setuptools icon indicating copy to clipboard operation
setuptools copied to clipboard
verified publisher icon pypa

[BUG] pkg_resources does not parse METADATA correctly

Open hauntsaninja opened this issue 3 years ago • 1 comments

setuptools version

whatever pip bundles, but also latest

Python version

3.10

Description

_version_from_file is incorrect: https://github.com/pypa/setuptools/blob/8032430d75cdfad9f9826d302d90cd7b23dea3ca/pkg_resources/init.py#L2564

In particular, it doesn't handle versions longer than 67 characters well, because email.parser.BytesParser(policy=email.policy.compat32).as_bytes() will insert a new line between "Version:" and the actual version.

The PyPA specifications describe how metadata should be parsed at https://packaging.python.org/en/latest/specifications/core-metadata/

The standard file format for metadata (including in wheels and installed projects) is based on the format of email headers. However, email formats have been revised several times, and exactly which email RFC applies to packaging metadata is not specified. In the absence of a precise definition, the practical standard is set by what the standard library email.parser module can parse using the compat32 policy.

This isn't theoretical, I encountered this from a real use case at work

Expected behavior

I expect my wheels with long versions and METADATA produced by email.parser.BytesParser(policy=email.policy.compat32).as_bytes() to work

How to Reproduce

Make a wheel containing a METADATA file with something like:

Metadata-Version: 2.1
Name: dist-name
Version: 
 0.0.0+super.duper.long.version.string.that.is.longer.than.sixty.seven.characters
Requires-Dist: numpy

You can also reproduce by running the tests introduced in this commit: https://github.com/hauntsaninja/change_wheel_version/commit/138d258b241487f77c890e6d299f0de7d0a63c7f (after removing the workaround introduced in that commit)

Output

You get output like:

  File "/var/folders/0y/wt5dx2vj6t16wq97pglrkynm0000gp/T/tmpj3lzgzm2/venv/lib/python3.10/site-packages/pip/_vendor/pkg_resources/__init__.py", line 2689, in version
    raise ValueError(msg, self)
ValueError: ("Missing 'Version:' header and/or METADATA file at path: [could not detect]", pypyp [unknown version] (/var/folders/0y/wt5dx2vj6t16wq97pglrkynm0000gp/T/tmpj3lzgzm2/pypyp-1+super.duper.long.version.string.that.is.longer.than.sixty.eight.characters-py3-none-any.whl))

when trying to install it (via pip)

hauntsaninja avatar Feb 03 '23 03:02 hauntsaninja

setuptools no longer uses pkg_resources, are you still encountering this issue ? (issue might need to be updated)

Avasam avatar Jun 01 '25 05:06 Avasam

Setuptools has removed pkg_resources and now relies on importlib.metadata for this behavior.

jaraco avatar Feb 08 '26 08:02 jaraco