PEP 503 has not been implemented

[parruc]

I found out that PEP 503 ( https://peps.python.org/pep-0503/ ) was not implemented, In particular the this section:

Repositories MAY redirect unnormalized URLs to the canonical normalized URL (e.g. /Foobar/ may redirect to /foobar/), however clients MUST NOT rely on this redirection and MUST request the normalized URL.

In my scenario I use zc.buildout with a gitlab pypi package repository as index.
In the documentation they claim to accept not-normalized forms of package names (as pypi does) but it in reality they do not: both from browser and from buildout, namspace-package works, namepsace.package dont.

I thought I could open a ticket to GITLAB for the pypi repo, but they MAY redirect unnormalized url, setuptools on the other hand, clients MUST request the normalized url.

It has already been asked various times both on setuptools and pkg_resources but with no solution in sight.

• please implement PEP 503 pypa/setuptools#991
• [BUG] DistributionNotFound does not handle name normalization pypa/setuptools#3797
• pkg_resources.safe_name() is not PEP 503 complient pypa/pkg_resources#13

I did a minimal POC to implement the PEP but I really do not know if it could have other impacts.

My workaround would be to patch pkg_resources.safe_name removing the "." from the regex that defines allowed package name chars in order to get also the dots replaced with dashes.
Here it is the original method

def safe_name(name):
    """Convert an arbitrary string to a standard distribution name

    Any runs of non-alphanumeric/. characters are replaced with a single '-'.
    """
    return re.sub('[^A-Za-z0-9.]+', '-', name)

Last line would be (dot removed from regexp after '9')

    return re.sub('[^A-Za-z0-9]+', '-', name)

Given the fact that looks like the aforementioned issues will not be solved any time soon, maybe the method could be monkey-patched in zc.buildout as we do for process_url. If it's not the case I'm open to new ideas.

[gotcha]

Does that workaround works for you ?

[parruc]

The buildout worked but the instance broke searching packages in a wrong format.
I think I found another (better and cleaner) solution that only changes the name during the download phase.
I applied the PEP-503 suggested regexp in the first line of site-packages/setuptools/package_index.py:

    def find_packages(self, requirement):
        url_name = re.sub(r"[-_.]+", "-", requirement.unsafe_name).lower()
        self.scan_url(self.index_url + url_name + '/')

        if not self.package_pages.get(requirement.key):
            # Fall back to safe version of the name
            self.scan_url(self.index_url + requirement.project_name + '/')

        if not self.package_pages.get(requirement.key):
            # We couldn't find the target package, so search the index page too
            self.not_found_in_index(requirement)

        for url in list(self.package_pages.get(requirement.key, ())):
            # scan each page that might be related to the desired package
            self.scan_url(url)

As I said the re.sub is taken directly from the pep.
This totally works for me.