pulp-python 3.23.1__tar.gz → 3.24.1__tar.gz

{pulp_python-3.23.1 → pulp_python-3.24.1}/CHANGES.md

@@ -8,9 +8,25 @@
 
 [//]: # (towncrier release notes start)
 
-## 3.23.1 (2026-01-20) {: #3.23.1 }
+## 3.24.1 (2026-01-22) {: #3.24.1 }
 
-#### Bugfixes {: #3.23.1-bugfix }
+#### Bugfixes {: #3.24.1-bugfix }
+
+- Changed migration 19 to reset package's metadata_sha256 to null. This field will be fixed in a later release.
+  [#1071](https://github.com/pulp/pulp_python/issues/1071)
+
+---
+
+## 3.24.0 (2026-01-20) {: #3.24.0 }
+
+#### Features {: #3.24.0-feature }
+
+- Added core metadata to Simple API (PEP 714)
+  [#997](https://github.com/pulp/pulp_python/issues/997)
+- Added data-requires-python to Simple HTML API.
+  [#1054](https://github.com/pulp/pulp_python/issues/1054)
+
+#### Bugfixes {: #3.24.0-bugfix }
 
 - Fixed migration error in 0019_create_missing_metadata_artifacts.
   [#1067](https://github.com/pulp/pulp_python/issues/1067)
@@ -33,6 +49,14 @@
 
 ---
 
+## 3.22.2 (2026-01-06) {: #3.22.2 }
+
+#### Bugfixes {: #3.22.2-bugfix }
+
+- Added missing Provenance content `package` and `sha256` filters.
+
+---
+
 ## 3.22.1 (2025-12-10) {: #3.22.1 }
 
 #### Bugfixes {: #3.22.1-bugfix }

{pulp_python-3.23.1 → pulp_python-3.24.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pulp-python
-Version: 3.23.1
+Version: 3.24.1
 Summary: pulp-python plugin for the Pulp Project
 Author-email: Pulp Team <pulp-list@redhat.com>
 Project-URL: Homepage, https://pulpproject.org

{pulp_python-3.23.1 → pulp_python-3.24.1}/pulp_python/app/__init__.py

@@ -10,7 +10,7 @@ class PulpPythonPluginAppConfig(PulpPluginAppConfig):
 
     name = "pulp_python.app"
     label = "python"
-    version = "3.23.1"
+    version = "3.24.1"
     python_package_name = "pulp-python"
     domain_compatible = True
 

pulp_python-3.24.1/pulp_python/app/migrations/0019_create_missing_metadata_artifacts.py

@@ -0,0 +1,24 @@
+# Generated manually on 2025-12-15 14:00 for creating missing metadata artifacts
+from django.db import migrations
+
+
+def set_metadata_sha256_null(apps, schema_editor):
+    # We can't easily create the metadata artifacts in this migration, so just set the metadata_sha256
+    # to null and we will introduce a new command later to create them.
+    PythonPackageContent = apps.get_model("python", "PythonPackageContent")
+    PythonPackageContent.objects.filter(metadata_sha256__isnull=False).update(metadata_sha256=None)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("python", "0018_packageprovenance"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            set_metadata_sha256_null,
+            reverse_code=migrations.RunPython.noop,
+            elidable=True,
+        ),
+    ]

{pulp_python-3.23.1 → pulp_python-3.24.1}/pulp_python/app/utils.py

@@ -47,7 +47,7 @@ simple_index_template = """<!DOCTYPE html>
 </html>
 """
 
-# TODO in the future: data-requires-python (PEP 503)
+# TODO in the future: data-yanked (not implemented yet because it is mutable)
 simple_detail_template = """<!DOCTYPE html>
 <html>
   <head>
@@ -58,13 +58,14 @@ simple_detail_template = """<!DOCTYPE html>
     <h1>Links for {{ project_name }}</h1>
     {%- for pkg in project_packages %}
       <a href="{{ pkg.url }}#sha256={{ pkg.sha256 }}" rel="internal"
-      {%- if pkg.metadata_sha256 %} data-dist-info-metadata="sha256={{ pkg.metadata_sha256 }}"
+      {%- if pkg.requires_python %} data-requires-python="{{ pkg.requires_python }}" {%- endif %}
+      {%- if pkg.metadata_sha256 %} data-dist-info-metadata="sha256={{ pkg.metadata_sha256 }}" data-core-metadata="sha256={{ pkg.metadata_sha256 }}"
       {%- endif %} {% if pkg.provenance -%}
       data-provenance="{{ pkg.provenance }}"{% endif %}>{{ pkg.filename }}</a><br/>
     {%- endfor %}
   </body>
 </html>
-"""
+"""  # noqa: E501
 
 DIST_EXTENSIONS = {
     ".whl": "bdist_wheel",
@@ -501,7 +502,7 @@ def write_simple_index(project_names, streamed=False):
 
 def write_simple_detail(project_name, project_packages, streamed=False):
     """Writes the simple detail page of a package."""
-    detail = Template(simple_detail_template)
+    detail = Template(simple_detail_template, autoescape=True)
     context = {
         "SIMPLE_API_VERSION": SIMPLE_API_VERSION,
         "project_name": project_name,
@@ -536,12 +537,14 @@ def write_simple_detail_json(project_name, project_packages):
                 "data-dist-info-metadata": (
                     {"sha256": package["metadata_sha256"]} if package["metadata_sha256"] else False
                 ),
+                # PEP 714
+                "core-metadata": (
+                    {"sha256": package["metadata_sha256"]} if package["metadata_sha256"] else False
+                ),
                 # yanked and yanked_reason are not implemented because they are mutable
                 # (v1.1, PEP 700)
                 "size": package["size"],
                 "upload-time": format_upload_time(package["upload_time"]),
-                # TODO in the future:
-                # core-metadata (PEP 7.14)
                 # (v1.3, PEP 740)
                 "provenance": package.get("provenance", None),
             }

{pulp_python-3.23.1 → pulp_python-3.24.1}/pulp_python/tests/functional/api/test_pypi_simple_api.py

@@ -5,17 +5,23 @@ import requests
 
 from pulp_python.tests.functional.constants import (
     PYPI_SERIAL_CONSTANT,
-    PYTHON_EGG_FILENAME,
-    PYTHON_EGG_SHA256,
-    PYTHON_EGG_URL,
     PYTHON_SM_FIXTURE_CHECKSUMS,
     PYTHON_SM_FIXTURE_RELEASES,
     PYTHON_SM_PROJECT_SPECIFIER,
-    PYTHON_WHEEL_FILENAME,
-    PYTHON_WHEEL_METADATA_SHA256,
-    PYTHON_WHEEL_SHA256,
-    PYTHON_WHEEL_URL,
-    PYTHON_XS_FIXTURE_CHECKSUMS,
+    TWINE_EGG_FILENAME,
+    TWINE_EGG_REQUIRES_PYTHON,
+    TWINE_EGG_SHA256,
+    TWINE_EGG_SIZE,
+    TWINE_EGG_URL,
+    TWINE_FIXTURE_CHECKSUMS,
+    TWINE_FIXTURE_METADATA_SHA256,
+    TWINE_FIXTURE_REQUIRES_PYTHON,
+    TWINE_WHEEL_FILENAME,
+    TWINE_WHEEL_METADATA_SHA256,
+    TWINE_WHEEL_REQUIRES_PYTHON,
+    TWINE_WHEEL_SHA256,
+    TWINE_WHEEL_SIZE,
+    TWINE_WHEEL_URL,
 )
 from pulp_python.tests.functional.utils import ensure_simple
 
@@ -55,30 +61,27 @@ def test_simple_html_detail_api(
     python_distribution_factory,
     python_repo_factory,
 ):
-    content_1 = python_content_factory(PYTHON_WHEEL_FILENAME, url=PYTHON_WHEEL_URL)
-    content_2 = python_content_factory(PYTHON_EGG_FILENAME, url=PYTHON_EGG_URL)
+    content_1 = python_content_factory(TWINE_WHEEL_FILENAME, url=TWINE_WHEEL_URL)
+    content_2 = python_content_factory(TWINE_EGG_FILENAME, url=TWINE_EGG_URL)
     body = {"add_content_units": [content_1.pulp_href, content_2.pulp_href]}
 
     repo = python_repo_factory()
     monitor_task(python_bindings.RepositoriesPythonApi.modify(repo.pulp_href, body).task)
     distro = python_distribution_factory(repository=repo)
 
