c617ebbc97
The recent commits that touched vendoring and hashes, totally missed
the non-native vendored packages, like python packages that contain
rust code, and are thus cargo-vendored.
The issue in this case, is that we need to download the archive as it
is hosted and known to PyPI, but store it locally with our vendoring
suffix. This is inherently conflicting.
Fortunately, the PyPI webserver will ignore the query part of the URL,
so we can request the archive known to PyPI, and append an arbitrary
query, that is automatically constructed with the actual filename we
will use to store it. Basically, an URL for a python package like:
https://pypi.org.pkg/pkg-hash/pkg-vesion.tar.gz
can be turned into:
https://pypi.org.pkg/pkg-hash/pkg-vesion.tar.gz?buildroot-path=filename/python-pkg-version-cargo2.tar.gz
This way, we can use out default _SOURCE value, and construct a _SITE
that contains the actual package URL, with an arbtrary query.
NOTE: this is a stop-gap measure, to quickly fix those packages, while
waiting for a generic solution that works in all cases, not just with
PyPI.
NOTE-2: of course, if PyPI changes its policy, and no longer ignored the
query part, this is going to break again. Hence the need for a generic
solution...
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
5 lines
265 B
Plaintext
5 lines
265 B
Plaintext
# Locally calculated after vendoring
|
|
sha256 c16ec7e898efa0302cde6ac3c83ef8a2400f865d44941085b4f87784325fb89a python-rpds-py-0.18.1-cargo2.tar.gz
|
|
# Locally computed sha256 checksums
|
|
sha256 314e4e91be3baa93c0fb4bccc9e4e97cd643eb839b065af921782c2175fe9909 LICENSE
|