Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pypi does not recognize license #1386

Closed
SMoraisAnsys opened this issue Dec 16, 2024 · 19 comments
Closed

Pypi does not recognize license #1386

SMoraisAnsys opened this issue Dec 16, 2024 · 19 comments

Comments

@SMoraisAnsys
Copy link

Unless there is a delay, it seems that the LICENSE metadata is not available in Pypi for release 24.3.0, see https://pypi.org/project/attrs/24.3.0/

Note that this information was available in 24.2.0, see https://pypi.org/project/attrs/24.2.0/

I suspect the changes from #1377 are the cause for this problem.

@hugovk
Copy link
Contributor

hugovk commented Dec 16, 2024

Testing with another package that also uses Hatchling, this is how pyproject.toml was before:

license = { text = "MIT" }
classifiers = [
  "License :: OSI Approved :: MIT License",

The upload shows it had this metadata:

Metadata-Version: 2.4
License: MIT
License-File: LICENSE.txt
Classifier: License :: OSI Approved :: MIT License

PyPI shows:

Unverified details:

  • Meta:
    • License: MIT License (MIT)

Next, change to:

license = "MIT"
license-files = [ "LICENSE.txt" ]
classifiers = [
  "License :: OSI Approved :: MIT License",

Metadata:

Metadata-Version: 2.4
Name: tinytext
License-Expression: MIT
License-File: LICENSE.txt
Classifier: License :: OSI Approved :: MIT License

PyPI:

Unverified details:

  • Meta:
    • License: MIT License

(It changed from "MIT License (MIT)" to "MIT License".)


Finally, remove the Trove classifier:

license = "MIT"
license-files = [ "LICENSE.txt" ]

Metadata:

Metadata-Version: 2.4
Name: tinytext
License-Expression: MIT
License-File: LICENSE.txt

PyPI:

Unverified details:

  • Meta:
    • [no licence shown]

To summarise, the new License-Expression and License-File fields are being added to metadata, but the licence is only shown (as unverified) when using the Trove classifier.

This might be a PyPI bug? Looking at https://pypi.org/pypi/attrs/json I see:

"license": null,
"license_expression": null,
"license_files": null,

So I think the short-term fix for attrs is to keep the Trove classifier (it's only deprecated for now, not removed), and keep the new PEP 639 fields so they can be used when PyPI is ready:

license = "MIT"
license-files = ["LICENSE"]
classifiers = [
  "License :: OSI Approved :: MIT License",

@hugovk
Copy link
Contributor

hugovk commented Dec 16, 2024

This might be a PyPI bug?

Or rather twine? Quoting @konstin on the PyPA Discord talking about another issue but with timely relevant info:

... uv publish sets license-file in the formdata (https://github.com/astral-sh/uv/blob/8074917449ec53d238112a9b0722110d902f522e/crates/uv-publish/src/lib.rs#L699) while twine does not (yet) (https://github.com/pypa/twine/blob/75be078d2849d07c3406772cbbdb13c72139b341/twine/package.py#L199)

@konstin
Copy link

konstin commented Dec 16, 2024

The warehouse (pypi) side is working, the following test package shows up correctly (https://test.pypi.org/project/astral-test-token/):

image

[project]
name = "astral-test-token"
version = "0.1.2317"
authors = [{ name = "konstin", email = "[email protected]" }]
classifiers = ["Topic :: Software Development :: Testing"]
dependencies = []
description = "Add your description here"
dynamic = ["gui-scripts", "scripts"]
keywords = ["test", "publish"]
license = "MIT OR Apache-2.0"
license-files = ["LICENSE*"]
maintainers = [{ name = "konstin", email = "[email protected]" }]
optional-dependencies = { "async" = ["anyio>=4,<5"] }
readme = "README.md"
requires-python = ">=3.12"
urls = { "github" = "https://github.com/astral-sh/uv" }

# hatchling should work equally
[build-system]
requires = ["pdm-backend"]
build-backend = "pdm.backend"

@hynek
Copy link
Member

hynek commented Dec 16, 2024

According to https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020/145 it’s a Twine issue (that is used by the PyPI upload action).

@SMoraisAnsys
Copy link
Author

SMoraisAnsys commented Dec 16, 2024

So I think the short-term fix for attrs is to keep the Trove classifier (it's only deprecated for now, not removed), and keep the new PEP 639 fields so they can be used when PyPI is ready:

license = "MIT"
license-files = ["LICENSE"]
classifiers = [
  "License :: OSI Approved :: MIT License",

I like this approach. On top of it, I think that people using pip-licenses (me among others haha) would be able to retrieve the package license with the Trove classifier ! If anyone is interested, this seems to be available with option --from=mixed

@SMoraisAnsys
Copy link
Author

Seems like Twine should be able to handle metadata version 2.4 soon (pypa/twine#1180 got merged).

@webknjaz
Copy link
Member

So I'll need to bump twine in pypi-publish once it's released.

@martin-traverse
Copy link

I hit this issue too. I see there is a PR open, would be great to get a fix merged / released if there is a solution available.

My project has very strict compliance requirements, we had to exclude the latest version of this package for the time being.

SMoraisAnsys added a commit to ansys/pyaedt-toolkits-common that referenced this issue Jan 8, 2025
Description
Temporary solution for the packaging issue in CICD. This PR should be reverted at some point once attrs gets a new release with license available on PyPI.

Issue linked
Here is the issue associated to our CICD failure python-attrs/attrs#1386
@wagenrace
Copy link

wagenrace commented Jan 9, 2025

I think this change is what creates the error. The classifier has a different function from the license. And most places use the classifier to figure out the license (Like PyPI and license-scanner): 3a5a49e

@webknjaz
Copy link
Member

It's not an error. The Trove classifier is deprecated in PEP 639

@wagenrace
Copy link

wagenrace commented Jan 10, 2025

I tested it with older version 24.2 (with the classifier) and it works as expected. So seems like it is not yet functional deprecated, also the pep is not yet fully accepted

This PEP has been provisionally accepted, with the following required conditions before the PEP is made Final:

An implementation of the PEP in two build back-ends.
An implementation of the PEP in PyPI.

From pep 639

I believe the deleting of the classifier is a bit early, but be good in the future. Maybe when 3.12 is end of life?

@webknjaz
Copy link
Member

Classifiers don't have standardized semantics for licenses. Also, PEP suggests that build tools may raise an error when both expression and classifier are provided.

@hugovk
Copy link
Contributor

hugovk commented Jan 21, 2025

twine 6.1.0 is out:

packaging is used instead of pkginfo for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. packaging version 24.0 or later is required. Support for metadata version 2.4 requires packaging 24.2 or later. pkginfo is not a dependency anymore. (#1180)

https://twine.readthedocs.io/en/stable/changelog.html

@webknjaz
Copy link
Member

Alright.. Sounds like I need to update pypi-publish now...

@hynek
Copy link
Member

hynek commented Jan 22, 2025

build-and-inspect-python-package is ready: https://github.com/hynek/build-and-inspect-python-package/releases/tag/v2.12.0

Let's fucking gooo – I can smell the finish line! 🏁

@webknjaz
Copy link
Member

pypi-publish has been released: https://bsky.app/profile/webknjaz.me/post/3lghhtwey522z. The issue will solve itself as soon as it's bumped in the workflow (and the release happens).

@webknjaz
Copy link
Member

build-and-inspect-python-package is ready: hynek/build-and-inspect-python-package@v2.12.0 (release)

Let's fucking gooo – I can smell the finish line! 🏁

@hynek you can now tweak the release note to clarify that pypi-publish v1.12.4 now supports it too.

@hynek
Copy link
Member

hynek commented Jan 24, 2025

I have rephrased it. 🎉

@SMoraisAnsys
Copy link
Author

@hynek @webknjaz Thanks for your help in handling this issue.
Would it be possible to make a new release such that the metadata is included ? A duplicate of the current latest release would be great even if the only difference is the metadata in pypi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants