python-twine/python-twine.spec

108 lines
3.6 KiB
RPMSpec

#
# spec file for package python-twine
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: python-twine
Version: 1.8.1
Release: 0
Summary: Collection of utilities for interacting with PyPI
License: Apache-2.0
Group: Development/Languages/Python
Url: https://github.com/dstufft/twine
Source: https://pypi.python.org/packages/source/t/twine/twine-%{version}.tar.gz
BuildRequires: python-devel
BuildRequires: python-setuptools
Requires(post): update-alternatives
Requires(postun): update-alternatives
Requires: python-pkginfo
Requires: python-requests-toolbelt >= 0.4.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
Requires: python-argparse
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch: noarch
%endif
%description
Twine is a utility for interacting with PyPI.
Currently it only supports uploading distributions.
Why Should I Use This?
----------------------
The biggest reason to use twine is that python setup.py upload uploads
files over plaintext. This means anytime you use it you expose your username
and password to a MITM attack. Twine uses only verified TLS to upload to PyPI
protecting your credentials from theft.
Secondly it allows you to precreate your distribution files.
python setup.py upload only allows you to upload something that you've
created in the same command invocation. This means that you cannot test the
exact file you're going to upload to PyPI to ensure that it works before
uploading it.
Finally it allows you to pre-sign your files and pass the .asc files into
the command line invocation
(twine upload twine-1.0.1.tar.gz twine-1.0.1.tar.gz.asc). This enables you
to be assured that you're typing your gpg passphrase into gpg itself and not
anything else since *you* will be the one directly executing
gpg --detach-sign -a <filename>.
Features
--------
* Verified HTTPS Connections
* Uploading doesn't require executing setup.py
* Uploading files that have already been created, allowing testing of
distributions before release
%prep
%setup -q -n twine-%{version}
%build
python setup.py build
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}
mv %{buildroot}%{_bindir}/twine %{buildroot}%{_bindir}/twine-%{py_ver}
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
touch %{buildroot}%{_sysconfdir}/alternatives/twine
ln -s -f %{_sysconfdir}/alternatives/twine %{buildroot}%{_bindir}/twine
%post
%_sbindir/update-alternatives \
--install %{_bindir}/twine twine %{_bindir}/twine-%{py_ver} 30
%postun
if [ $1 -eq 0 ] ; then
%_sbindir/update-alternatives --remove twine %{_bindir}/twine-%{py_ver}
fi
%files
%defattr(-,root,root,-)
%doc AUTHORS LICENSE README.rst
%{_bindir}/twine
%{_bindir}/twine-%{py_ver}
%{python_sitelib}/*
%ghost %{_sysconfdir}/alternatives/twine
%changelog