The recent commits that touched vendoring and hashes, totally missed
the non-native vendored packages, like python packages that contain
rust code, and are thus cargo-vendored.
The issue in this case, is that we need to download the archive as it
is hosted and known to PyPI, but store it locally with our vendoring
suffix. This is inherently conflicting.
Fortunately, the PyPI webserver will ignore the query part of the URL,
so we can request the archive known to PyPI, and append an arbitrary
query, that is automatically constructed with the actual filename we
will use to store it. Basically, an URL for a python package like:
https://pypi.org.pkg/pkg-hash/pkg-vesion.tar.gz
can be turned into:
https://pypi.org.pkg/pkg-hash/pkg-vesion.tar.gz?buildroot-path=filename/python-pkg-version-cargo2.tar.gz
This way, we can use out default _SOURCE value, and construct a _SITE
that contains the actual package URL, with an arbtrary query.
NOTE: this is a stop-gap measure, to quickly fix those packages, while
waiting for a generic solution that works in all cases, not just with
PyPI.
NOTE-2: of course, if PyPI changes its policy, and no longer ignored the
query part, this is going to break again. Hence the need for a generic
solution...
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
c617ebbc97