Skip to content

Migrate to PEP-639 and add GPL license text to PYPI package#20

Open
QSchulz wants to merge 2 commits intomaxpat78:masterfrom
QSchulz:dev/missing-gpl
Open

Migrate to PEP-639 and add GPL license text to PYPI package#20
QSchulz wants to merge 2 commits intomaxpat78:masterfrom
QSchulz:dev/missing-gpl

Conversation

@QSchulz
Copy link
Contributor

@QSchulz QSchulz commented Apr 29, 2025

This migrates the build system to use PEP-639. If you look into the logs of the last few releases, you'll probably see something like:

 * Building wheel...
/tmp/build-env-5gmt14a9/lib/python3.13/site-packages/setuptools/config/_apply_pyprojecttoml.py:82: SetuptoolsDeprecationWarning: `project.license` as a TOML table is deprecated
!!

        ********************************************************************************
        Please use a simple string containing a SPDX expression for `project.license`. You can also use `project.license-files`. (Both options available on setuptools>=77.0.0).

        By 2026-Feb-18, you need to update your project and remove deprecated calls
        or your builds will no longer be supported.

        See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details.
        ********************************************************************************

!!
  corresp(dist, value, root_dir)
/tmp/build-env-5gmt14a9/lib/python3.13/site-packages/setuptools/config/_apply_pyprojecttoml.py:61: SetuptoolsDeprecationWarning: License classifiers are deprecated.
!!

        ********************************************************************************
        Please consider removing the following classifiers in favor of a SPDX license expression:

        License :: OSI Approved :: GNU General Public License v3 (GPLv3)

        See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details.
        ********************************************************************************

So migrating to PEP-639 fixes that.

NOTE THAT THIS IS "CHANGING" THE LICENSE FROM GPLv3 to GPL-3.0-only. While the text in gpl.txt license seems to allow GPL-3.0-or-later, it only does so if the source code says "or any later version" somewhere. The only two places where the GPL is mentioned in the source code is in FATtools/init.py and FATtools/NTFS/init.py where it is NOT mentioned. Therefore, from my non-lawyer perspective, this means the project is under GPL-3.0-only and not GPL-3.0-or-later. Note that SPDX does not recognize GPLv3, it's either GPL-3.0-only or GPL-3.0-or-later, c.f. https://spdx.org/licenses/

While at it, my reading of the GPL-3.0-or-later license (though I still am not a lawyer) requires us to ship the license text with source code, so this fixes this non-compliance by adding the gpl text to the build package.

I haven't setup a test account on PYPI to verify that this does what it says it does, but locally installing the sdist and wheel packages copy the gpl license file in my venv (venv/lib/python3.13/site-packages/fattools-1.1.5.dist-info/licenses/gpl.txt and venv/lib64/python3.13/site-packages/fattools-1.1.5.dist-info/licenses/gpl.txt), so this seems ok?

QSchulz added 2 commits April 29, 2025 13:33
@QSchulz
pyproject.toml: migrate to PEP-639
6f811b1 
The license field in PEP-639 is now an SPDX license expression.[1]

Note that while the gpl.txt license file text is the one of the
GPL-3.0-or-later, FATtools/__init__.py and FATtools/NTFS/__init__.py
(the only two files with a mention of GPL) only mention "GPLv3" meaning
GPL-3.0-only is expected, otherwise "GPLv3+" or "or later" or "or any
later version" should have been written. I'm not a lawyer but that is my
understanding of the license.

Because `python -m build` (used in GitHub workflow) creates a venv with
the requirements, it'll build with a recent setuptools. However, to make
sure it builds with a recent enough setuptools, hardcode the minimum
version that supports PEP-639: 77.0.3.[2]

Finally, following the recommendations of the setuptools project
itself[3], let's remove the "License ::" classifier.

[1] https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license
[2] https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#id9
[3] https://packaging.python.org/en/latest/guides/licensing-examples-and-user-scenarios/#basic-example

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
@QSchulz
pyproject.toml: ship GPL license text
77bf0a4 
It is usually expected from open-source software to ship the license
with the code. Build systems like the Yocto Project expects some license
files to be provided to be able to monitor changes to licenses used by
the project it's building.

My understanding is that the GPL-3.0-or-later requires you to provide
the license text with verbatim source code (which would be the sdist
package uploaded to PYPI I believe), c.f. 4. Conveying Verbatim Copies:

  You may convey verbatim copies of the Program's source code as you
  receive it, in any medium, provided that you conspicuously and
  [...] give all
  recipients a copy of this License along with the Program.

Let's add the GPL license text to the python package.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@QSchulz