-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide content addressable URLs -- download by hash #23
Comments
That is not a helpful way to deal with this issue. Can you please reopen? The suggestion def source_url(name, version):
return f'{host}/packages/source/{name[0]}/{name}/{name}-{version}.tar.gz' is wrong for both examples provided:
It's not some historical artifact, the The suggestion to allow download |
Note that these inconsistencies are even worse for wheels, where things may be |
True, but those are expected to be known statically: def wheel_url(name, version, build_tag, python_tag, abi_tag, platform_tag): but I agree with the premise. In our package manager we want to use sdist and build binaries when packages are platform specific. So, we wanna be able to download universal wheels or sdist. For universal wheels we can do |
What's the problem this feature will solve?
In the Spack package manager we register the sha256 of the sources of any package, whether it's Python, C, C++, or Fortran.
For PyPI hosted packages we either have to
Option number 3 is pain due to inconsistencies, e.g.
or
Describe the solution you'd like
We'd prefer to only store the hash and do a single request to download the wheel / sdist from PyPI, without having to make a guess or deal with exceptions in naming.
That means we'd like to download by hash.
For example, if we wanna download
black-24.2.0-py3-none-any.whl
, which has a sha256e8a6ae970537e67830776488bca52000eaa37fa63b9988e8c487458d9cd5ace6
it would be great if that was just one request tohttps://files.pythonhosted.org/packages/black/sha256:e8a6ae970537e67830776488bca52000eaa37fa63b9988e8c487458d9cd5ace6
and have that redirect to the relevant download URL.
The text was updated successfully, but these errors were encountered: