Movatterモバイル変換


[0]ホーム

URL:


Following system colour schemeSelected dark colour schemeSelected light colour scheme

Python Enhancement Proposals

PEP 427 – The Wheel Binary Package Format 1.0

PEP 427 – The Wheel Binary Package Format 1.0

Author:
Daniel Holth <dholth at gmail.com>
BDFL-Delegate:
Alyssa Coghlan <ncoghlan at gmail.com>
Discussions-To:
Distutils-SIG list
Status:
Final
Type:
Standards Track
Topic:
Packaging
Created:
20-Sep-2012
Post-History:
18-Oct-2012, 15-Feb-2013
Resolution:
Python-Dev message

Table of Contents

Important

This PEP is a historical document. The up-to-date, canonical spec,Binary distribution format, is maintained on thePyPA specs page.

×

See thePyPA specification update process for how to propose changes.

Abstract

This PEP describes a built-package format for Python called “wheel”.

A wheel is a ZIP-format archive with a specially formatted file name andthe.whl extension. It contains a single distribution nearly as itwould be installed according toPEP 376 with a particular installationscheme. Although a specialized installer is recommended, a wheel filemay be installed by simply unpacking into site-packages with the standard‘unzip’ tool while preserving enough information to spread its contentsout onto their final paths at any later time.

PEP Acceptance

This PEP was accepted, and the defined wheel version updated to 1.0, byAlyssa Coghlan on 16th February, 2013[1]

Rationale

Python needs a package format that is easier to install than sdist.Python’s sdist packages are defined by and require the distutils andsetuptools build systems, running arbitrary code to build-and-install,and re-compile, code just so it can be installed into a newvirtualenv. This system of conflating build-install is slow, hard tomaintain, and hinders innovation in both build systems and installers.

Wheel attempts to remedy these problems by providing a simplerinterface between the build system and the installer. The wheelbinary package format frees installers from having to know about thebuild system, saves time by amortizing compile time over manyinstallations, and removes the need to install a build system in thetarget environment.

Details

Installing a wheel ‘distribution-1.0-py32-none-any.whl’

Wheel installation notionally consists of two phases:

  • Unpack.
    1. Parsedistribution-1.0.dist-info/WHEEL.
    2. Check that installer is compatible with Wheel-Version. Warn ifminor version is greater, abort if major version is greater.
    3. If Root-Is-Purelib == ‘true’, unpack archive into purelib(site-packages).
    4. Else unpack archive into platlib (site-packages).
  • Spread.
    1. Unpacked archive includesdistribution-1.0.dist-info/ and (ifthere is data)distribution-1.0.data/.
    2. Move each subtree ofdistribution-1.0.data/ onto itsdestination path. Each subdirectory ofdistribution-1.0.data/is a key into a dict of destination directories, such asdistribution-1.0.data/(purelib|platlib|headers|scripts|data).The initially supported paths are taken fromdistutils.command.install.
    3. If applicable, update scripts starting with#!python to pointto the correct interpreter.
    4. Updatedistribution-1.0.dist-info/RECORD with the installedpaths.
    5. Remove emptydistribution-1.0.data directory.
    6. Compile any installed .py to .pyc. (Uninstallers should be smartenough to remove .pyc even if it is not mentioned in RECORD.)

Recommended installer features

Rewrite#!python.
In wheel, scripts are packaged in{distribution}-{version}.data/scripts/. If the first line ofa file inscripts/ starts with exactlyb'#!python', rewrite topoint to the correct interpreter. Unix installers may need to addthe +x bit to these files if the archive was created on Windows.

Theb'#!pythonw' convention is allowed.b'#!pythonw' indicatesa GUI script instead of a console script.

Generate script wrappers.
In wheel, scripts packaged on Unix systems will certainly not haveaccompanying .exe wrappers. Windows installers may want to add themduring install.

Recommended archiver features

Place.dist-info at the end of the archive.
Archivers are encouraged to place the.dist-info files physicallyat the end of the archive. This enables some potentially interestingZIP tricks including the ability to amend the metadata withoutrewriting the entire archive.

