Remove parent directories in python build source archive
Question:
I have the following setup for my python package:
my_package
┣ src
┃ ┗ __init__.py
┣ setup.cfg
┗ pyproject.toml
The __init__.py is empty, the pyproject.toml and the setup.cfg contain example output from the PyPi documentation page (content shown below).
Now, for uploading to PyPi and for packing the python project, I run the command
python -m build
This gives me a new directory dist (in my_package) containing a Test-0.0.0.tar.gz. All this is expected. But when I open the Test-0.0.0.tar.gz, I get the following content:
Test-0.0.0.tar.gz
┗ C:
┗ path
┗ to
┗ my
┗ dev-directory
┗ my_package
┗ dist
┗ tmp<some other characters>
┗ Test-0.0.0.tar
As you can see, the .tar.gz file contains the path on my local machine which is, obviously, not very privacy friendly. I absolutely do not want to upload files containing information about my private file tree structure. And I guess, this is also not intended. Plus, as far as I know, gzip does not allow to compress directories directly.
So my question is: What am I doing wrong in my build process?
PS: As you may have guessed by the document tree, I am developing on Windows – which might be important. My Python version is 3.7.1, installed via Miniconda3.
File contents:
pyproject.toml
[build-system]
requires = [
"setuptools>=42",
"wheel"
]
build-backend = "setuptools.build_meta"
setup.cfg
[metadata]
name=Test
[options]
package_dir =
= src
__init__.py is empty.
Answers:
I updated my python to version 3.9, now everything works. I tried to find an issue on the official GitHub repository, but I didn’t find it. Still, this is a very weird behaviour.
Stumbled upon this issue myself and I was curious to know why a Python upgrade corrected this. The issue is a result of a Python bug outlined in the following ticket:
tarfile: Do not write full path in FNAME field
https://github.com/python/cpython/issues/85488
This appears to have been corrected in the following Python interpreters:
There is some tickets discussing this on PyPA build, for example https://github.com/pypa/build/issues/255. From my understanding, it looks like the official solution is just to upgrade the Python interpreter. There are hints that a backporting of tarfile should help the module deal with older interpreters, but it does not look like it is planned at this time.
I have the following setup for my python package:
my_package
┣ src
┃ ┗ __init__.py
┣ setup.cfg
┗ pyproject.toml
The __init__.py is empty, the pyproject.toml and the setup.cfg contain example output from the PyPi documentation page (content shown below).
Now, for uploading to PyPi and for packing the python project, I run the command
python -m build
This gives me a new directory dist (in my_package) containing a Test-0.0.0.tar.gz. All this is expected. But when I open the Test-0.0.0.tar.gz, I get the following content:
Test-0.0.0.tar.gz
┗ C:
┗ path
┗ to
┗ my
┗ dev-directory
┗ my_package
┗ dist
┗ tmp<some other characters>
┗ Test-0.0.0.tar
As you can see, the .tar.gz file contains the path on my local machine which is, obviously, not very privacy friendly. I absolutely do not want to upload files containing information about my private file tree structure. And I guess, this is also not intended. Plus, as far as I know, gzip does not allow to compress directories directly.
So my question is: What am I doing wrong in my build process?
PS: As you may have guessed by the document tree, I am developing on Windows – which might be important. My Python version is 3.7.1, installed via Miniconda3.
File contents:
pyproject.toml
[build-system]
requires = [
"setuptools>=42",
"wheel"
]
build-backend = "setuptools.build_meta"
setup.cfg
[metadata]
name=Test
[options]
package_dir =
= src
__init__.py is empty.
I updated my python to version 3.9, now everything works. I tried to find an issue on the official GitHub repository, but I didn’t find it. Still, this is a very weird behaviour.
Stumbled upon this issue myself and I was curious to know why a Python upgrade corrected this. The issue is a result of a Python bug outlined in the following ticket:
tarfile: Do not write full path in FNAME field
https://github.com/python/cpython/issues/85488
This appears to have been corrected in the following Python interpreters:
There is some tickets discussing this on PyPA build, for example https://github.com/pypa/build/issues/255. From my understanding, it looks like the official solution is just to upgrade the Python interpreter. There are hints that a backporting of tarfile should help the module deal with older interpreters, but it does not look like it is planned at this time.