Error when a `project.license-files` glob matches nothing #16697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

konstin merged 10 commits into astral-sh:main from terror:license-files-error

Nov 14, 2025

+89 −4

Contributor

terror commented Nov 12, 2025

Resolves #16693

PEP 639 requires build tools to error if any user-specified project.license-files glob fails to match a file, but uv currently allows the build to succeed and produces empty .dist-info/licenses/ directories.

This PR enforces the spec by tracking matches for each glob during metadata generation, raising a clear
validation error when one is unmatched.

terror added 3 commits

November 11, 2025 21:07


          Fail build when project.license-files globs match nothing

e6ce421


          Use into_iter

c774671


          Inline glob function

34ded9c

terror marked this pull request as draft

November 12, 2025 02:26


          Handle symlinks

e943af5

terror marked this pull request as ready for review

November 12, 2025 02:44

terror commented

View reviewed changes

crates/uv-build-backend/src/metadata.rs Outdated Show resolved Hide resolved

terror mentioned this pull request

Enforce UTF‑8-encoded license files during uv build #16699

Merged

zanieb requested a review from konstin

November 12, 2025 15:00

konstin reviewed

View reviewed changes

crates/uv-build-backend/src/metadata.rs Outdated

    
                              let license_glob_matchers = license_globs_parsed

                                  .iter()

                                  .map(Glob::compile_matcher)

Member

konstin Nov 13, 2025

Why aren't we using PortableGlobParser::Pep639 here?

Contributor Author

terror Nov 13, 2025

Each one of those globs went through the PEP 639 parser, we're just calling compile_matcher on them here.

crates/uv-build-backend/src/metadata.rs Outdated Show resolved Hide resolved

crates/uv/tests/it/build_backend.rs Outdated Show resolved Hide resolved

crates/uv-build-backend/src/metadata.rs Outdated Show resolved Hide resolved

crates/uv-build-backend/src/metadata.rs Outdated Show resolved Hide resolved

crates/uv-build-backend/src/metadata.rs Outdated Show resolved Hide resolved

crates/uv-build-backend/src/metadata.rs Outdated

    
                              if let Some(pattern) = license_glob_patterns

                                  .iter()

                                  .zip(license_globs_matched.iter())

                                  .find_map(|(pattern, matched)| (!matched).then_some(pattern))

Member

konstin Nov 13, 2025

nit: Just filter is simpler than then_some

Contributor Author

terror Nov 13, 2025

I broke this out into separate find and map calls to make this more clear, using filter here doesn't make sense to me 🤔

Member

konstin Nov 14, 2025

You don't need to map explicitly, you can use a Some((_, pattern)) pattern

Contributor Author

terror Nov 14, 2025

Ah right, just tweaked this

konstin added a commit that referenced this pull request


          Enforce UTF‑8-encoded license files during uv build (#16699)

e28dc62

I noticed this when working on
#16697.

[PEP 639](https://peps.python.org/pep-0639/#add-license-files-key)
expects tools to ship license texts as UTF‑8, but previously `uv build`
would quietly include any binary blob listed under
`project.license-files`.

I have no clue what is going on with `rustfmt` for this file, but it
seems that when I add the check, it wants to reformat a bunch of
surrounding stuff.

The relevant part to look at is:

```rust
for license_file in &license_files {
    let file_path = root.join(license_file);
    let bytes = fs_err::read(&file_path)?;
    if str::from_utf8(&bytes).is_err() {
        return Err(ValidationError::LicenseFileNotUtf8(license_file.clone()).into());
    }
}
```

where we validate all collected license files before proceeding.

---------

Co-authored-by: konstin <konstin@mailbox.org>

terror added 6 commits

November 13, 2025 11:56


          Merge branch 'main' into license-files-error

4b48b7e


          Add comment and additional glob

a537f97


          Compile matchers on the fly

1f767b9


          Use find / map

3c23e38


          Remove explicit into_iter

bdc4e38


          Remove explicit map

konstin changed the title ~~Fail build when project.license-files globs match nothing~~ Error when a project.license-files glob matches nothing

konstin added the enhancement label

konstin approved these changes

View reviewed changes

Member

konstin left a comment

Thanks!

konstin merged commit 1a14d59 into astral-sh:main

100 checks passed

BrewTestBot mentioned this pull request

uv 0.9.10 Homebrew/homebrew-core#254745

Merged

tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request


          build(deps): update astral-sh/uv to v0.9.10

be90fa5

This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.9.9` -> `0.9.10` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.9.10`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0910)

[Compare Source](astral-sh/uv@0.9.9...0.9.10)

Released on 2025-11-17.

##### Enhancements

- Add support for `SSL_CERT_DIR` ([#&#8203;16473](astral-sh/uv#16473))
- Enforce UTF‑8-encoded license files during `uv build` ([#&#8203;16699](astral-sh/uv#16699))
- Error when a `project.license-files` glob matches nothing ([#&#8203;16697](astral-sh/uv#16697))
- `pip install --target` (and `sync`) install Python if necessary ([#&#8203;16694](astral-sh/uv#16694))
- Account for `python_downloads_json_url` in pre-release Python version warnings ([#&#8203;16737](astral-sh/uv#16737))
- Support HTTP/HTTPS URLs in `uv python --python-downloads-json-url` ([#&#8203;16542](astral-sh/uv#16542))

##### Preview features

- Add support for `--upgrade` in `uv python install` ([#&#8203;16676](astral-sh/uv#16676))
- Fix handling of `python install --default` for pre-release Python versions ([#&#8203;16706](astral-sh/uv#16706))
- Add `uv workspace list` to list workspace members ([#&#8203;16691](astral-sh/uv#16691))

##### Bug fixes

- Don't check file URLs for ambiguously parsed credentials ([#&#8203;16759](astral-sh/uv#16759))

##### Documentation

- Add a "storage" reference document ([#&#8203;15954](astral-sh/uv#15954))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels