pypi importer returns the wheel hash when it fails to find a proper source.

OpenSubmitted by Jack Hill.
Details
2 participants
  • Jack Hill
  • zimoun
Owner
unassigned
Severity
normal
J
J
Jack Hill wrote on 10 May 2019 20:41
(address . bug-guix@gnu.org)
alpine.DEB.2.20.1905101429150.30127@marsh.hcoop.net
As discussed on guix-devel[0] the pypi importer should probably not fill
in the hash with that of the wheel if a proper source archive is not found
on pypi.


Best,
Jack
Z
Z
zimoun wrote on 8 Mar 11:19 +0100
(name . Jack Hill)(address . jackhill@jackhill.us)(address . 35673@debbugs.gnu.org)
87bkyg4ui0.fsf@gmail.com
Hi,

On ven., 10 mai 2019 at 14:41, Jack Hill <jackhill@jackhill.us> wrote:
Toggle quote (6 lines)
> As discussed on guix-devel[0] the pypi importer should probably not fill in
> the hash with that of the wheel if a proper source archive is not found on
> pypi.
>
> [0] https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00209.html

Now the importer displays some warnings and hint, for instance:

Toggle snippet (36 lines)
$ guix import pypi PyPortfolioOpt
following redirection to `https://pypi.org/pypi/pyportfolioopt/json'...

Starting download of /tmp/guix-file.6rSGsS
From https://files.pythonhosted.org/packages/97/c2/c7569f2773f3e942367e90dcca15a235af3d3330ac8abfcbfbe67a8ba8dd/PyPortfolioOpt-1.5.1.tar.gz...
…t-1.5.1.tar.gz 56KiB 8.2MiB/s 00:00 [##################] 100.0%

Starting download of /tmp/guix-file.MFmUSK
From https://files.pythonhosted.org/packages/90/98/3906835b783ba39cfc613c7b0c0fde9c758c729ff3406d45f1c2a1116961/PyPortfolioOpt-1.5.1-py3-none-any.whl...
….1-py3-none-any.whl 60KiB 45.2MiB/s 00:00 [##################] 100.0%
guix import: warning: Failed to extract file: PyPortfolioOpt-1.5.1.dist-info/METADATA from wheel.
guix import: warning: Cannot guess requirements from source archive: no requires.txt file found.
guix import: warning: project name pyportfolioopt does not appear verbatim in the PyPI URI
hint: The PyPI URI is:
`https://files.pythonhosted.org/packages/97/c2/c7569f2773f3e942367e90dcca15
a235af3d3330ac8abfcbfbe67a8ba8dd/PyPortfolioOpt-1.5.1.tar.gz'. You should
review the pypi-uri declaration in the generated package. You may need to
replace "pyportfolioopt" with a substring of the PyPI URI that identifies
the package.

(package
(name "python-pyportfolioopt")
(version "1.5.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "pyportfolioopt" version))
(sha256
(base32 "162d6jyvba0xk2blssbp52rrjqpjv011h988k150p1fg7x7nzbs9"))))
(build-system python-build-system)
(home-page "https://github.com/robertmartin8/PyPortfolioOpt")
(synopsis "Financial portfolio optimization in python")
(description "Financial portfolio optimization in python")
(license license:expat))

If it is not enough, could you provide an example?


Cheers,
simon
?