Package server

Mirroring

Debmirror

Debmirror is one of the existing programs which are able to mirror Debian APT packages. In this example we are going to use the Apache HTTP server as webserver.

In this example we will use the Apache HTTP server to serve the packages.

See also

Debmirror: creiamo un mirror Debian - Guide@Debianizzati.Org 1
Mirantis Documentation: Usage ~ DEBMIRROR 2
Apache Tips & Tricks: Hide a file type from directory indexes · MD/Blog 3
Set Up A Local Ubuntu / Debian Mirror with Apt-Mirror | Programster’s Blog 4
Debian – Mirror Size 5
Comment #4 : Bug #882941 : Bugs : debmirror package : Ubuntu 6
Debian – Setting up a Debian archive mirror 7
Better Default Directory Views with HTAccess | Perishable Press 8

install
```
apt-get install debmirror bindfs
```
create a new user
```
useradd -m -s /bin/bash -U debmirror
passwd debmirror
usermod -aG jobs debmirror
mkdir /home/debmirror/data
chown debmirror:debmirror /home/debmirror/data
```
Note

In this example /home/debmirror/data is the base directory where all packages are served from.

Tip

I suggest using normal HDDs rather than SSDs. Size in more important than speed in this case.

create the jobs directories

mkdir -p /home/jobs/{services,scripts}/by-user/debmirror

load APT’s keyring into a new keyring owned by the debmirror user

sudo -i -u debmirror
gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export \
    | gpg --no-default-keyring --keyring trustedkeys.gpg --import
exit

add this configuration for the standard Debian repository

/home/jobs/scripts/by-user/debmirror/debmirror.debian.conf

# The config file is a perl script so take care to follow perl syntax.
# Any setting in /etc/debmirror.conf overrides these defaults and
# ~/.debmirror.conf overrides those again. Take only what you need.
#
# The syntax is the same as on the command line and variable names
# loosely match option names. If you don't recognize something here
# then just stick to the command line.
#
# Options specified on the command line override settings in the config
# files.

# Location of the local mirror (use with care)
# $mirrordir="/path/to/mirrordir"

# Output options
$verbose=1;
$progress=1;
$debug=0;

$remoteroot="debian";
# Download options
$host="debian.netcologne.de";
$download_method="rsync";
@dists="stable,oldstable,buster-updates,bullseye-updates,buster-backports,bullseye-backports";
@sections="main";
@arches="amd64,all,any";
$omit_suite_symlinks=0;
$skippackages=0;
# @rsync_extra="none";
$i18n=1;
$getcontents=1;
$do_source=1;
$max_batch=0;

# Includes other translations as well.
# See the exclude option in
# https://help.ubuntu.com/community/Debmirror
@includes="Translation-(en|it).*";

# @di_dists="dists";
# @di_archs="arches";

# Save mirror state between runs; value sets validity of cache in days
$state_cache_days=0;

# Security/Sanity options
$ignore_release_gpg=0;
$ignore_release=0;
$check_md5sums=0;
$ignore_small_errors=1;

# Cleanup
$cleanup=0;
$post_cleanup=1;

# Locking options
$timeout=300;

# Rsync options
$rsync_batch=200;
$rsync_options="-aIL --partial --bwlimit=10240";

# FTP/HTTP options
$passive=0;
# $proxy="http://proxy:port/";

# Dry run
$dry_run=0;

# Don't keep diff files but use them
$diff_mode="use";

# The config file must return true or perl complains.
# Always copy this.
1;

create the Systemd service unit file

/home/jobs/services/by-user/debmirror/debmirror.debian.service

[Unit]
Description=Debmirror debian
Requires=network-online.target
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/debmirror --config-file=/home/jobs/scripts/by-user/debmirror/debmirror.debian.conf /home/debmirror/data/debian
User=debmirror
Group=debmirror

create the Systemd service timer unit file

/home/jobs/services/by-user/debmirror/debmirror.debian.timer

[Unit]
Description=Once a day debmirror debian

[Timer]
OnCalendar=*-*-* 1:30:00
Persistent=true

[Install]
WantedBy=timers.target

create a directory readable be Apache

mkdir -p /srv/http/debian
chown www-data:www-data /srv/http/debian
chmod 700 /srv/http/debian

