scanpypi: add support for the new PyPI infrastructure

https://pypi.python.org URL has been changed to https://pypi.org. Package's JSON object now contains sha256 checksum, so use it instead of locally computed one. Change comments in the hash file accordingly. Signed-off-by: Yegor Yefremov <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
thalesfsp · Apr 18, 2018 · 6766ff9 · 6766ff9
1 parent 046c5e2
commit 6766ff9
Showing 1 changed file with 15 additions and 14 deletions.
diff --git a/utils/scanpypi b/utils/scanpypi
@@ -153,7 +153,7 @@ class BuildrootPackage():
         """
         Fetch a package's metadata from the python package index
         """
-        self.metadata_url = 'https://pypi.python.org/pypi/{pkg}/json'.format(
+        self.metadata_url = 'https://pypi.org/pypi/{pkg}/json'.format(
             pkg=self.real_name)
         try:
             pkg_json = six.moves.urllib.request.urlopen(self.metadata_url).read().decode()
@@ -187,7 +187,7 @@ class BuildrootPackage():
             self.metadata['urls'] = [{
                 'packagetype': 'sdist',
                 'url': self.metadata['info']['download_url'],
-                'md5_digest': None}]
+                'digests': None}]
             # In this case, we can't get the name of the downloaded file
             # from the pypi api, so we need to find it, this should work
             urlpath = six.moves.urllib.parse.urlparse(
@@ -208,10 +208,10 @@ class BuildrootPackage():
             else:
                 self.used_url = download_url
                 self.as_string = download.read()
-                if not download_url['md5_digest']:
+                if not download_url['digests']['md5']:
                     break
                 self.md5_sum = hashlib.md5(self.as_string).hexdigest()
-                if self.md5_sum == download_url['md5_digest']:
+                if self.md5_sum == download_url['digests']['md5']:
                     break
         else:
             if download.__class__ == six.moves.urllib.error.HTTPError:
@@ -529,22 +529,23 @@ class BuildrootPackage():
         path_to_hash = os.path.join(self.pkg_dir, pkg_hash)
         print('Creating {filename}...'.format(filename=path_to_hash))
         lines = []
-        if self.used_url['md5_digest']:
-            md5_comment = '# md5 from {url}, sha256 locally computed\n'.format(
+        if self.used_url['digests']['md5'] and self.used_url['digests']['sha256']:
+            hash_header = '# md5, sha256 from {url}\n'.format(
                 url=self.metadata_url)
-            lines.append(md5_comment)
+            lines.append(hash_header)
             hash_line = '{method}\t{digest}  {filename}\n'.format(
                 method='md5',
-                digest=self.used_url['md5_digest'],
+                digest=self.used_url['digests']['md5'],
+                filename=self.filename)
+            lines.append(hash_line)
+            hash_line = '{method}\t{digest}  {filename}\n'.format(
+                method='sha256',
+                digest=self.used_url['digests']['sha256'],
                 filename=self.filename)
             lines.append(hash_line)
-        digest = hashlib.sha256(self.as_string).hexdigest()
-        hash_line = '{method}\t{digest}  {filename}\n'.format(
-            method='sha256',
-            digest=digest,
-            filename=self.filename)
-        lines.append(hash_line)
 
+        if self.license_files:
+            lines.append('# Locally computed sha256 checksums\n')
         for license_file in self.license_files:
             sha256 = hashlib.sha256()
             with open(license_file, 'rb') as lic_f: