Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release version compare code as separate library on pypi? #4081

Open
terriko opened this issue Apr 24, 2024 · 8 comments · May be fixed by #4798
Open

Release version compare code as separate library on pypi? #4081

terriko opened this issue Apr 24, 2024 · 8 comments · May be fixed by #4798
Assignees
@terriko

Comments

@terriko
Copy link
Contributor

terriko commented Apr 24, 2024
edited
Loading

This is more for me than anyone else:

When I was looking for a good generic version parser and version compare in python I tried a few different libraries before (reluctantly) writing the parser we are using as of the 3.3 release.

I think it would probably be nice to release it as a separate library on pypi so people could use it directly without having to install cve-bin-tool, in case anyone else has the same problem I had for handling non pep 440 compliant versions. This is the code in cve-bin-tool/version_compare.py and it has tests in the test directory, but currently does not have separate documentation.

This issue is a reminder to me to see if the best route is to split it out as a separately-maintained library, or if there's any reasonable way of having build scripts or something to let me do it while keeping the file here.
@terriko terriko self-assigned this Apr 24, 2024
@terriko
Copy link
Contributor Author

terriko commented May 6, 2024

More thoughts:

Before I get around to releasing this separately...

@Prtm2110
Copy link
Contributor

Prtm2110 commented Feb 5, 2025

Hello, I can work on this, we need to create a altogether new repo with pip packaging right?

@terriko
Copy link
Contributor Author

terriko commented Feb 6, 2025

If at all possible, I'd like to avoid making a separate repo and instead have it packaged from this repo. But it's a moot point as it needs docs before we can even consider that.

@terriko
Copy link
Contributor Author

terriko commented Feb 6, 2025

Oh, I should explain that avoiding a separate repo is to make maintenance easier for me. Some of that is simple "all my pull requests are in one spot" kind of stuff, but some of it is more political and policy and release processes. I'm currently the bottleneck for cve-bin-tool development, so if a separate repo is the only way to make this happen then I'll close this bug instead of bothering.

@Prtm2110
Copy link
Contributor

Prtm2110 commented Feb 7, 2025

Ah, understandable. I did some digging, and there is a way, although it will create some clutter inside the parser package. We can add a setup.py or .toml file for packaging inside the parser package. However, it can get a little too complicated, especially for documentation.
If we want a completely separate document for the parser package (considering Sphinx), we can build the documentation for parser using another library like mkdocs to avoid conflicts with Sphinx. Alternatively, if we are okay with adding it to cve-bin-tool's documentation, then it's quite easy. Please Let me know if it's a go or no-go for my approach.

@Prtm2110
Copy link
Contributor

Prtm2110 commented Feb 9, 2025

We can add a setup.py or .toml file for packaging inside the parser package.

@terriko Actually we need to add setup.py outside the parser package/dir and I tried building it and it worked. But the problem is the parser module/dir depends on stuff which is outside of that dir itself for eg.

cve-bin-tool/cve_bin_tool/parsers/__init__.py

Line 10 in 0c481e4

from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT

So they require cve-bin-tool as dependency? So my idea is to add some redundant code in parser module for all these extra dep like utils which are required by some modules inside parser.
And modifiy all imports all modules inside parsers like this so that all parsers work fine with both cve-bin-tool and standalone parser module. Please provide any suggestions if you have any.

if importlib.util.find_spec("cve_bin_tool.parsers"):
    from parsers import Parser
elif importlib.util.find_spec("parsers"):
    from cve_bin_tool.parsers import Parser
else:
    raise ImportError("Neither 'parsers' nor 'cve_bin_tool.parsers' is installed.")

@terriko
Copy link
Contributor Author

terriko commented Feb 10, 2025

Thanks for the research!

I think you're looking at the wrong part of cve-bin-tool, which is understandable because I used the wrong terminology in this post (I'll change the title and original description in a sec). But I'm interested in releasing the code in version_compare.py as a separate piece, not the stuff in the parsers/ directory. It's considerably more separate and should be easier to do.

@terriko terriko changed the title Release version parser as separate library on pypi? Release version compare code as separate library on pypi? Feb 10, 2025
@Prtm2110 Prtm2110 linked a pull request Feb 11, 2025 that will close this issue
Open
@Prtm2110
Copy link
Contributor

Ah got it! that makes the work a lot easier now! Checkout the PR above. And let me know if I am heading in the right direction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@terriko terriko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Version Compare To PyPI Prtm2110/cve-bin-tool
2 participants
@terriko @Prtm2110