Merge pull request #1626 from joshuagl/joshuagl/build

Modernise packaging configuration
2026-05-24 10:08:28 +00:00 · 2021-10-21 20:01:55 +01:00 · 2021-10-21 20:01:55 +01:00 · 6d18d53ec0
commit 6d18d53ec0
parent 69eb29fc80 de1a3af019
9 changed files with 73 additions and 159 deletions
--- a/.gitignore
+++ b/.gitignore
@ -22,6 +22,7 @@ tests/htmlcov/*
 *~
 *.tmp
 .pre-commit-config.yaml
+.vscode

 # Debian generated files
 debian/.debhelper/*
--- a/.gitmodules
+++ b/.gitmodules
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -1,29 +1,15 @@
+# License files
 include LICENSE*
-include README.md
-include tox.ini
-include tests/repository_data/keystore/delegation_key
-include tests/repository_data/keystore/root_key*
-include tests/repository_data/keystore/snapshot_key
-include tests/repository_data/keystore/targets_key
-include tests/repository_data/keystore/timestamp_key
-include tests/ssl_certs/*.crt
-include tests/ssl_certs/*.key

-recursive-include docs *.txt
-recursive-include docs *.md
-recursive-include docs *.rst
-recursive-include docs/images *.png
-recursive-include tuf/scripts *.py
-recursive-include examples *
-recursive-include tests *.py
-recursive-include tests *.pem
-recursive-include tests *.json
-recursive-include tests *.txt
-recursive-include tests *.cfg
-recursive-include tests *.coveragerc
-recursive-include tests *.gz
-recursive-include tests *.pub
-recursive-include tuf *.gitignore
+# Development and testing
+include *.txt
+global-include pylintrc
+include tox.ini
+graft tests
+
+# Documentation
+graft docs
 recursive-include tuf *.md
-recursive-include tuf *.rst
-recursive-include tuf *.yml
+
+# To remove
+recursive-include tuf/scripts *.py
--- a/docs/RELEASE.md
+++ b/docs/RELEASE.md
@ -5,12 +5,11 @@
  tracked by git
 * Ensure `docs/CHANGELOG.md` contains a one-line summary of each [notable
  change](https://keepachangelog.com/) since the prior release
-* Update `setup.py` and `tuf/__init__.py` to the new version number vA.B.C
+* Update `setup.cfg` and `tuf/__init__.py` to the new version number vA.B.C
 * Test packaging, uploading to Test PyPI and installing from a virtual environment
  (ensure commands invoking `python` below are using Python 3)
  * Remove existing dist build dirs
-  * Create source dist `python3 setup.py sdist`
-  * Create wheel `python3 setup.py bdist_wheel`
+  * Create source dist and wheel `python3 -m build`
  * Sign the dists `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
  * Upload to test PyPI `twine upload --repository testpypi dist/*`
  * Verify the uploaded package https://testpypi.python.org/pypi/tuf/
@ -24,13 +23,12 @@
 * Create a package for the formal release
  (ensure commands invoking `python` below are using Python 3)
  * Remove existing dist build dirs
-  * Create source dist `python3 setup.py sdist`
-  * Create wheel `python3 setup.py bdist_wheel`
+  * Create source dist and wheel `python3 -m build`
  * Sign source dist `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
  * Sign wheel `gpg --detach-sign -a dist/tuf-vA.B.C-py3-none-any.whl`
  * Upload to test PyPI `twine upload --repository testpypi dist/*`
  * Verify the uploaded package https://testpypi.python.org/pypi/tuf/
  * Upload to PyPI `twine upload dist/*`
-* Attach the signed dists to the release on GitHub
+* Attach both signed dists and their detached signatures to the release on GitHub
 * Announce the release on [#tuf on CNCF Slack](https://cloud-native.slack.com/archives/C8NMD3QJ3)
 * Ensure [POUF 1](https://github.com/theupdateframework/taps/blob/master/POUFs/reference-POUF/pouf1.md), for the reference implementation, is up-to-date
--- a/pyproject.toml
+++ b/pyproject.toml
@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools>=40.8.0", "wheel"]
+build-backend = "setuptools.build_meta"
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@ -1,5 +1,8 @@
 # Install tuf in editable mode and requirements for local testing with tox,
 # and also for running test suite or individual tests manually
+build
 tox
+twine
+wheel
 -r requirements-test.txt
 -e .
--- a/setup.cfg
+++ b/setup.cfg
@ -1,8 +1,54 @@
+[metadata]
+name = tuf
+version = 0.19.0
+author = https://www.updateframework.com
+author_email = theupdateframework@googlegroups.com
+description = A secure updater framework for Python
+long_description = file: README.md
+long_description_content_type = text/markdown
+url = https://www.updateframework.com
+project_urls =
+  Documentation = https://theupdateframework.readthedocs.io/en/stable/
+  Issues = https://github.com/theupdateframework/python-tuf/issues
+  Source = https://github.com/theupdateframework/python-tuf
+classifiers =
+  Development Status :: 4 - Beta
+  Intended Audience :: Developers
+  License :: OSI Approved :: MIT License
+  License :: OSI Approved :: Apache Software License
+  Operating System :: POSIX
+  Operating System :: POSIX :: Linux
+  Operating System :: MacOS :: MacOS X
+  Operating System :: Microsoft :: Windows
+  Programming Language :: Python :: 3
+  Programming Language :: Python :: 3.6
+  Programming Language :: Python :: 3.7
+  Programming Language :: Python :: 3.8
+  Programming Language :: Python :: 3.9
+  Programming Language :: Python :: 3.10
+  Programming Language :: Python :: Implementation :: CPython
+  Topic :: Security
+  Topic :: Software Development
+keywords = update updater secure authentication key compromise revocation
+license_files = LICENSE LICENSE-MIT
+
+[options]
+packages = find:
+scripts =
+  tuf/scripts/repo.py
+  tuf/scripts/client.py
+python_requires = ~=3.6
+install_requires =
+  requests>=2.19.1
+  securesystemslib>=0.20.0
+
+[options.packages.find]
+exclude = tests
+
 [check-manifest]
 ignore =
-  requirements-dev.txt
-  .travis.yml
-  .coveragerc
+  .fossa.yml
+  .readthedocs.yaml

