Validate license-files glob patterns individually

Co-authored-by: Marc Mueller <[email protected]>

Author: abravalheri

setuptools/dist.py

@@ -7,7 +7,7 @@
 import re
 import sys
 from collections.abc import Iterable, Iterator, MutableMapping, Sequence
-from glob import iglob
+from glob import glob
 from pathlib import Path
 from typing import TYPE_CHECKING, Any, Union
 
@@ -459,50 +459,78 @@ def _finalize_license_files(self) -> None:
             # See https://wheel.readthedocs.io/en/stable/user_guide.html
             # -> 'Including license files in the generated wheel file'
             patterns = ['LICEN[CS]E*', 'COPYING*', 'NOTICE*', 'AUTHORS*']
+            files = self._expand_patterns(patterns, enforce_match=False)
+        else:  # Patterns explicitly given by the user
+            files = self._expand_patterns(patterns, enforce_match=True)
 
-        self.metadata.license_files = list(
-            unique_everseen(self._expand_patterns(patterns)),
-        )
-
-        if license_files and not self.metadata.license_files:
-            # Pattern explicitly given but no file found
-            if not self.metadata.license_files:
-                SetuptoolsDeprecationWarning.emit(
-                    "Cannot find any license files for the given patterns.",
-                    f"The glob patterns {patterns!r} do not match any file.",
-                    due_date=(2026, 2, 20),
-                    # Warning introduced on 2025/02/18
-                    # PEP 639 requires us to error, but as a transition period
-                    # we will only issue a warning to give people time to prepare.
-                    # After the transition, this should raise an InvalidConfigError.
-                )
+        self.metadata.license_files = list(unique_everseen(files))
 
     @classmethod
-    def _expand_patterns(cls, patterns: list[str]) -> Iterator[str]:
+    def _expand_patterns(
+        cls, patterns: list[str], enforce_match: bool = True
+    ) -> Iterator[str]:
         """
         >>> list(Distribution._expand_patterns(['LICENSE']))
         ['LICENSE']
         >>> list(Distribution._expand_patterns(['pyproject.toml', 'LIC*']))
         ['pyproject.toml', 'LICENSE']
         >>> list(Distribution._expand_patterns(['setuptools/**/pyprojecttoml.py']))
         ['setuptools/config/pyprojecttoml.py']
-        >>> list(Distribution._expand_patterns(['../LICENSE']))
-        Traceback (most recent call last):
-        ...
-        setuptools.errors.InvalidConfigError: Pattern '../LICENSE' cannot contain '..'
         """
         return (
             path.replace(os.sep, "/")
             for pattern in patterns
-            for path in sorted(cls._find_pattern(pattern))
+            for path in sorted(cls._find_pattern(pattern, enforce_match))
             if not path.endswith('~') and os.path.isfile(path)
         )
 
     @staticmethod
-    def _find_pattern(pattern: str) -> Iterator[str]:
-        if ".." in pattern:  # XXX: Any other invalid character?
+    def _find_pattern(pattern: str, enforce_match: bool = True) -> list[str]:
+        r"""
+        >>> Distribution._find_pattern("LICENSE")
+        ['LICENSE']
+        >>> Distribution._find_pattern("/LICENSE.MIT")
+        Traceback (most recent call last):
+        ...
+        setuptools.errors.InvalidConfigError: Pattern '/LICENSE.MIT' should be relative...
+        >>> Distribution._find_pattern("../LICENSE.MIT")
+        Traceback (most recent call last):
+        ...
+        setuptools.errors.InvalidConfigError: ...Pattern '../LICENSE.MIT' cannot contain '..'
+        >>> Distribution._find_pattern("LICEN{CSE*")
+        Traceback (most recent call last):
+        ...
+        setuptools.warnings.SetuptoolsDeprecationWarning: ...Pattern 'LICEN{CSE*' contains invalid characters...
+        """
+        if ".." in pattern:
             raise InvalidConfigError(f"Pattern {pattern!r} cannot contain '..'")
-        return iglob(pattern, recursive=True)
+        if pattern.startswith((os.sep, "/")) or ":\\" in pattern:
+            raise InvalidConfigError(
+                f"Pattern {pattern!r} should be relative and must not start with '/'"
+            )
+        if re.match(r'^[\w\-\.\/\*\?\[\]]+$', pattern) is None:
+            pypa_guides = "specifications/pyproject-toml/#license-files"
+            SetuptoolsDeprecationWarning.emit(
+                "Please provide a valid glob pattern.",
+                "Pattern {pattern!r} contains invalid characters.",
+                pattern=pattern,
+                see_url=f"https://packaging.python.org/en/latest/{pypa_guides}",
+                due_date=(2025, 2, 20),  # Introduced in 2024-02-20
+            )
+
+        found = glob(pattern, recursive=True)
+
+        if enforce_match and not found:
+            SetuptoolsDeprecationWarning.emit(
+                "Cannot find any files for the given pattern.",
+                "Pattern {pattern!r} did not match any files.",
+                pattern=pattern,
+                due_date=(2025, 2, 20),  # Introduced in 2024-02-20
+                # PEP 639 requires us to error, but as a transition period
+                # we will only issue a warning to give people time to prepare.
+                # After the transition, this should raise an InvalidConfigError.
+            )
+        return found
 
     # FIXME: 'Distribution._parse_config_files' is too complex (14)
     def _parse_config_files(self, filenames=None):  # noqa: C901

setuptools/tests/config/test_apply_pyprojecttoml.py

@@ -465,7 +465,7 @@ def test_missing_patterns(self, tmp_path):
         pyproject = self.base_pyproject_license_pep639(tmp_path)
         assert list(tmp_path.glob("_FILE*")) == []  # sanity check
 
-        msg = "Cannot find any license files for the given patterns."
+        msg = "Cannot find any files for the given pattern.*"
         with pytest.warns(SetuptoolsDeprecationWarning, match=msg):
             pyprojecttoml.apply_configuration(makedist(tmp_path), pyproject)