eli-schwartz commented on issue #36411:
URL: https://github.com/apache/arrow/issues/36411#issuecomment-2741025351
Meson has no problems with it:
```
project(
'pyarrow',
license: 'Apache-2.0',
license_files: ['../LICENSE.txt'],
)
```
And configure and install it:
```
$ meson setup builddir --licensedir=/usr/share/licenses/arrow/pyarrow
$ DESTDIR=pkg ninja -C builddir install
[...]
Installing /tmp/arrow/python/builddir/depmf.json to
/tmp/arrow/python/builddir/pkg/usr/local/share/licenses/arrow/pyarrow
Installing /tmp/arrow/python/../LICENSE.txt to
/tmp/arrow/python/builddir/pkg/usr/local/share/licenses/arrow/pyarrow/..
```
```
$ jq <
/tmp/arrow/python/builddir/pkg/usr/local/share/licenses/arrow/pyarrow/depmf.json
{
"type": "dependency manifest",
"version": "1.0",
"projects": {
"pyarrow": {
"version": "7.0.0.dev7092+g6e0a5fea8.d20250320",
"license": [
"Apache-2.0"
],
"license_files": [
"../LICENSE.txt"
]
},
"arrow": {
"version": "20.0.0",
"license": [
"unknown"
],
"license_files": []
}
}
}
```
There is a slight oddity there in that we define the install directory
utilizing ../ so it actually ends up outside the defined --licensedir. The
intention here is pretty obvious though, so I think we should elide the ../ as
a bugfix.
meson-python utilizes https://github.com/pypa/pyproject-metadata to do
metadata validation. It will harshly error out if you are incompliant with the
PEP:
- using ../ in license-files
and also if you do deprecated things:
- using a non-SPDX value in project.license in combination with
project.license-files
- including `License ::` classifiers when also using project.license as an
SPDX string
But it's not an error (and indeed shouldn't be an error) if you use dynamic
metadata with ../ (though the latter two are still an error). It still does
slightly mangle ../ in the wheel file, which is treated somewhat leniently by
tools:
```
pyarrow-7.0.0.dev7092+g6e0a5fea8.d20250320.dist-info/licenses/../LICENSE.txt
```
which:
- bsdtar errors out by default: "Also, tar will refuse to extract archive
entries whose pathnames contain .. or whose target directory would be altered
by a symlink.", but with bsdtar -P it will extract to *.dist-info/LICENSE.txt
- unzip raises a warning, elides the ../ and extracts all files including
producing *.dist-info/licenses/LICENSE.txt, and exits nonzero to raise
awareness that a warning occurred
- pip install silently, gracefully extracts this wheel using
*.dist-info/LICENSE.txt
What a fascinating set of behaviors. IMO meson-python should do the same
thing I'm currently coding up for meson.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
