From 4bb1a536de94bbe89b4eb86bc424e8595f6115d7 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Thu, 24 Apr 2025 07:51:52 -0500 Subject: [PATCH 1/3] Add PEP 770 to specifications --- .../binary-distribution-format.rst | 20 +++++++++++++++++++ .../recording-installed-packages.rst | 12 ++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/source/specifications/binary-distribution-format.rst b/source/specifications/binary-distribution-format.rst index 4d94e1052..38d80163e 100644 --- a/source/specifications/binary-distribution-format.rst +++ b/source/specifications/binary-distribution-format.rst @@ -253,6 +253,20 @@ The .dist-info directory installation will fail if any file in the archive is not both mentioned and correctly hashed in RECORD. +Subdirectories in :file:`.dist-info/` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Subdirectories under `.dist-info` are reserved for future use. +The following subdirectory names under `.dist-info` are reserved for specific usage: + +================= ============== +Subdirectory name PEP / Standard +================= ============== +``licenses`` :pep:`639` +``license_files`` :pep:`639` +``LICENSES`` `REUSE licensing framework `__ +``sboms`` :pep:`770` +================= ============== The :file:`.dist-info/licenses/` directory ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -263,6 +277,12 @@ fields is specified, the :file:`.dist-info/` directory MUST contain a ``License-File`` fields in the :file:`METADATA` file at their respective paths relative to the :file:`licenses/` directory. +The :file:`.dist-info/sboms/` directory +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +All files contained within the :file:`.dist-info/sboms` directory MUST +be Software Bill-of-Materials (SBOM) files that describe software contained +within the distribution archive. The .data directory ^^^^^^^^^^^^^^^^^^^ diff --git a/source/specifications/recording-installed-packages.rst b/source/specifications/recording-installed-packages.rst index 9e01ef6f1..c750fd03e 100644 --- a/source/specifications/recording-installed-packages.rst +++ b/source/specifications/recording-installed-packages.rst @@ -66,10 +66,11 @@ The ``METADATA`` file is mandatory. All other files may be omitted at the installing tool's discretion. Additional installer-specific files may be present. -This :file:`.dist-info/` directory may contain the following directory, described in +This :file:`.dist-info/` directory may contain the following directories, described in detail below: * :file:`licenses/`: contains license files. +* :file:`sboms/`: contains Software Bill-of-Materials files (SBOMs). .. note:: @@ -235,6 +236,15 @@ the :file:`METADATA` file at their respective paths relative to the Any files in this directory MUST be copied from wheels by the install tools. +The :file:`sboms/` subdirectory +================================== + +All files contained within the :file:`.dist-info/sboms` directory MUST +be Software Bill-of-Materials (SBOM) files that describe software contained +within the installed package. +Any files in this directory MUST be copied from wheels by the install tools. + + Intentionally preventing changes to installed packages ====================================================== From cd5925c5e55de12e649f533103191db9065930ff Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Thu, 24 Apr 2025 09:06:35 -0500 Subject: [PATCH 2/3] Fix reference issue --- source/specifications/binary-distribution-format.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/specifications/binary-distribution-format.rst b/source/specifications/binary-distribution-format.rst index 38d80163e..f9bd4b1d5 100644 --- a/source/specifications/binary-distribution-format.rst +++ b/source/specifications/binary-distribution-format.rst @@ -256,8 +256,8 @@ The .dist-info directory Subdirectories in :file:`.dist-info/` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Subdirectories under `.dist-info` are reserved for future use. -The following subdirectory names under `.dist-info` are reserved for specific usage: +Subdirectories under :file:`.dist-info` are reserved for future use. +The following subdirectory names under :file:`.dist-info` are reserved for specific usage: ================= ============== Subdirectory name PEP / Standard From cff79d775af203ed023102fd365e31357e5ddf22 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Sat, 26 Apr 2025 11:32:43 -0500 Subject: [PATCH 3/3] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) --- source/specifications/binary-distribution-format.rst | 6 +++--- source/specifications/recording-installed-packages.rst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source/specifications/binary-distribution-format.rst b/source/specifications/binary-distribution-format.rst index f9bd4b1d5..8bb41ab40 100644 --- a/source/specifications/binary-distribution-format.rst +++ b/source/specifications/binary-distribution-format.rst @@ -256,8 +256,8 @@ The .dist-info directory Subdirectories in :file:`.dist-info/` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Subdirectories under :file:`.dist-info` are reserved for future use. -The following subdirectory names under :file:`.dist-info` are reserved for specific usage: +Subdirectories under :file:`.dist-info/` are reserved for future use. +The following subdirectory names under :file:`.dist-info/` are reserved for specific usage: ================= ============== Subdirectory name PEP / Standard @@ -280,7 +280,7 @@ relative to the :file:`licenses/` directory. The :file:`.dist-info/sboms/` directory ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -All files contained within the :file:`.dist-info/sboms` directory MUST +All files contained within the :file:`.dist-info/sboms/` directory MUST be Software Bill-of-Materials (SBOM) files that describe software contained within the distribution archive. diff --git a/source/specifications/recording-installed-packages.rst b/source/specifications/recording-installed-packages.rst index c750fd03e..a689fa7fd 100644 --- a/source/specifications/recording-installed-packages.rst +++ b/source/specifications/recording-installed-packages.rst @@ -239,7 +239,7 @@ Any files in this directory MUST be copied from wheels by the install tools. The :file:`sboms/` subdirectory ================================== -All files contained within the :file:`.dist-info/sboms` directory MUST +All files contained within the :file:`.dist-info/sboms/` directory MUST be Software Bill-of-Materials (SBOM) files that describe software contained within the installed package. Any files in this directory MUST be copied from wheels by the install tools.