_value}'"
+    return msgs
+
+
+def _validate_requires_python(link, filename, requires_python, page_content):
+    """
+    Validate data-requires-python attribute for a release link.
+    """
+    expected_requires_python = requires_python.get(filename) if requires_python else None
+    attr_value = link.get("data-requires-python")
+
+    msgs = ""
+    if attr_value != expected_requires_python:
+        if expected_requires_python:
+            msgs += (
+                f"\nFile {filename} has incorrect data-requires-python: "
+                f"expected '{expected_requires_python}', got '{attr_value}'"
             )
-    return ""
+        else:
+            msgs += f"\nFile {filename} should not have data-requires-python but has '{attr_value}'"
+
+    # Check HTML escaping
+    if expected_requires_python and any(char in expected_requires_python for char in [">", "<"]):
+        escaped_value = expected_requires_python.replace(">", "&gt;").replace("<", "&lt;")
+        escaped_attr = f'data-requires-python="{escaped_value}"'
+        if escaped_attr not in page_content:
+            msgs += f"\nFile {filename} has unescaped < or > in data-requires-python attribute"
+
+    return msgs
 
 
-def ensure_simple(simple_url, packages, sha_digests=None, metadata_sha_digests=None):
+def ensure_simple(
+    simple_url, packages, sha_digests=None, metadata_sha_digests=None, requires_python=None
+):
     """
     Tests that the simple api at `url` matches the packages supplied.
     `packages`: dictionary of form {package_name: [release_filenames]}
@@ -41,7 +69,8 @@ def ensure_simple(simple_url, packages, sha_digests=None, metadata_sha_digests=N
 
     def explore_links(page_url, page_name, links_found, msgs):
         legit_found_links = []
-        page = html.fromstring(requests.get(page_url).text)
+        page_content = requests.get(page_url).text
+        page = html.fromstring(page_content)
         page_links = page.xpath("/html/body/a")
         for link in page_links:
             if link.text in links_found:
@@ -53,6 +82,11 @@ def ensure_simple(simple_url, packages, sha_digests=None, metadata_sha_digests=N
                     # Check metadata SHA digest if provided
                     if metadata_sha_digests and page_name == "release":
                         msgs += _validate_metadata_sha_digest(link, link.text, metadata_sha_digests)
+                    # Check requires-python if provided
+                    if requires_python and page_name == "release":
+                        msgs += _validate_requires_python(
+                            link, link.text, requires_python, page_content
+                        )
                 else:
                     msgs += f"\nFound {page_name} link without href {link.text}"
             else:

{pulp_python-3.23.1 → pulp_python-3.24.0}/pulp_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pulp-python
-Version: 3.23.1
+Version: 3.24.0
 Summary: pulp-python plugin for the Pulp Project
 Author-email: Pulp Team <pulp-list@redhat.com>
 Project-URL: Homepage, https://pulpproject.org

{pulp_python-3.23.1 → pulp_python-3.24.0}/pyproject.toml

@@ -7,7 +7,7 @@ build-backend = 'setuptools.build_meta'
 
 [project]
 name = "pulp-python"
-version = "3.23.1"
+version = "3.24.0"
 description = "pulp-python plugin for the Pulp Project"
 readme = "README.md"
 authors = [
@@ -77,7 +77,7 @@ ignore = [
 [tool.bumpversion]
 # This section is managed by the plugin template. Do not edit manually.
 
-current_version = "3.23.1"
+current_version = "3.24.0"
 commit = false
 tag = false
 parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<alpha>0a)?(?P<patch>\\d+)(\\.(?P<release>[a-z]+))?"