-
-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please make trove classifier validation optional/non-fatal #1368
Comments
I can add an option to prevent this check but please understand that this mostly only affects redistributors because normally the latest version would be pulled on CI. How critical should I take this? I'm trying to assess when I would have to implement this option. |
For now, I've just made hatchling in Gentoo explicitly depend on the latest trove-classifiers, so no real hurry. |
Add a HATCH_NO_VERIFY_TROVE_CLASSIFIERS hook to disable verification of trove classifiers. This makes it possible to build newer packages against old versions of trove-classifiers (or even without the package installed). This is a convenience feature for Linux distributions that do not want to track minimum required trove-classifiers versions as required by various packages. Fixes pypa#1368
Hey, this is really painful. I've added
to
that's Given stable distros use years old packages (for good reasons), this could be huge issue going forward as new Python versions are released and this prevents packages using I see that latest
So in two years, same problem with Python 3.15 on current version. This is not sustainable. Please make sure that future As a packager, I don't think out of date classifiers are a valid reason for build failure because they evolve with time. Python has 5 years of support so latest Failing on classifier mismatch seems excessive and harmful, I suggest defaulting to warning with an option to fail on warnings. Other that this shot in the foot, |
To get your package working for now you can add a metadata hook with the next few years of Python version classifiers: https://hatch.pypa.io/latest/plugins/metadata-hook/reference/#hatchling.metadata.plugin.interface.MetadataHookInterface.get_known_classifiers |
Also, is it possible within the tooling of your distribution to remove Python classifiers from that section that are known to not work e.g. Python 3.13 wouldn't be on Debian Buster? |
Anything is "possible". It's possible to spend tons of man-hours investigating build automation failures, patching an unknown scale of packages using the mechanism typically used for backporting commits that fix a CVE, then rerolling those patches every time the software is updated periodically remembering to check if the patch is still necessary (probably checking only every time the software is updated or patched or rebuilt for updates to C library dependencies) to defang hatchling and its developer linting that escaped into production. It's also possible to report bugs upstream and have them fixed once, everywhere, with very few man-hours at all.
Doesn't this contra-indicate the purpose of having a developer lint at all? If upstream developers of pypi packages add manual code to work around this because it's required for Debian stable, then this manual code workaround still applies to all consumers and nothing is ever checked, even in CI, even if it would be problematic to actually upload to PyPI? Additionally, it only helps for software where the upstream developer is also the Debian packager. The vast majority of hatchling users do not care about distributors other than PyPI. |
Thanks, I worked around it by using legacy However, I'm more interested in Let me present additional example - in Debian, there is the
I think almost every Debian packager uses Similarly, checking classifiers is a nice linting feature, I'm glad it exists, but failing build based on this is simply not a good idea, it will only make packagers and other folks who don't ride "latest and greatest (and randomly broken)" wave have extra work with supporting older projects on older pythons/systems. |
Okay let me ask you both a question. Say the default of checking for invalid classifiers remains but there is an option as this issue requests for disabling this check. At what point in the chain does this flag get used? Certainly maintainers would never disable this check on GitHub/for PyPI. |
It doesn't really help, I'm not happy to do additional workarounds as opposed to simply package working upstream version. I distinctively dislike downstream patches.
I've been both developing and packaging Python since 2.4 and I've witnessed countless Python horrors beyond comprehension. I've really hoped that new tools such as Please do take the distros and their users into consideration, this isn't specific to Debian. I wish classic packaging was obsolete, but it isn't. |
Yes, I definitely understand your perspective! I'm asking if having an option to disable the check would actually help your scenario. |
I'm not familiar with how However, I'm not sure about the best implementation of such option. |
I also definitely understand perspective of people who don't care about distros at all :) And yet they're still relevant, so here are my few cents, hope they help you make an informed decision. I still think linting shouldn't fail build by default, warnings would be much more pragmatic way that wouldn't require extra workarounds at places. There WILL be false positives due to temporal nature of the classifiers. Still, if you insist on enforced classifier purity, yes, please add an option to make it non-fatal 🙏 |
I think it's intended to be end-user / redistributor option. IMO the simplest way to do this is via envvar, as I've done in the linked PR. It has the advantage that it can be used easily (argument passing may be hard for end users) and immediately (i.e. we can use it unconditionally without checking for hatchling version). |
I think your environment variable idea is a good one and I forgot about that, thanks! Although, I would like to hear confirmation from them that their situation will be fixed by this because it's unclear to me at what point in the process that environment variable will be used. |
@jruzicka-nic, could you please test #1620 and tell us whether that would work for you? |
Bug: pypa/hatch#1368 Signed-off-by: Michał Górny <[email protected]>
Bug: pypa/hatch#1368 Signed-off-by: Michał Górny <[email protected]>
Bug: pypa/hatch#1368 Signed-off-by: Michał Górny <[email protected]>
Bug: pypa/hatch#1368 Signed-off-by: Michał Górny <[email protected]>
- Remove the line for now until Debian backported the fix. See pypa/hatch#1368
* pyproject: fix table excluding rules for test files * pyproject: update format * pyproject: add python 3.13 * pyproject: add PLR2044 to enforce empty comments * pyproject: add PLR5501 to enforce collapsing nested else-if * pyproject: add PLR6201 to enforce membership against sets * pyproject: add PLR2004 to flag magic values * pyproject: add PLR1714 to flag poor membership tests in expressions * pyproject: add RUF200 to flag invalid pyproject.toml schemas * pyproject: add RUF021 to prefer parenthesizing chain expressions * pyproject: add A004 to avoid shadowing built-in imports * umu_run: add parenthesis in expression * umu: use enum when checking http status codes * treewide: update format * pyproject: remove python 3.13 trove classifier - Remove the line for now until Debian backported the fix. See pypa/hatch#1368
Bug: pypa/hatch#1368 Signed-off-by: Michał Górny <[email protected]> Signed-off-by: Eli Schwartz <[email protected]>
hatchling's insistence on valid specifiers causes inevitable build failures on older distros as described in pypa/hatch#1368 Instead of fixing the root cause of this problem, upstream decided to add an env var to override it requiring custom patches in million places. Use good old setuptools instead, whose maintainers actually care about distro packaging and users in general.
Currently, Hatchling enforces at build time that all trove classifiers in the project are found in
trove_classifiers
package. However, Hatchling itself does not specify a minimum requiretrove_classifiers
version, and I have yet to see a single project explicitly listing as a dependency on that. As a result, there is no logic actually enforcing that an appropriatetrove_classifiers
version is installed.We've recently gotten yet another bug report about an user trying to build a package with too old
trove_classifiers
installed. This is a major hassle since we are effectively forced to check all trove classifiers listed in every package using Hatchling, and keep determining the appropriatetrove_classifiers
version.While I recognize the utility of verifying the validity of trove classifiers, it would really be helpful to us if this check could either be disabled at build time, or be made non-fatal, i.e. emit a warning rather than result in build failure. Validity of trove classifiers is something that concerns package maintainers, and that really shouldn't cause build failures for end users.
To reproduce the problem, based on the recent bug report:
The text was updated successfully, but these errors were encountered: