setuptools version
74.1.3 and 76.0.0
Python version
Python 3.13
OS
Fedora Linux
Additional environment information
No response
Description
I recently discovered that if a project has keywords specified as a multiline string, the METADATA file generated from it is invalid in the sense that the headers/body split happens on the wrong line.
Example project: https://foss.heptapod.net/python-libs/passlib/-/blob/branch/stable/setup.py?ref_type=heads#L93
But you can find more like this here: https://grep.app/search?f.lang=Python&q=keywords%3D%22%22%22
Metadata generated with setuptools 74.1.3:
Provides-Extra: bcrypt
Requires-Dist: bcrypt >=3.1.0 ; extra == 'bcrypt'
Provides-Extra: build_docs
Requires-Dist: sphinx >=1.6 ; extra == 'build_docs'
Requires-Dist: sphinxcontrib-fulltoc >=1.2.0 ; extra == 'build_docs'
Requires-Dist: cloud-sptheme >=1.10.1 ; extra == 'build_docs'
Provides-Extra: totp
Requires-Dist: cryptography ; extra == 'totp'
crypt md5-crypt
sha256-crypt sha512-crypt pbkdf2 argon2 scrypt bcrypt
apache htpasswd htdigest
totp 2fa
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Natural Language :: English
…
Here, the empty line ends the headers part, and the key/value pair below it are unreachable in a Message instance parsed by email.parser.
Metadata generated with setuptools 76.0.0:
Name: passlib
Version: 1.7.4
Summary: comprehensive password hashing framework supporting over 30 schemes
Home-page: https://passlib.readthedocs.io
Download-URL: https://pypi.python.org/packages/source/p/passlib/passlib-1.7.4.tar.gz
Author: Eli Collins
Author-email: elic@assurancetechnologies.com
License: BSD
Keywords: password secret hash security
crypt md5-crypt
sha256-crypt sha512-crypt pbkdf2 argon2 scrypt bcrypt
apache htpasswd htdigest
totp 2fa
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
…
There is no empty line here but the keyword header is not properly folded as a multiline header according to RFC 822 and therefore the result is the same - unreachable key/value pairs below it.
I know there were several discussions about the formatting of different fields so I'm not sure this is something to fix here or not. The documentation says that keywords can be:
comma-separated string providing descriptive meta-data.
so multiline string does not seem to be prohibited.
Expected behavior
setuptools could either fail with an error message saying that keywords are improperly formatted or automatically replace all newlines with a space.
How to Reproduce
- Build a wheel from one of the projects mentioned above.
- Unpack the wheel.
- Parse the
METADATA file manually and check available keys.
Output
See the above examples.
setuptools version
74.1.3 and 76.0.0
Python version
Python 3.13
OS
Fedora Linux
Additional environment information
No response
Description
I recently discovered that if a project has
keywordsspecified as a multiline string, theMETADATAfile generated from it is invalid in the sense that the headers/body split happens on the wrong line.Example project: https://foss.heptapod.net/python-libs/passlib/-/blob/branch/stable/setup.py?ref_type=heads#L93
But you can find more like this here: https://grep.app/search?f.lang=Python&q=keywords%3D%22%22%22
Metadata generated with setuptools 74.1.3:
Here, the empty line ends the headers part, and the key/value pair below it are unreachable in a
Messageinstance parsed byemail.parser.Metadata generated with setuptools 76.0.0:
There is no empty line here but the
keywordheader is not properly folded as a multiline header according to RFC 822 and therefore the result is the same - unreachable key/value pairs below it.I know there were several discussions about the formatting of different fields so I'm not sure this is something to fix here or not. The documentation says that
keywordscan be:so multiline string does not seem to be prohibited.
Expected behavior
setuptools could either fail with an error message saying that keywords are improperly formatted or automatically replace all newlines with a space.
How to Reproduce
METADATAfile manually and check available keys.Output
See the above examples.