File Format

File name convention

The wheel filename is{distribution}-{version}(-{buildtag})?-{pythontag}-{abitag}-{platformtag}.whl.

distribution
Distribution name, e.g. ‘django’, ‘pyramid’.
version
Distribution version, e.g. 1.0.
build tag
Optional build number. Must start with a digit. Acts as atie-breaker if two wheel file names are the same in all otherrespects (i.e. name, version, and other tags). Sort as anempty tuple if unspecified, else sort as a two-item tuple withthe first item being the initial digits as anint, and thesecond item being the remainder of the tag as astr.
language implementation and version tag
E.g. ‘py27’, ‘py2’, ‘py3’.
abi tag
E.g. ‘cp33m’, ‘abi3’, ‘none’.
platform tag
E.g. ‘linux_x86_64’, ‘any’.

For example,distribution-1.0-1-py27-none-any.whl is the firstbuild of a package called ‘distribution’, and is compatible withPython 2.7 (any Python 2.7 implementation), with no ABI (pure Python),on any CPU architecture.

The last three components of the filename before the extension arecalled “compatibility tags.” The compatibility tags express thepackage’s basic interpreter requirements and are detailed inPEP 425.

Escaping and Unicode

Each component of the filename is escaped by replacing runs ofnon-alphanumeric characters with an underscore_:

re.sub("[^\w\d.]+","_",distribution,re.UNICODE)

The archive filename is Unicode. It will be some time before the toolsare updated to support non-ASCII filenames, but they are supported inthis specification.

The filenamesinside the archive are encoded as UTF-8. Although someZIP clients in common use do not properly display UTF-8 filenames,the encoding is supported by both the ZIP specification and Python’szipfile.

File contents

The contents of a wheel file, where {distribution} is replaced with thename of the package, e.g.beaglevote and {version} is replaced withits version, e.g.1.0.0, consist of:

  1. /, the root of the archive, contains all files to be installed inpurelib orplatlib as specified inWHEEL.purelib andplatlib are usually bothsite-packages.
  2. {distribution}-{version}.dist-info/ contains metadata.
  3. {distribution}-{version}.data/ contains one subdirectoryfor each non-empty install scheme key not already covered, wherethe subdirectory name is an index into a dictionary of install paths(e.g.data,scripts,headers,purelib,platlib).
  4. Python scripts must appear inscripts and begin with exactlyb'#!python' in order to enjoy script wrapper generation and#!python rewriting at install time. They may have any or noextension.
  5. {distribution}-{version}.dist-info/METADATA is Metadata version 1.1or greater format metadata.
  6. {distribution}-{version}.dist-info/WHEEL is metadata about the archiveitself in the same basic key: value format:
    Wheel-Version:1.0Generator:bdist_wheel1.0Root-Is-Purelib:trueTag:py2-none-anyTag:py3-none-anyBuild:1
  7. Wheel-Version is the version number of the Wheel specification.
  8. Generator is the name and optionally the version of the softwarethat produced the archive.
  9. Root-Is-Purelib is true if the top level directory of the archiveshould be installed into purelib; otherwise the root should be installedinto platlib.
  10. Tag is the wheel’s expanded compatibility tags; in the example thefilename would containpy2.py3-none-any.
  11. Build is the build number and is omitted if there is no build number.
  12. A wheel installer should warn if Wheel-Version is greater than theversion it supports, and must fail if Wheel-Version has a greatermajor version than the version it supports.
  13. Wheel, being an installation format that is intended to work acrossmultiple versions of Python, does not generally include .pyc files.
  14. Wheel does not contain setup.py or setup.cfg.

This version of the wheel specification is based on the distutils installschemes and does not define how to install files to other locations.The layout offers a superset of the functionality provided by the existingwininst and egg binary formats.

