git » python-structlog.git » commit 588a93b

Update to 24.2.0

author Chih-Hsuan Yen
2024-05-28 14:03:00 UTC
committer Chih-Hsuan Yen
2024-06-01 03:46:00 UTC
parent 6307cd6d570f0f69731501fcf20edc93e96e0fd7
Update to 24.2.0

* Switch to SSH signatures following upstream [1]
* Keep pinning _tag instead of switching to git checksums, as upstream
  uses .gitattributes, making pacman checksums unstable. The fix is
  not in a stable pacman release yet [2].
* Use SPDX licenses

[1] https://github.com/hynek/structlog/issues/623
[2] https://gitlab.archlinux.org/pacman/pacman/-/issues/147
.SRCINFO +7 -4
PKGBUILD +18 -7
ssh_allowed_signers +4 -0 
diff --git a/.SRCINFO b/.SRCINFO
index d625294..d723d5b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,10 +1,10 @@
 pkgbase = python-structlog
 	pkgdesc = Structured Logging for Python
-	pkgver = 24.1.0
-	pkgrel = 2
+	pkgver = 24.2.0
+	pkgrel = 1
 	url = https://www.structlog.org
 	arch = any
-	license = Apache
+	license = MIT OR Apache-2.0
 	checkdepends = python-pytest
 	checkdepends = python-freezegun
 	checkdepends = python-pretend
@@ -15,6 +15,7 @@ pkgbase = python-structlog
 	checkdepends = python-pytest-asyncio
 	checkdepends = python-rich
 	makedepends = git
+	makedepends = openssh
 	makedepends = python-build
 	makedepends = python-installer
 	makedepends = python-hatchling
@@ -24,8 +25,10 @@ pkgbase = python-structlog
 	optdepends = python-greenlet: for greenlet support in structlog.threadlocal (deprecated)
 	optdepends = python-twisted: for structlog.twisted
 	optdepends = python-rich: for structlog.dev
-	source = git+https://github.com/hynek/structlog.git?signed#tag=3dac758cc28fc063067cfce57e37c67b16daf00d
+	source = git+https://github.com/hynek/structlog.git#tag=490f3f3175fd8852c28da2f3c171e84b4f860878
+	source = ssh_allowed_signers
 	validpgpkeys = C2A04F86ACE28ADCF817DBB7AE2536227F69F181
 	sha512sums = SKIP
+	sha512sums = 6ccc3793e6128783b745879785264f66961a6d3aeefd4c39746503490fe0c36c92807f3149ed601fdaaf84be244a6b24882a337025a2dd317a96d75b50f1fabd
 
 pkgname = python-structlog
diff --git a/PKGBUILD b/PKGBUILD
index 2f1c597..4e1ffcb 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,16 +3,18 @@
 
 pkgname=python-structlog
 # https://github.com/hynek/structlog/blob/main/CHANGELOG.md
-pkgver=24.1.0
+pkgver=24.2.0
 # curl https://api.github.com/repos/hynek/structlog/git/ref/tags/$pkgver | jq -r .object.sha
-_tag=3dac758cc28fc063067cfce57e37c67b16daf00d
-pkgrel=2
+_tag=490f3f3175fd8852c28da2f3c171e84b4f860878
+pkgrel=1
 pkgdesc="Structured Logging for Python"
 url="https://www.structlog.org"
-license=('Apache')
+# https://github.com/hynek/structlog/blob/24.2.0/pyproject.toml#L14
+license=('MIT OR Apache-2.0')
 arch=('any')
 depends=('python')
-makedepends=('git' 'python-build' 'python-installer'
+# openssh needed to verify SSH signatures
+makedepends=('git' 'openssh' 'python-build' 'python-installer'
              'python-hatchling' 'python-hatch-vcs' 'python-hatch-fancy-pypi-readme')
 checkdepends=('python-pytest' 'python-freezegun' 'python-pretend' 'python-simplejson'
               'python-twisted' 'python-rapidjson' 'python-greenlet' 'python-pytest-asyncio'
@@ -23,12 +25,20 @@ optdepends=(
   'python-rich: for structlog.dev'
 )
 # The PyPI tarball is signed, but missing conftest.py
-source=("git+https://github.com/hynek/structlog.git?signed#tag=$_tag")
-sha512sums=('SKIP')
+source=("git+https://github.com/hynek/structlog.git#tag=$_tag"
+        "ssh_allowed_signers")
+sha512sums=('SKIP'
+            '6ccc3793e6128783b745879785264f66961a6d3aeefd4c39746503490fe0c36c92807f3149ed601fdaaf84be244a6b24882a337025a2dd317a96d75b50f1fabd')
 validpgpkeys=(
   'C2A04F86ACE28ADCF817DBB7AE2536227F69F181'  # https://keys.openpgp.org/vks/v1/by-fingerprint/C2A04F86ACE28ADCF817DBB7AE2536227F69F181
 )
 
+# XXX: move to verify() when devtools supports it
+# https://gitlab.archlinux.org/archlinux/devtools/-/issues/224
+prepare() {
+  git -C structlog -c gpg.ssh.allowedSignersFile="$srcdir/ssh_allowed_signers" verify-tag $pkgver
+}
+
 pkgver() {
   cd structlog
   git describe --tags
@@ -50,4 +60,5 @@ check() {
 package() {
   cd structlog
   python -m installer --destdir="$pkgdir" dist/*.whl
+  install -Dm644 LICENSE-{APACHE,MIT} -t "$pkgdir"/usr/share/licenses/$pkgname
 }
diff --git a/ssh_allowed_signers b/ssh_allowed_signers
new file mode 100644
index 0000000..2cec656
--- /dev/null
+++ b/ssh_allowed_signers
@@ -0,0 +1,4 @@
+# From https://github.com/hynek.keys
+hs@ox.cx namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBE7gQJRZIiYSXl8l72aDthoQ1AQIW/3fmmzLZ+XRODW
+hs@ox.cx namespaces="git" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6C0xOpjOzgHMVJWmajKSu3SF1dbKi+TG43JbjgAC1GivtL72k5A7UaB9h4jDevEDbWFwozg0iqyLB9ANsF3DU/pm7rrZ6W4hH7DtXhlrkcpvWiUvGcWG0rScRc5kn/0M9AbJ8bNdPot1P/wcZsIjpheJbWTwtuhlHIQcIZE6wiUIqemru9YzD/Jl/FtuUl0kwK3AlgJA2o4yQHoAmuHH9JLhrt4HqogJ44QcsQfs8SVSfpfa3egJA5CA6QNKleW1FUmUyGkBJgONLzkwkY2Z/F5ttgnHRfGGHAn7RZWCBxyVXCbQn29K/7u1pLbgfElgR0Xis524bvvSNRx0M6/rG5s/IHi8ezoVvEtH/8pVy9nEfCCsR/LOh7xMssdJWb3frTZkc0YulTtPlrJUjlHe0zepuArozd0+wAZvbm3WBvB+4Kzpmdx8Hs2xRQ/Zu3ILhWaeJUTaiJMJghZrNjyqQAg7jJUdi5zcu0uMRrkOM6D7bskfAcs6AmCeYgBgIJDQgaSEX1FuxYUY+IROJlcq849M0xMqintUY2v0YHAmBYx76OnP4tSNXFmUMmRKrGV+DRd4ZB+21Hxnij9X0DOWN4JOhiAgyeXhC/bL6Fw4NOhEB0Yu6A1zr1PtuA5ziAiDeqhuaCFe8grmcyXRJn3Tf8tb/EdJrwUCvr3m1qeA+HQ==
+hs@ox.cx namespaces="git" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQY8FlRSomOOh/g5NwFyUURIn5VZwOaPZeKJP1VC/5goQTUWO90SdPeEWJndZHjrcehIo3BEfv50y3WFvqeUQ0tUm+PiEAPUFuEhhkyaCGI1r87fB7Sqa7pvn3WH5ycfF3yiod/STxuHTnS/sSCWljieMZAvQ9xtAE0vU0hx/LX2OLcMkjM/2kB127d5H2WChTWwdMnf7k/srVZO/YNyieDU2dMcSARnupD64RaBV4yPNuQV+K8Zqqil2/8lLAU/l/EIafKY7ZjSUab5nx/YqdVzYHt3OSsGM8+u1U7SPrXWbiyvXP2GOMAE6emU6OerqwpDoXq74L7q5kOM8CRu2j