Hello community, here is the log from the commit of package python3-twine for openSUSE:Factory checked in at 2015-10-14 16:44:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python3-twine (Old) and /work/SRC/openSUSE:Factory/.python3-twine.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-twine" Changes: -------- --- /work/SRC/openSUSE:Factory/python3-twine/python3-twine.changes 2015-10-02 09:23:33.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python3-twine.new/python3-twine.changes 2015-10-14 16:44:16.000000000 +0200 @@ -1,0 +2,23 @@ +Tue Oct 6 03:02:51 UTC 2015 - a...@gmx.de + +- update to version 1.6.3: + * :bug:`137`, :bug:`140` Uploading signatures was broken due to the + pull request that added large file support via + requests-toolbelt. This caused a 500 error on PyPI and prevented + package and signature upload in twine 1.6.0 + +------------------------------------------------------------------- +Fri Oct 2 05:00:04 UTC 2015 - a...@gmx.de + +- specfile: updated url + +- update to version 1.6.2: + * Upload signatures with packages appropriately + * As part of the refactor for the 1.6.0 release, we were using the + wrong name to find the signature file. + * This also uncovered a bug where if you're using twine in a + situation where * is not expanded by your shell, we might also + miss uploading signatures to PyPI. Both were fixed as part of + this. + +------------------------------------------------------------------- Old: ---- twine-1.6.1.tar.gz New: ---- twine-1.6.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-twine.spec ++++++ --- /var/tmp/diff_new_pack.aSB6nB/_old 2015-10-14 16:44:16.000000000 +0200 +++ /var/tmp/diff_new_pack.aSB6nB/_new 2015-10-14 16:44:16.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package python3-twine # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,12 +17,12 @@ Name: python3-twine -Version: 1.6.1 +Version: 1.6.3 Release: 0 Summary: Collection of utilities for interacting with PyPI License: Apache-2.0 Group: Development/Languages/Python -Url: https://github.com/dstufft/twine +Url: https://github.com/pypa/twine Source: https://pypi.python.org/packages/source/t/twine/twine-%{version}.tar.gz BuildRequires: python3-devel BuildRequires: python3-setuptools ++++++ twine-1.6.1.tar.gz -> twine-1.6.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/PKG-INFO new/twine-1.6.3/PKG-INFO --- old/twine-1.6.1/PKG-INFO 2015-09-19 03:45:45.000000000 +0200 +++ new/twine-1.6.3/PKG-INFO 2015-10-05 14:42:57.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: twine -Version: 1.6.1 +Version: 1.6.3 Summary: Collection of utilities for interacting with PyPI Home-page: https://github.com/pypa/twine Author: Donald Stufft and individual contributors diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/docs/changelog.rst new/twine-1.6.3/docs/changelog.rst --- old/twine-1.6.1/docs/changelog.rst 2015-09-19 03:44:33.000000000 +0200 +++ new/twine-1.6.3/docs/changelog.rst 2015-10-05 05:26:58.000000000 +0200 @@ -4,6 +4,24 @@ Changelog ========= +* :release:`1.6.3 <2015-10-05>` + + * :bug:`137`, :bug:`140` Uploading signatures was broken due to the pull + request that added large file support via ``requests-toolbelt``. This + caused a 500 error on PyPI and prevented package and signature upload in + twine 1.6.0 + +* :release:`1.6.2 <2015-09-28>` + + * :bug:`132` Upload signatures with packages appropriately + + As part of the refactor for the 1.6.0 release, we were using the wrong + name to find the signature file. + + This also uncovered a bug where if you're using twine in a situation where + ``*`` is not expanded by your shell, we might also miss uploading + signatures to PyPI. Both were fixed as part of this. + * :release:`1.6.1 <2015-09-18>` * :bug:`130` Fix signing support for uploads diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/setup.cfg new/twine-1.6.3/setup.cfg --- old/twine-1.6.1/setup.cfg 2015-09-19 03:45:45.000000000 +0200 +++ new/twine-1.6.3/setup.cfg 2015-10-05 14:42:57.000000000 +0200 @@ -15,7 +15,7 @@ argparse; python_version == '2.6' [egg_info] -tag_date = 0 tag_svn_revision = 0 +tag_date = 0 tag_build = diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/tests/test_package.py new/twine-1.6.3/tests/test_package.py --- old/twine-1.6.1/tests/test_package.py 2015-09-19 03:42:58.000000000 +0200 +++ new/twine-1.6.3/tests/test_package.py 2015-09-28 15:09:27.000000000 +0200 @@ -55,3 +55,18 @@ pass args = ('gpg', '--detach-sign', '--local-user', 'identity', '-a', filename) assert replaced_check_call.calls == [pretend.call(args)] + + +def test_package_signed_name_is_correct(): + filename = 'tests/fixtures/deprecated-pypirc' + + pkg = package.PackageFile( + filename=filename, + comment=None, + metadata=pretend.stub(name="deprecated-pypirc"), + python_version=None, + filetype=None + ) + + assert pkg.signed_basefilename == "deprecated-pypirc.asc" + assert pkg.signed_filename == (filename + '.asc') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/tests/test_repository.py new/twine-1.6.3/tests/test_repository.py --- old/twine-1.6.1/tests/test_repository.py 1970-01-01 01:00:00.000000000 +0100 +++ new/twine-1.6.3/tests/test_repository.py 2015-10-04 02:10:57.000000000 +0200 @@ -0,0 +1,49 @@ +# Copyright 2015 Ian Cordasco +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +from twine import repository + + +def test_gpg_signature_structure_is_preserved(): + data = { + 'gpg_signature': ('filename.asc', 'filecontent'), + } + + tuples = repository.Repository._convert_data_to_list_of_tuples(data) + assert tuples == [('gpg_signature', ('filename.asc', 'filecontent'))] + + +def test_content_structure_is_preserved(): + data = { + 'content': ('filename', 'filecontent'), + } + + tuples = repository.Repository._convert_data_to_list_of_tuples(data) + assert tuples == [('content', ('filename', 'filecontent'))] + + +def test_iterables_are_flattened(): + data = { + 'platform': ['UNKNOWN'], + } + + tuples = repository.Repository._convert_data_to_list_of_tuples(data) + assert tuples == [('platform', 'UNKNOWN')] + + data = { + 'platform': ['UNKNOWN', 'ANOTHERPLATFORM'], + } + + tuples = repository.Repository._convert_data_to_list_of_tuples(data) + assert tuples == [('platform', 'UNKNOWN'), + ('platform', 'ANOTHERPLATFORM')] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/tests/test_upload.py new/twine-1.6.3/tests/test_upload.py --- old/twine-1.6.1/tests/test_upload.py 2015-09-13 19:22:58.000000000 +0200 +++ new/twine-1.6.3/tests/test_upload.py 2015-09-28 15:09:27.000000000 +0200 @@ -66,6 +66,7 @@ def test_get_config_old_format(tmpdir): pypirc = os.path.join(str(tmpdir), ".pypirc") + dists = ["tests/fixtures/twine-1.5.0-py2.py3-none-any.whl"] with open(pypirc, "w") as fp: fp.write(textwrap.dedent(""" @@ -75,7 +76,7 @@ """)) try: - upload.upload(dists="foo", repository="pypi", sign=None, identity=None, + upload.upload(dists=dists, repository="pypi", sign=None, identity=None, username=None, password=None, comment=None, sign_with=None, config_file=pypirc, skip_existing=False) except KeyError as err: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/twine/__init__.py new/twine-1.6.3/twine/__init__.py --- old/twine-1.6.1/twine/__init__.py 2015-09-19 03:44:44.000000000 +0200 +++ new/twine-1.6.3/twine/__init__.py 2015-10-05 05:26:58.000000000 +0200 @@ -23,7 +23,7 @@ __summary__ = "Collection of utilities for interacting with PyPI" __uri__ = "https://github.com/pypa/twine" -__version__ = "1.6.1" +__version__ = "1.6.3" __author__ = "Donald Stufft and individual contributors" __email__ = "don...