Deb-pkg-tools

Latest version: v8.3

Safety actively analyzes 687918 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 25

8.3

---------------------------

Minor improvements to the :mod:`deb_pkg_tools.deb822` module:

**Slightly relax deb822 parsing**
Leading and trailing comment blocks and empty lines that directly precede or
follow a paragraph of control fields are now silently ignored. This is
intended to improve compatibility with :pypi:`python-debian`.

**Improve deb822 parse errors**
Shortly after I started using deb-pkg-tools 8.0 it became apparent that
:func:`deb_pkg_tools.deb822.parse_deb822()` is quite a bit more strict than
the previous usage of :pypi:`python-debian`. While I don't necessarily
consider this a bad thing, it definitely highlighted a weak spot: The error
messages didn't include filenames or line numbers. This is now fixed.

.. _Release 8.3: https://github.com/xolox/python-deb-pkg-tools/compare/8.2...8.3

8.2

---------------------------

Removed :func:`textwrap.indent()` usage from :mod:`deb_pkg_tools.deb822` module
because this function isn't available on Python 2.7 which :pypi:`deb-pkg-tools`
still supports. Also added a regression test.

.. note:: While I definitely intend to drop Python 2 support in my open source
projects at some point, right now is not the time for that just yet.

.. _Release 8.2: https://github.com/xolox/python-deb-pkg-tools/compare/8.1...8.2

8.1

---------------------------

- Merged `pull request 22`_ which avoids a :exc:`~exceptions.ValueError`
exception in the :func:`.inspect_package_contents()` function when a device
file entry is parsed.

- Enhanced the :func:`.inspect_package_contents()` function to properly parse
device file type information exposed via the new
:attr:`.ArchiveEntry.device_type` attribute.

- Added a regression test for device file type parsing.

.. _Release 8.1: https://github.com/xolox/python-deb-pkg-tools/compare/8.0...8.1
.. _pull request 22: https://github.com/xolox/python-deb-pkg-tools/pull/22

8.0

---------------------------

**Dropped GPL2 dependencies**
The main purpose of this release was to resolve `issue 20`_ by dropping two
GPL2 dependencies to avoid having to change the :pypi:`deb-pkg-tools` license
from MIT to GPL2:

python-apt_
This dependency was previously used for Debian version comparison. This
functionality has now been implemented in pure Python, for more details
please refer to the new :mod:`deb_pkg_tools.version.native` module.

.. note:: If this change introduces regressions for you, take a look at the
:data:`deb_pkg_tools.version.PREFER_DPKG` variable, it may help as
a temporary workaround. Also please report the regression 😇.

:pypi:`python-debian`
This dependency was previously used for Debian binary control file parsing.
This functionality has now been implemented in pure Python, for more details
please refer to the new :mod:`deb_pkg_tools.deb822` module.

**Updated Python compatibility**
Python 3.8 is now officially supported, 3.4 is no longer supported.

**Fixed deprecation warnings**
Fixed :pypi:`humanfriendly` 8.0 deprecation warnings and bumped requirements I
authored that went through the same process. Also defined the first
deprecated aliases in the :pypi:`deb-pkg-tools` code base (in the process of
implementing the functionality required to drop the GPL2 dependencies).

**Quality boost for deb_pkg_tools.control module**
The :mod:`deb_pkg_tools.control` module saw a lot of small changes to make the
handling of case insensitivity and byte strings versus Unicode strings more
consistent. The most important changes:

- All functions that return dictionaries now return the same type of case
insensitive dictionaries (see :class:`~deb_pkg_tools.deb822.Deb822`).

- The complete module now expects and uses Unicode strings internally.
Character encoding and decoding is only done when control files are
read from and written to disk.

.. _Release 8.0: https://github.com/xolox/python-deb-pkg-tools/compare/7.0...8.0
.. _issue 20: https://github.com/xolox/python-deb-pkg-tools/issues/20

7.0

---------------------------

**Code changes:**

- Make :func:`~deb_pkg_tools.package.update_conffiles()` optional (requested in
`19`_) in the Python API.

- Make :func:`~deb_pkg_tools.package.find_object_files()` use a builtin exclude
list of filename patterns to ignore.

- Start using ``__all__`` to control what is exported:

- This change is backwards incompatible in the sense that until now imports
were exposed to the outside world, however for anyone to actually use this
would imply not having read the documentation, so this doesn't really
bother me.

- In theory this change could be backwards incompatible in a bad way if I
omitted ``__all__`` entries that should have been exported. I did double
check but of course I can't be 100% sure (the ``deb_pkg_tools.*`` modules
currently span almost 6000 lines including whitespace and comments).

- I decided to bump the major version number because of the potential for
import errors caused by the introduction of ``__all__``.

**Documentation updates:**

- Simplified the overview of environment variables in the readme by properly
documenting individual options and linking to their documentation entries.
Over the years I've picked up the habit of treating my documentation just
like my code: Make sure everything is defined in a single place (DRY), as
close as possible to the place where it is used. Properly documenting all of
the module variables that are based on environment variables and linking to
those from the readme frees me from the burden of explaining things in more
than one place. This is good because multiple explanations increase the
chance of documentation becoming outdated or contradictoring itself, which
are definitely problems to be avoided whenever possible.
- Started using ``:man:`` role to link to Linux manual pages.
- Changed Read the Docs URL (``s/\.org$/.io/g``).

**Documented variables:**

.. csv-table::
:header-rows: 1

Module variable,Environment variable
:data:`deb_pkg_tools.gpg.FORCE_ENTROPY`,``$DPT_FORCE_ENTROPY``
:data:`deb_pkg_tools.package.ALLOW_CHOWN`,``$DPT_CHOWN_FILES``
:data:`deb_pkg_tools.package.ALLOW_FAKEROOT_OR_SUDO`,``$DPT_ALLOW_FAKEROOT_OR_SUDO``
:data:`deb_pkg_tools.package.ALLOW_HARD_LINKS`,``$DPT_HARD_LINKS``
:data:`deb_pkg_tools.package.ALLOW_RESET_SETGID`,``$DPT_RESET_SETGID``
:data:`deb_pkg_tools.package.BINARY_PACKAGE_ARCHIVE_EXTENSIONS`
:data:`deb_pkg_tools.package.DEPENDENCY_FIELDS`
:data:`deb_pkg_tools.package.DIRECTORIES_TO_REMOVE`
:data:`deb_pkg_tools.package.FILES_TO_REMOVE`
:data:`deb_pkg_tools.package.PARSE_STRICT`,``$DPT_PARSE_STRICT``
:data:`deb_pkg_tools.package.ROOT_GROUP`,``$DPT_ROOT_GROUP``
:data:`deb_pkg_tools.package.ROOT_USER`,``$DPT_ROOT_USER``
:data:`deb_pkg_tools.repo.ALLOW_SUDO`,``$DPT_SUDO``

.. _Release 7.0: https://github.com/xolox/python-deb-pkg-tools/compare/6.1...7.0
.. _19: https://github.com/xolox/python-deb-pkg-tools/issues/19

6.1

---------------------------

Implemented a feature requested from me via private email:

**Problem:** When filename parsing of ``*.deb`` archives fails to recognize a
package name, version and architecture encoded in the filename (delimited by
underscores) then deb-pkg-tools reports an error and aborts:

.. code-block:: none

ValueError: Filename doesn't have three underscore separated components!

**Solution:** Setting the environment variable ``$DPT_PARSE_STRICT`` to
``false`` changes this behavior so that the required information is extracted
from the package metadata instead of reporting an error.

For now the default remains the same (an error is reported) due to backwards
compatibility and the principle of least surprise (for those who previously
integrated deb-pkg-tools). This will likely change in the future.

**Miscellaneous changes:**

- Use 'console' highlighting in readme (prompt are now highlighted).
- Added license=MIT to ``setup.py`` script.
- Bumped copyright to 2020.

.. _Release 6.1: https://github.com/xolox/python-deb-pkg-tools/compare/6.0...6.1

Page 1 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.