Skip to content

pylock: add filename property to PackageSdist and PackageWheel, more validation#1095

Merged
brettcannon merged 3 commits intopypa:mainfrom
sbidoul:pylock-validate-wheel
Mar 6, 2026
Merged

pylock: add filename property to PackageSdist and PackageWheel, more validation#1095
brettcannon merged 3 commits intopypa:mainfrom
sbidoul:pylock-validate-wheel

Conversation

@sbidoul
Copy link
Member

@sbidoul sbidoul commented Feb 21, 2026

To implement Pylock.select we need a way to determine the filename of a PackageWheel from its name or url or path.

So here I add a filename property to PackageWheel and PackageSdist.

I also add validation of these names in from_dict.

sbidoul
sbidoul commented Feb 21, 2026
View reviewed changes
src/packaging/pylock.py
@property
def filename(self) -> str:
"""Get the filename of the sdist."""
filename = self.name or _url_name(self.url) or _path_name(self.path)
Copy link
Member Author

@sbidoul sbidoul Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec allows the 3 values to be set and does not explicitly say they must be consistent. Here I chose to not check for consistency and use this priority order to select the name.

Copy link
Member

@brettcannon brettcannon Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would argue that name takes precedence like you wrote it.

Copy link

@jsirois jsirois Mar 10, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That said, shouldn't URL have least precedence since the URL of a package may have a path that has 0 to do with the name? See pypa/packaging.python.org#1863 for discussion of this.

Copy link
Member Author

@sbidoul sbidoul Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jsirois the current idea (see the discourse thread that Brett opened) is that name is authoritative if set and if not set, path and url must have the same basename (validation check implemented in #1117).

sbidoul
sbidoul commented Feb 21, 2026
View reviewed changes
sbidoul
sbidoul commented Feb 21, 2026
View reviewed changes
sbidoul
sbidoul commented Feb 21, 2026
View reviewed changes
src/packaging/pylock.py
elif "\\" in path:
return path.rsplit("\\", 1)[-1]
else:
return path
Copy link
Member Author

@sbidoul sbidoul Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here this is an heuristic to determine the name from the path, as the spec does not enforce path separators.

sbidoul
sbidoul commented Feb 21, 2026
View reviewed changes
@sbidoul
Copy link
Member Author

sbidoul commented Feb 21, 2026

@brettcannon a few questions for you on the interpretation of PEP 751.

@sbidoul sbidoul mentioned this pull request Feb 21, 2026
Open
sbidoul
sbidoul commented Feb 21, 2026
View reviewed changes
src/packaging/pylock.py
return package_wheel

@property
def filename(self) -> str:
Copy link
Member Author

@sbidoul sbidoul Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I consider renaming this property to wheel_name. See also #1092 (comment).

Copy link
Member Author

@sbidoul sbidoul Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or not.

@sbidoul
pylock: add filename property and more validation
27cbf4a 
- add filename property to PackageSdist and PackageWheel
- validate sdist and wheel filenames
@sbidoul sbidoul force-pushed the pylock-validate-wheel branch from 58728a0 to 27cbf4a Compare February 21, 2026 17:27
@henryiii henryiii requested a review from brettcannon February 23, 2026 17:47
@brettcannon
Copy link
Member

brettcannon commented Feb 23, 2026

@brettcannon a few questions for you on the interpretation of PEP 751.

I think I answered everything, but in case I didn't just let me know!

@sbidoul
Copy link
Member Author

sbidoul commented Feb 24, 2026

Thanks Brett. So this is ready for review.

@brettcannon
Copy link
Member

brettcannon commented Mar 6, 2026

FYI I haven't forgotten about this PR.

@brettcannon brettcannon merged commit b2986d4 into pypa:main Mar 6, 2026
92 of 94 checks passed
@sbidoul sbidoul deleted the pylock-validate-wheel branch March 7, 2026 06:55
@brettcannon
Copy link
Member

brettcannon commented Mar 7, 2026
edited
Loading

@sbidoul I know I already merged this, but I just realized around the ambiguity case when a name isn't explicitly provided but both a path and URL, "In the face of ambiguity, refuse the temptation to guess" and raise an ambiguity exception.

@sbidoul
Copy link
Member Author

sbidoul commented Mar 8, 2026

@brettcannon that is more or less what I wanted to get at in #1095 (comment)

I did not find how to handle such a case in the spec. My preference would be to handle that at validation time and reject lock files where name / path / url have inconsistent file names. On the other hand I was wondering if the spec actually wanted to allow path and url with different, possiblty invalid filenames, and have the name field give the authoritative wheel/sdist name.

@brettcannon
Copy link
Member

brettcannon commented Mar 10, 2026

I did not find how to handle such a case in the spec.

Yeah, I forgot to cover that case. 😅 But the installation outline isn't a spec itself and since the overall spec doesn't address it, I would say it's undefined behaviour (but I'll open a discussion about it).

My preference would be to handle that at validation time and reject lock files where name / path / url have inconsistent file names.

I think that's reasonable.

On the other hand I was wondering if the spec actually wanted to allow path and url with different, possiblty invalid filenames, and have the name field give the authoritative wheel/sdist name.

I would say if name is set then it gets used, period. But if it isn't and both url and path are set then it's an error. But as I said, I'll open a discussion.

@brettcannon
Copy link
Member

brettcannon commented Mar 10, 2026

https://discuss.python.org/t/ambiguity-in-lock-file-spec-when-file-names-disagree/106480

@henryiii henryiii mentioned this pull request Mar 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brettcannon brettcannon brettcannon approved these changes

+1 more reviewer

@jsirois jsirois jsirois left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sbidoul @brettcannon @jsirois