The .dist-info directory
  1. Wheel .dist-info directories include at a minimum METADATA, WHEEL,and RECORD.
  2. METADATA is the package metadata, the same format as PKG-INFO asfound at the root of sdists.
  3. WHEEL is the wheel metadata specific to a build of the package.
  4. RECORD is a list of (almost) all the files in the wheel and theirsecure hashes. UnlikePEP 376, every file except RECORD, whichcannot contain a hash of itself, must include its hash. The hashalgorithm must be sha256 or better; specifically, md5 and sha1 arenot permitted, as signed wheel files rely on the strong hashes inRECORD to validate the integrity of the archive.
  5. PEP 376’s INSTALLER and REQUESTED are not included in the archive.
  6. RECORD.jws is used for digital signatures. It is not mentioned inRECORD.
  7. RECORD.p7s is allowed as a courtesy to anyone who would prefer touse S/MIME signatures to secure their wheel files. It is notmentioned in RECORD.
  8. During extraction, wheel installers verify all the hashes in RECORDagainst the file contents. Apart from RECORD and its signatures,installation will fail if any file in the archive is not bothmentioned and correctly hashed in RECORD.
The .data directory

Any file that is not normally installed inside site-packages goes intothe .data directory, named as the .dist-info directory but with the.data/ extension:

distribution-1.0.dist-info/distribution-1.0.data/

The .data directory contains subdirectories with the scripts, headers,documentation and so forth from the distribution. During installation thecontents of these subdirectories are moved onto their destination paths.

Signed wheel files

Wheel files include an extended RECORD that enables digitalsignatures.PEP 376’s RECORD is altered to include a secure hashdigestname=urlsafe_b64encode_nopad(digest) (urlsafe base64encoding with no trailing = characters) as the second column insteadof an md5sum. All possible entries are hashed, including anygenerated files such as .pyc files, but not RECORD which cannot contain itsown hash. For example:

file.py,sha256=AVTFPZpEKzuHr7OvQZmhaU3LvwKz06AJw8mT\_pNh2yI,3144distribution-1.0.dist-info/RECORD,,

The signature file(s) RECORD.jws and RECORD.p7s are not mentioned inRECORD at all since they can only be added after RECORD is generated.Every other file in the archive must have a correct hash in RECORDor the installation will fail.

If JSON web signatures are used, one or more JSON Web Signature JSONSerialization (JWS-JS) signatures is stored in a file RECORD.jws adjacentto RECORD. JWS is used to sign RECORD by including the SHA-256 hash ofRECORD as the signature’s JSON payload:

{"hash":"sha256=ADD-r2urObZHcxBW3Cr-vDCu5RJwT4CaRTHiFmbcIYY"}

(The hash value is the same format used in RECORD.)

If RECORD.p7s is used, it must contain a detached S/MIME format signatureof RECORD.

A wheel installer is not required to understand digital signatures butMUST verify the hashes in RECORD against the extracted file contents.When the installer checks file hashes against RECORD, a separate signaturechecker only needs to establish that RECORD matches the signature.

See

Comparison to .egg

  1. Wheel is an installation format; egg is importable. Wheel archivesdo not need to include .pyc and are less tied to a specific Pythonversion or implementation. Wheel can install (pure Python) packagesbuilt with previous versions of Python so you don’t always have towait for the packager to catch up.
  2. Wheel uses .dist-info directories; egg uses .egg-info. Wheel iscompatible with the new world of Python packaging and the newconcepts it brings.
  3. Wheel has a richer file naming convention for today’smulti-implementation world. A single wheel archive can indicateits compatibility with a number of Python language versions andimplementations, ABIs, and system architectures. Historically theABI has been specific to a CPython release, wheel is ready for thestable ABI.
  4. Wheel is lossless. The first wheel implementation bdist_wheelalways generates egg-info, and then converts it to a .whl. It isalso possible to convert existing eggs and bdist_wininstdistributions.
  5. Wheel is versioned. Every wheel file contains the version of thewheel specification and the implementation that packaged it.Hopefully the next migration can simply be to Wheel 2.0.
  6. Wheel is a reference to the other Python.

FAQ

Wheel defines a .data directory. Should I put all my data there?

