Update purl2url support for pypi including download URL(s)#151
Update purl2url support for pypi including download URL(s)#151johnmhoran wants to merge 1 commit intopackage-url:mainfrom
Conversation
…l#143 Reference: package-url#143 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
| return download_url | ||
|
|
||
|
|
||
| def get_response(url): |
There was a problem hiding this comment.
I am not sure if we want to do network calls in package-url library @tdruez what's your thoughts on this.
There was a problem hiding this comment.
and I think in addition I need to download and vet the cocoapods JSON in order to ID the homepage URL or similar info in order to locate the cocoapods download repo (if one exists -- for one of the PURL spec examples for cocoapods, if I recall correctly, there is no download available so the generated URL returns a 404).
There was a problem hiding this comment.
@TG1999 I think this belongs to the inspectors and not to this library.
@pombredanne Thoughts?
There was a problem hiding this comment.
I agree. This should be moved to a library that does network calls. Here we never did this and we should keep this simple and local only.
|
@johnmhoran could you resubmit this PR to https://github.com/nexB/fetchcode/ instead? Thanks! |
|
@pombredanne I will close this PR after I've tracked the repo URL and download URL changes involved here (and in a local instance) so I can replicate where and as needed. Earlier this week I opened a fetchcode issue to address the fetchcode part -- aboutcode-org/fetchcode#116. This current purl2url issue originally came from the now-closed PURL CLI tool issue in purldb. I understand that going forward I need to
Is that an accurate statement of the plan? |
|
@pombredanne I've assumed my understanding of the steps (mentioned above) is correct and have deleted my local branch ( I'll use the new branch for my purl2url work and when ready will open a new PR here, and will add/update the cocoapods and pypi download-URL-related code in fetchcode/package.py. Closing this PR now. |
Reference: #143
@keshav-space @TG1999 This covers my initial pypi work. Cocoapods is next. I'd planned to include the cocoapods work in this PR along with the pypi work unless you suggest otherwise.
Note that in
purl2url.pyI've added a TODO (with questions/suggestions) in thebuild_pypi_download_url()docstring re whether and if so how we might want to include bothtar.gzand.whldownload URLs. See also my issue comment from 2 weeks ago which raises this issue (#143 (comment)) -- please let me know what you think.