-    url = f'{urljoin(distro.base_url, "simple/")}shelf-reader'
+    url = f'{urljoin(distro.base_url, "simple/")}twine'
     headers = {"Accept": PYPI_SIMPLE_V1_HTML}
 
     response = requests.get(url, headers=headers)
     assert response.headers["Content-Type"] == PYPI_SIMPLE_V1_HTML
     assert response.headers["X-PyPI-Last-Serial"] == str(PYPI_SERIAL_CONSTANT)
 
-    metadata_sha_digests = {
-        PYTHON_WHEEL_FILENAME: PYTHON_WHEEL_METADATA_SHA256,
-        PYTHON_EGG_FILENAME: None,  # egg files should not have metadata
-    }
     proper, msgs = ensure_simple(
         urljoin(distro.base_url, "simple/"),
-        {"shelf-reader": [PYTHON_WHEEL_FILENAME, PYTHON_EGG_FILENAME]},
-        sha_digests=PYTHON_XS_FIXTURE_CHECKSUMS,
-        metadata_sha_digests=metadata_sha_digests,
+        {"twine": [TWINE_WHEEL_FILENAME, TWINE_EGG_FILENAME]},
+        sha_digests=TWINE_FIXTURE_CHECKSUMS,
+        metadata_sha_digests=TWINE_FIXTURE_METADATA_SHA256,
+        requires_python=TWINE_FIXTURE_REQUIRES_PYTHON,
     )
     assert proper, f"Simple API validation failed: {msgs}"
 
@@ -114,15 +117,15 @@ def test_simple_json_detail_api(
     python_distribution_factory,
     python_repo_factory,
 ):
-    content_1 = python_content_factory(PYTHON_WHEEL_FILENAME, url=PYTHON_WHEEL_URL)
-    content_2 = python_content_factory(PYTHON_EGG_FILENAME, url=PYTHON_EGG_URL)
+    content_1 = python_content_factory(TWINE_WHEEL_FILENAME, url=TWINE_WHEEL_URL)
+    content_2 = python_content_factory(TWINE_EGG_FILENAME, url=TWINE_EGG_URL)
     body = {"add_content_units": [content_1.pulp_href, content_2.pulp_href]}
 
     repo = python_repo_factory()
     monitor_task(python_bindings.RepositoriesPythonApi.modify(repo.pulp_href, body).task)
     distro = python_distribution_factory(repository=repo)
 
-    url = f'{urljoin(distro.base_url, "simple/")}shelf-reader'
+    url = f'{urljoin(distro.base_url, "simple/")}twine'
     headers = {"Accept": PYPI_SIMPLE_V1_JSON}
 
     response = requests.get(url, headers=headers)
@@ -131,27 +134,31 @@ def test_simple_json_detail_api(
 
     data = response.json()
     assert data["meta"] == {"api-version": API_VERSION, "_last-serial": PYPI_SERIAL_CONSTANT}
-    assert data["name"] == "shelf-reader"
+    assert data["name"] == "twine"
     assert data["files"]
-    assert data["versions"] == ["0.1"]
+    assert data["versions"] == ["5.1.0"]
 