This specification does not have an opinion on how you should organizeyour code. The .data directory is just a place for any files that arenot normally installed insidesite-packages or on the PYTHONPATH.In other words, you may continue to usepkgutil.get_data(package,resource) even thoughthose files will usually not be distributedinwheel’s.data directory.

Why does wheel include attached signatures?

Attached signatures are more convenient than detached signaturesbecause they travel with the archive. Since only the individual filesare signed, the archive can be recompressed without invalidatingthe signature or individual files can be verified without havingto download the whole archive.

Why does wheel allow JWS signatures?

The JOSE specifications of which JWS is a part are designed to be easyto implement, a feature that is also one of wheel’s primary designgoals. JWS yields a useful, concise pure-Python implementation.

Why does wheel also allow S/MIME signatures?

S/MIME signatures are allowed for users who need or want to useexisting public key infrastructure with wheel.

Signed packages are only a basic building block in a secure packageupdate system. Wheel only provides the building block.

What’s the deal with “purelib” vs. “platlib”?

Wheel preserves the “purelib” vs. “platlib” distinction, which issignificant on some platforms. For example, Fedora installs purePython packages to ‘/usr/lib/pythonX.Y/site-packages’ and platformdependent packages to ‘/usr/lib64/pythonX.Y/site-packages’.

A wheel with “Root-Is-Purelib: false” with all its filesin{name}-{version}.data/purelib is equivalent to a wheel with“Root-Is-Purelib: true” with those same files in the root, and itis legal to have files in both the “purelib” and “platlib” categories.

In practice a wheel should have only one of “purelib” or “platlib”depending on whether it is pure Python or not and those files shouldbe at the root with the appropriate setting given for “Root-is-purelib”.

Is it possible to import Python code directly from a wheel file?

Technically, due to the combination of supporting installation viasimple extraction and using an archive format that is compatible withzipimport, a subset of wheel filesdo support being placed directlyonsys.path. However, while this behaviour is a natural consequenceof the format design, actually relying on it is generally discouraged.

Firstly, wheelis designed primarily as a distribution format, soskipping the installation step also means deliberately avoiding anyreliance on features that assume full installation (such as being ableto use standard tools likepip andvirtualenv to capture andmanage dependencies in a way that can be properly tracked for auditingand security update purposes, or integrating fully with the standardbuild machinery for C extensions by publishing header files in theappropriate place).

Secondly, while some Python software is written to support runningdirectly from a zip archive, it is still common for code to be writtenassuming it has been fully installed. When that assumption is brokenby trying to run the software from a zip archive, the failures can oftenbe obscure and hard to diagnose (especially when they occur in thirdparty libraries). The two most common sources of problems with thisare the fact that importing C extensions from a zip archive isnotsupported by CPython (since doing so is not supported directly by thedynamic loading machinery on any platform) and that when running froma zip archive the__file__ attribute no longer refers to anordinary filesystem path, but to a combination path that includesboth the location of the zip archive on the filesystem and therelative path to the module inside the archive. Even when softwarecorrectly uses the abstract resource APIs internally, interfacing withexternal components may still require the availability of an actualon-disk file.

Like metaclasses, monkeypatching and metapath importers, if you’re notalready sure you need to take advantage of this feature, you almostcertainly don’t need it. If youdo decide to use it anyway, beaware that many projects will require a failure to be reproduced witha fully installed package before accepting it as a genuine bug.

References

[1]
PEP acceptance(https://mail.python.org/pipermail/python-dev/2013-February/124103.html)

Appendix

Example urlsafe-base64-nopad implementation:

# urlsafe-base64-nopad for Python 3importbase64defurlsafe_b64encode_nopad(data):returnbase64.urlsafe_b64encode(data).rstrip(b'=')defurlsafe_b64decode_nopad(data):pad=b'='*(4-(len(data)&3))returnbase64.urlsafe_b64decode(data+pad)

Copyright

This document has been placed into the public domain.


Source:https://github.com/python/peps/blob/main/peps/pep-0427.rst

Last modified:2025-02-01 08:59:27 GMT


[8]ページ先頭

©2009-2026 Movatter.jp