 [mypy]
 warn_unused_configs = True
--- a/setup.py
+++ b/setup.py
@ -1,123 +0,0 @@
-#!/usr/bin/env python
-
-# Copyright 2013 - 2018, New York University and the TUF contributors
-# SPDX-License-Identifier: MIT OR Apache-2.0
-
-"""
-<Program Name>
-  setup.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  March 2013.
-
-<Copyright>
-  See LICENSE-MIT OR LICENSE for licensing information.
-
-<Purpose>
-  BUILD SOURCE DISTRIBUTION
-
-  The following shell command generates a TUF source archive that can be
-  distributed to other users.  The packaged source is saved to the 'dist'
-  folder in the current directory.
-
-  $ python3 setup.py sdist
-
-
-  INSTALLATION OPTIONS
-
-  pip - installing and managing Python packages (recommended):
-
-  # Installing from Python Package Index (https://pypi.python.org/pypi).
-  $ python3 -m pip install tuf
-
-  # Installing from local source archive.
-  $ python3 -m pip install <path to archive>
-
-  # Or from the root directory of the unpacked archive.
-  $ python3 -m pip install .
-
-  # Installing optional requirements (i.e., after installing tuf).
-  # Support for creation of Ed25519 signatures and support for RSA and ECDSA
-  # signatures in general requires optional dependencies:
-  $ python3 -m pip install securesystemslib[crypto,pynacl]
-
-
-  Alternate installation options:
-
-  Navigate to the root directory of the unpacked archive and
-  run one of the following shell commands:
-
-  Install to the global site-packages directory.
-  $ python3 setup.py install
-
-  Install to the user site-packages directory.
-  $ python3 setup.py install --user
-
-  Install to a chosen directory.
-  $ python3 setup.py install --home=<directory>
-
-
-  Note: The last two installation options may require modification of
-  Python's search path (i.e., 'sys.path') or updating an OS environment
-  variable.  For example, installing to the user site-packages directory might
-  result in the installation of TUF scripts to '~/.local/bin'.  The user may
-  then be required to update his $PATH variable:
-  $ export PATH=$PATH:~/.local/bin
-"""
-
-from setuptools import setup
-from setuptools import find_packages
-
-
-with open('README.md') as file_object:
-  long_description = file_object.read()
-
-
-setup(
-  name = 'tuf',
-  version = '0.19.0', # If updating version, also update it in tuf/__init__.py
-  description = 'A secure updater framework for Python',
-  long_description = long_description,
-  long_description_content_type='text/markdown',
-  author = 'https://www.updateframework.com',
-  author_email = 'theupdateframework@googlegroups.com',
-  url = 'https://www.updateframework.com',
-  keywords = 'update updater secure authentication key compromise revocation',
-  classifiers = [
-    'Development Status :: 4 - Beta',
-    'Intended Audience :: Developers',
-    'License :: OSI Approved :: MIT License',
-    'License :: OSI Approved :: Apache Software License',
-    'Natural Language :: English',
-    'Operating System :: POSIX',
-    'Operating System :: POSIX :: Linux',
-    'Operating System :: MacOS :: MacOS X',
-    'Operating System :: Microsoft :: Windows',
-    'Programming Language :: Python :: 3',
-    'Programming Language :: Python :: 3.6',
-    'Programming Language :: Python :: 3.7',
-    'Programming Language :: Python :: 3.8',
-    'Programming Language :: Python :: 3.9',
-    'Programming Language :: Python :: 3.10',
-    'Programming Language :: Python :: Implementation :: CPython',
-    'Topic :: Security',
-    'Topic :: Software Development'
-  ],
-  project_urls={
-    'Source': 'https://github.com/theupdateframework/python-tuf',
-    'Issues': 'https://github.com/theupdateframework/python-tuf/issues'
-  },
-  python_requires="~=3.6",
-  install_requires = [
-    'requests>=2.19.1',
-    'securesystemslib>=0.20.0'
-  ],
-  packages = find_packages(exclude=['tests']),
-  scripts = [
-    'tuf/scripts/repo.py',
-    'tuf/scripts/client.py'
-  ]
-)
--- a/tuf/init.py
+++ b/tuf/init.py
@ -1,5 +1,5 @@
 # This value is used in the requests user agent.
-# setup.py has it hard-coded separately.
+# setup.cfg has it hard-coded separately.
 # Currently, when the version is changed, it must be set in both locations.
 # TODO: Single-source the version number.
 __version__ = "0.19.0"