@stufft.io" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/twine/commands/upload.py new/twine-1.6.3/twine/commands/upload.py --- old/twine-1.6.1/twine/commands/upload.py 2015-09-13 19:22:58.000000000 +0200 +++ new/twine-1.6.3/twine/commands/upload.py 2015-09-28 15:09:27.000000000 +0200 @@ -67,11 +67,13 @@ if not sign and identity: raise ValueError("sign must be given along with identity") + dists = find_dists(dists) + # Determine if the user has passed in pre-signed distributions signatures = dict( (os.path.basename(d), d) for d in dists if d.endswith(".asc") ) - dists = [i for i in dists if not i.endswith(".asc")] + uploads = [i for i in dists if not i.endswith(".asc")] config = utils.get_repository_from_config(config_file, repository) @@ -86,24 +88,14 @@ repository = Repository(config["repository"], username, password) - uploads = find_dists(dists) - for filename in uploads: package = PackageFile.from_filename(filename, comment) - # Sign the dist if requested - # if sign: - # sign_file(sign_with, filename, identity) - # signed_name = os.path.basename(filename) + ".asc" - signed_name = package.signed_filename + signed_name = package.signed_basefilename if signed_name in signatures: - with open(signatures[signed_name], "rb") as gpg: - package.gpg_signature = (signed_name, gpg.read()) - # data["gpg_signature"] = (signed_name, gpg.read()) + package.add_gpg_signature(signatures[signed_name], signed_name) elif sign: package.sign(sign_with, identity) - # with open(filename + ".asc", "rb") as gpg: - # data["gpg_signature"] = (signed_name, gpg.read()) resp = repository.upload(package) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/twine/package.py new/twine-1.6.3/twine/package.py --- old/twine-1.6.1/twine/package.py 2015-09-19 03:42:58.000000000 +0200 +++ new/twine-1.6.3/twine/package.py 2015-09-28 15:09:27.000000000 +0200 @@ -49,6 +49,7 @@ self.filetype = filetype self.safe_name = pkg_resources.safe_name(metadata.name) self.signed_filename = self.filename + '.asc' + self.signed_basefilename = self.basefilename + '.asc' self.gpg_signature = None md5_hash = hashlib.md5() @@ -141,6 +142,13 @@ return data + def add_gpg_signature(self, signature_filepath, signature_filename): + if self.gpg_signature is not None: + raise ValueError('GPG Signature can only be added once') + + with open(signature_filepath, "rb") as gpg: + self.gpg_signature = (signature_filename, gpg.read()) + def sign(self, sign_with, identity): print("Signing {0}".format(self.basefilename)) gpg_args = (sign_with, "--detach-sign") @@ -149,5 +157,4 @@ gpg_args += ("-a", self.filename) subprocess.check_call(gpg_args) - with open(self.signed_filename, "rb") as gpg: - self.pg_signature = (self.signed_filename, gpg.read()) + self.add_gpg_signature(self.signed_filename, self.signed_basefilename) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/twine/repository.py new/twine-1.6.3/twine/repository.py --- old/twine-1.6.1/twine/repository.py 2015-09-13 16:42:05.000000000 +0200 +++ new/twine-1.6.3/twine/repository.py 2015-10-04 02:10:57.000000000 +0200 @@ -17,6 +17,9 @@ from requests_toolbelt.multipart import MultipartEncoder +KEYWORDS_TO_NOT_FLATTEN = set(["gpg_signature", "content"]) + + class Repository(object): def __init__(self, repository_url, username, password): self.url = repository_url @@ -30,11 +33,12 @@ def _convert_data_to_list_of_tuples(data): data_to_send = [] for key, value in data.items(): - if isinstance(value, (list, tuple)): + if (key in KEYWORDS_TO_NOT_FLATTEN or + not isinstance(value, (list, tuple))): + data_to_send.append((key, value)) + else: for item in value: data_to_send.append((key, item)) - else: - data_to_send.append((key, value)) return data_to_send def register(self, package): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/twine.egg-info/PKG-INFO new/twine-1.6.3/twine.egg-info/PKG-INFO --- old/twine-1.6.1/twine.egg-info/PKG-INFO 2015-09-19 03:45:45.000000000 +0200 +++ new/twine-1.6.3/twine.egg-info/PKG-INFO 2015-10-05 14:42:57.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: twine -Version: 1.6.1 +Version: 1.6.3 Summary: Collection of utilities for interacting with PyPI Home-page: https://github.com/pypa/twine Author: Donald Stufft and individual contributors diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/twine-1.6.1/twine.egg-info/SOURCES.txt new/twine-1.6.3/twine.egg-info/SOURCES.txt --- old/twine-1.6.1/twine.egg-info/SOURCES.txt 2015-09-19 03:45:45.000000000 +0200 +++ new/twine-1.6.3/twine.egg-info/SOURCES.txt 2015-10-05 14:42:57.000000000 +0200 @@ -12,6 +12,7 @@ docs/_static/.empty tests/test_cli.py tests/test_package.py +tests/test_repository.py tests/test_upload.py tests/test_utils.py twine/__init__.py