     # Check data of a wheel
-    file_whl = next((i for i in data["files"] if i["filename"] == PYTHON_WHEEL_FILENAME), None)
+    file_whl = next((i for i in data["files"] if i["filename"] == TWINE_WHEEL_FILENAME), None)
     assert file_whl is not None, "wheel file not found"
     assert file_whl["url"]
-    assert file_whl["hashes"] == {"sha256": PYTHON_WHEEL_SHA256}
-    assert file_whl["requires-python"] is None
-    assert file_whl["data-dist-info-metadata"] == {"sha256": PYTHON_WHEEL_METADATA_SHA256}
-    assert file_whl["size"] == 22455
+    assert file_whl["hashes"] == {"sha256": TWINE_WHEEL_SHA256}
+    assert file_whl["requires-python"] == TWINE_WHEEL_REQUIRES_PYTHON
+    assert file_whl["data-dist-info-metadata"] == {"sha256": TWINE_WHEEL_METADATA_SHA256}
+    assert file_whl["core-metadata"] == {"sha256": TWINE_WHEEL_METADATA_SHA256}
+    assert file_whl["size"] == TWINE_WHEEL_SIZE
     assert file_whl["upload-time"] is not None
+    assert file_whl["provenance"] is None
+
     # Check data of a tarball
-    file_tar = next((i for i in data["files"] if i["filename"] == PYTHON_EGG_FILENAME), None)
+    file_tar = next((i for i in data["files"] if i["filename"] == TWINE_EGG_FILENAME), None)
     assert file_tar is not None, "tar file not found"
     assert file_tar["url"]
-    assert file_tar["hashes"] == {"sha256": PYTHON_EGG_SHA256}
-    assert file_tar["requires-python"] is None
+    assert file_tar["hashes"] == {"sha256": TWINE_EGG_SHA256}
+    assert file_tar["requires-python"] == TWINE_EGG_REQUIRES_PYTHON
     assert file_tar["data-dist-info-metadata"] is False
-    assert file_tar["size"] == 19097
+    assert file_tar["core-metadata"] is False
+    assert file_tar["size"] == TWINE_EGG_SIZE
     assert file_tar["upload-time"] is not None
     assert file_tar["provenance"] is None
 

{pulp_python-3.23.1 → pulp_python-3.24.1}/pulp_python/tests/functional/constants.py

@@ -226,6 +226,32 @@ PYTHON_INFO_DATA = {
     # maybe add description, license is long for this one
 }
 
+# twine pkg data for PyPI Simple API
+TWINE_EGG_FILENAME = "twine-5.1.0.tar.gz"
+TWINE_EGG_URL = urljoin(urljoin(PYTHON_FIXTURES_URL, "packages/"), TWINE_EGG_FILENAME)
+TWINE_EGG_SHA256 = "4d74770c88c4fcaf8134d2a6a9d863e40f08255ff7d8e2acb3cbbd57d25f6e9d"
+TWINE_EGG_SIZE = 224997
+TWINE_EGG_REQUIRES_PYTHON = ">=3.8"
+
+TWINE_WHEEL_FILENAME = "twine-5.1.0-py3-none-any.whl"
+TWINE_WHEEL_URL = urljoin(urljoin(PYTHON_FIXTURES_URL, "packages/"), TWINE_WHEEL_FILENAME)
+TWINE_WHEEL_SHA256 = "fe1d814395bfe50cfbe27783cb74efe93abeac3f66deaeb6c8390e4e92bacb43"
+TWINE_WHEEL_SIZE = 38563
+TWINE_WHEEL_REQUIRES_PYTHON = ">=3.8"
+TWINE_WHEEL_METADATA_SHA256 = "0ac5cf457bd47512b3477949ff6274cc2258414f3e1f136e049585aac92e4ddb"
+
+TWINE_FIXTURE_CHECKSUMS = {
+    TWINE_EGG_FILENAME: TWINE_EGG_SHA256,
+    TWINE_WHEEL_FILENAME: TWINE_WHEEL_SHA256,
+}
+TWINE_FIXTURE_METADATA_SHA256 = {
+    TWINE_WHEEL_FILENAME: TWINE_WHEEL_METADATA_SHA256,
+    TWINE_EGG_FILENAME: None,  # egg files should not have metadata
+}
+TWINE_FIXTURE_REQUIRES_PYTHON = {
+    TWINE_WHEEL_FILENAME: TWINE_EGG_REQUIRES_PYTHON,
+    TWINE_EGG_FILENAME: TWINE_WHEEL_REQUIRES_PYTHON,
+}
 
 # Current tests use PYTHON_FIXTURES_URL with an 'S', remove after adding api tests
 PYTHON_FIXTURE_URL = urljoin(PULP_FIXTURES_BASE_URL, "python-pypi/")

{pulp_python-3.23.1 → pulp_python-3.24.1}/pulp_python/tests/functional/utils.py

@@ -6,27 +6,55 @@ from lxml import html
 
 def _validate_metadata_sha_digest(link, filename, metadata_sha_digests):
     """
-    Validate data-dist-info-metadata attribute for a release link.
+    Validate data-dist-info-metadata and data-core-metadata attributes for a release link.
     """
-    data_dist_info_metadata = link.get("data-dist-info-metadata")
+    expected_metadata_sha = metadata_sha_digests.get(filename)
+    expected_attr = f"sha256={expected_metadata_sha}" if expected_metadata_sha else None
 
-    if expected_metadata_sha := metadata_sha_digests.get(filename):
-        expected_attr = f"sha256={expected_metadata_sha}"
-        if data_dist_info_metadata != expected_attr:
-            return (
-                f"\nFile {filename} has incorrect data-dist-info-metadata: "
-                f"expected '{expected_attr}', got '{data_dist_info_metadata}'"
-            )
-    else:
-        if data_dist_info_metadata:
-            return (
-                f"\nFile {filename} should not have data-dist-info-metadata "
-                f"but has '{data_dist_info_metadata}'"
+    msgs = ""
+    for attr_name in ["data-dist-info-metadata", "data-core-metadata"]:
+        attr_value = link.get(attr_name)
+        if attr_value != expected_attr:
+            if expected_attr:
+                msgs += (
+                    f"\nFile {filename} has incorrect {attr_name}: "
+                    f"expected '{expected_attr}', got '{attr_value}'"
+                )
+            else:
+                msgs += f"\nFile {filename} should not have {attr_name} but has '{attr_value}'"
+    return msgs
+
+
+def _validate_requires_python(link, filename, requires_python, page_content):
+    """
+    Validate data-requires-python attribute for a release link.
+    """
+    expected_requires_python = requires_python.get(filename) if requires_python else None
+    attr_value = link.get("data-requires-python")
+
+    msgs = ""
+    if attr_value != expected_requires_python:
+        if expected_requires_python:
+            msgs += (
+                f"\nFile {filename} has incorrect data-requires-python: "
+                f"expected '{expected_requires_python}', got '{attr_value}'"
             )
-    return ""
+        else:
+            msgs += f"\nFile {filename} should not have data-requires-python but has '{attr_value}'"
+
+    # Check HTML escaping
+    if expected_requires_python and any(char in expected_requires_python for char in [">", "<"]):
+        escaped_value = expected_requires_python.replace(">", "&gt;").replace("<", "&lt;")
+        escaped_attr = f'data-requires-python="{escaped_value}"'
+        if escaped_attr not in page_content:
+            msgs += f"\nFile {filename} has unescaped < or > in data-requires-python attribute"
+
+    return msgs
 
 
-def ensure_simple(simple_url, packages, sha_digests=None, metadata_sha_digests=None):
+def ensure_simple(
+    simple_url, packages, sha_digests=None, metadata_sha_digests=None, requires_python=None
+):
     """
     Tests that the simple api at `url` matches the packages supplied.
     `packages`: dictionary of form {package_name: [release_filenames]}
@@ -41,7 +69,8 @@ def ensure_simple(simple_url, packages, sha_digests=None, metadata_sha_digests=N
 
     def explore_links(page_url, page_name, links_found, msgs):
         legit_found_links = []
-        page = html.fromstring(requests.get(page_url).text)
+        page_content = requests.get(page_url).text
+        page = html.fromstring(page_content)
         page_links = page.xpath("/html/body/a")
         for link in page_links:
             if link.text in links_found:
@@ -53,6 +82,11 @@ def ensure_simple(simple_url, packages, sha_digests=None, metadata_sha_digests=N
                     # Check metadata SHA digest if provided
                     if metadata_sha_digests and page_name == "release":
                         msgs += _validate_metadata_sha_digest(link, link.text, metadata_sha_digests)
+                    # Check requires-python if provided
+                    if requires_python and page_name == "release":
+                        msgs += _validate_requires_python(
+                            link, link.text, requires_python, page_content
+                        )
                 else:
                     msgs += f"\nFound {page_name} link without href {link.text}"
             else:

{pulp_python-3.23.1 → pulp_python-3.24.1}/pulp_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pulp-python
-Version: 3.23.1
+Version: 3.24.1
 Summary: pulp-python plugin for the Pulp Project
 Author-email: Pulp Team <pulp-list@redhat.com>
 Project-URL: Homepage, https://pulpproject.org

{pulp_python-3.23.1 → pulp_python-3.24.1}/pyproject.toml

@@ -7,7 +7,7 @@ build-backend = 'setuptools.build_meta'
 
 [project]
 name = "pulp-python"
-version = "3.23.1"
+version = "3.24.1"
 description = "pulp-python plugin for the Pulp Project"
 readme = "README.md"
 authors = [
@@ -77,7 +77,7 @@ ignore = [
 [tool.bumpversion]
 # This section is managed by the plugin template. Do not edit manually.
 
-current_version = "3.23.1"
+current_version = "3.24.1"
 commit = false
 tag = false
 parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<alpha>0a)?(?P<patch>\\d+)(\\.(?P<release>[a-z]+))?"

pulp_python-3.23.1/pulp_python/app/migrations/0019_create_missing_metadata_artifacts.py

@@ -1,204 +0,0 @@
-# Generated manually on 2025-12-15 14:00 for creating missing metadata artifacts
-
-from django.db import migrations
-
-BATCH_SIZE = 1000
-
-
-def pulp_hashlib_new(name, *args, **kwargs):
-    """
-    Copied and updated (to comply with migrations) from pulpcore.
-    """
-    import hashlib as the_real_hashlib
-    from django.conf import settings
-
-    if name not in settings.ALLOWED_CONTENT_CHECKSUMS:
-        return None
-
-    return the_real_hashlib.new(name, *args, **kwargs)
-
-
-def init_and_validate(file, artifact_model, expected_digests):
-    """
-    Copied and updated (to comply with migrations) from pulpcore.
-    """
-    from django.conf import settings
-
-    digest_fields = []
-    for alg in ("sha512", "sha384", "sha256", "sha224", "sha1", "md5"):
-        if alg in settings.ALLOWED_CONTENT_CHECKSUMS:
-            digest_fields.append(alg)
-
-    if isinstance(file, str):
-        with open(file, "rb") as f:
-            hashers = {
-                n: hasher for n in digest_fields if (hasher := pulp_hashlib_new(n)) is not None
-            }
-            if not hashers:
-                return None
-
-            size = 0
-            while True:
-                chunk = f.read(1048576)  # 1 megabyte
-                if not chunk:
-                    break
-                for algorithm in hashers.values():
-                    algorithm.update(chunk)
-                size = size + len(chunk)
-    else:
-        size = file.size
-        hashers = file.hashers
-
-    mismatched_sha256 = None
-    for algorithm, expected_digest in expected_digests.items():
-        if algorithm not in hashers:
-            return None
-        actual_digest = hashers[algorithm].hexdigest()
-        if expected_digest != actual_digest:
-            # Store the actual value for later fixing if it differs from the package value
-            mismatched_sha256 = actual_digest
-
-    attributes = {"size": size, "file": file}
-    for algorithm in digest_fields:
-        attributes[algorithm] = hashers[algorithm].hexdigest()
-
-    return artifact_model(**attributes), mismatched_sha256
-
-
-def extract_wheel_metadata(filename):
-    """
-    Extract the metadata file content from a wheel file.
-    Return the raw metadata content as bytes or None if metadata cannot be extracted.
-    """
-    import zipfile
-
-    try:
-        with zipfile.ZipFile(filename, "r") as f:
-            for file_path in f.namelist():
-                if file_path.endswith(".dist-info/METADATA"):
-                    return f.read(file_path)
-    except (zipfile.BadZipFile, KeyError, OSError):
-        pass
-    return None
-
-
-def artifact_to_metadata_artifact(filename, artifact, md_digests, tmp_dir, artifact_model):
-    """
-    Create artifact for metadata from the provided wheel artifact.
-    Return (artifact, mismatched_sha256) on success, None on any failure.
-    """
-    import shutil
-    import tempfile
-
-    with tempfile.NamedTemporaryFile("wb", dir=tmp_dir, suffix=filename, delete=False) as temp_file:
-        temp_wheel_path = temp_file.name
-        artifact.file.seek(0)
-        shutil.copyfileobj(artifact.file, temp_file)
-        temp_file.flush()
-
-    metadata_content = extract_wheel_metadata(temp_wheel_path)
-    if not metadata_content:
-        return None
-
-    with tempfile.NamedTemporaryFile(
-        "wb", dir=tmp_dir, suffix=".metadata", delete=False
-    ) as temp_md:
-        temp_metadata_path = temp_md.name
-        temp_md.write(metadata_content)
-        temp_md.flush()
-
-    return init_and_validate(temp_metadata_path, artifact_model, md_digests)
-
-
-def create_missing_metadata_artifacts(apps, schema_editor):
-    """
-    Create metadata artifacts for PythonPackageContent instances that have metadata_sha256
-    but are missing the corresponding metadata artifact.
-    """
-    import tempfile
-    from django.conf import settings
-    from django.db import models
-
-    PythonPackageContent = apps.get_model("python", "PythonPackageContent")
-    ContentArtifact = apps.get_model("core", "ContentArtifact")
-    Artifact = apps.get_model("core", "Artifact")
-
-    packages = (
-        PythonPackageContent.objects.filter(
-            metadata_sha256__isnull=False,
-            filename__endswith=".whl",
-            contentartifact__artifact__isnull=False,
-            contentartifact__relative_path=models.F("filename"),
-        )
-        .exclude(metadata_sha256="")
-        .prefetch_related("_artifacts")
-        .only("filename", "metadata_sha256")
-    )
-    artifact_batch = []
-    contentartifact_batch = []
-    packages_batch = []
-
-    with tempfile.TemporaryDirectory(dir=settings.WORKING_DIRECTORY) as temp_dir:
-        for package in packages:
-            # Get the main artifact for package
-            main_artifact = package._artifacts.get()
-
-            filename = package.filename
-            metadata_digests = {"sha256": package.metadata_sha256}
-            result = artifact_to_metadata_artifact(
-                filename, main_artifact, metadata_digests, temp_dir, Artifact
-            )
-            if result is None:
-                # Unset metadata_sha256 when extraction or validation fails
-                package.metadata_sha256 = None
-                packages_batch.append(package)
-                continue
-            metadata_artifact, mismatched_sha256 = result
-            if mismatched_sha256:
-                # Fix the package if its metadata_sha256 differs from the actual value
-                package.metadata_sha256 = mismatched_sha256
-                packages_batch.append(package)
-
-            # Set the domain on the metadata artifact to match the package's domain
-            metadata_artifact.pulp_domain = package._pulp_domain
-
-            contentartifact = ContentArtifact(
-                artifact=metadata_artifact,
-                content=package,
-                relative_path=f"{filename}.metadata",
-            )
-            artifact_batch.append(metadata_artifact)
-            contentartifact_batch.append(contentartifact)
-
-            if len(artifact_batch) == BATCH_SIZE:
-                Artifact.objects.bulk_create(artifact_batch, batch_size=BATCH_SIZE)
-                ContentArtifact.objects.bulk_create(contentartifact_batch, batch_size=BATCH_SIZE)
-                artifact_batch.clear()
-                contentartifact_batch.clear()
-            if len(packages_batch) == BATCH_SIZE:
-                PythonPackageContent.objects.bulk_update(
-                    packages_batch, ["metadata_sha256"], batch_size=BATCH_SIZE
-                )
-                packages_batch.clear()
-
-        if artifact_batch:
-            Artifact.objects.bulk_create(artifact_batch, batch_size=BATCH_SIZE)
-            ContentArtifact.objects.bulk_create(contentartifact_batch, batch_size=BATCH_SIZE)
-        if packages_batch:
-            PythonPackageContent.objects.bulk_update(
-                packages_batch, ["metadata_sha256"], batch_size=BATCH_SIZE
-            )
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("python", "0018_packageprovenance"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            create_missing_metadata_artifacts,
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]