Add this to the fstab file
/etc/fstab
```
/home/debmirror/data /srv/http/debian fuse.bindfs  auto,force-user=www-data,force-group=www-data,ro 0 0
```
Note

This mount command makes the directory exposed to the webserver readonly, in this case /srv/http/debian

serve the files via HTTP by creating a new Apache virtual host. Replace FQDN with the appropriate domain and include this file from the Apache configuration

/etc/apache2/debian_mirror.apache.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>

    UseCanonicalName on

    Keepalive On
    RewriteEngine on

    ServerName ${FQDN}

    # Set the icons also to avoid 404 errors.
    Alias /icons/ "/usr/share/apache2/icons/"

    DocumentRoot "/srv/http/debian"
    <Directory "/srv/http/debian">
        Options -ExecCGI -Includes
        Options +Indexes +SymlinksIfOwnerMatch
        IndexOptions NameWidth=* +SuppressDescription FancyIndexing Charset=UTF-8 VersionSort FoldersFirst

        ReadmeName footer.html
        IndexIgnore header.html footer.html
        #
        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   AllowOverride FileInfo AuthConfig Limit
        #
        AllowOverride All

        #
        # Controls who can get stuff from this server.
        #
        Require all granted
    </Directory>

    SSLCompression      off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/${FQDN}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${FQDN}/privkey.pem
</VirtualHost>
</IfModule>

create a new text file that will serve as basic instructions for configuring the APT sources file. Replace FQDN with the appropriate domain

/home/debmirror/data/footer.html

<h1>Examples</h1>

Change <code>/etc/apt/sources.list</code> to one of these:

<h2>Bullseye distribution</h2>

<pre>
deb  https://${FQDN}/debian          bullseye            main
deb  https://${FQDN}/debian          bullseye-updates    main
deb-src https://${FQDN}/debian-security bullseye-security    main
deb  https://${FQDN}/debian           bullseye-backports  main

deb [arch=amd64] https://${FQDN}/docker bullseye stable
deb [arch=amd64] https://${FQDN}/gitea gitea main
deb [arch=amd64] https://${FQDN}/postgresql bullseye-pgdg main
</pre>

<h2>Buster distribution</h2>

<pre>
deb  https://${FQDN}/debian          buster            main
deb  https://${FQDN}/debian          buster-updates    main
deb-src https://${FQDN}/debian-security buster/updates    main
deb  https://${FQDN}/debian           buster-backports  main

deb [arch=amd64] https://${FQDN}/docker buster stable
deb [arch=amd64] https://${FQDN}/gitea gitea main
deb [arch=amd64] https://${FQDN}/postgresql buster-pgdg main
</pre>

<h1>Repositories</h1>

<code>stable</code> and <code>oldstable</code> distributions are available if applicable.

<h2>debian</h2>
<p>Supported architectures:</p>
<ul>
<li><code>amd64</code></li>
<li><code>all</code></li>
<li><code>any</code></li>
</ul>

<h2>debian-security</h2>
<p>Supported architectures:</p>
<ul>
<li><code>amd64</code></li>
<li><code>all</code></li>
<li><code>any</code></li>
</ul>

<h2>docker</h2>
<p>Supported architectures:</p>
<ul>
<li><code>amd64</code></li>
</ul>

<h2>gitea</h2>
<p>Supported architectures:</p>
<ul>
<li><code>amd64</code></li>
</ul>

<h2>postgresql</h2>
<p>Supported architectures:</p>
<ul>
<li><code>amd64</code></li>
</ul>

Note

This example includes some unofficial repositories.

restart the Apache webserver
```
systemctl restart apache2
```

fix the permissions

chown -R debmirror:debmirror /home/jobs/{services,scripts}/by-user/debmirror
chmod 700 -R /home/jobs/{services,scripts}/by-user/debmirror

run the deploy script

Unofficial Debian sources

In case you want to mirror unofficial Debian sources the same instrctions apply. You just need to change the key import step

sudo -i -u debmirror
gpg \
    --no-default-keyring \
    --keyring trustedkeys.gpg \
    --import ${package_signing_key}
exit

Note

package_signing_key is provided by the repository maintainers.

PyPI server

Build Python packages using git sources and push them to a self-hosted PyPI server.

Server

See also

Minimal PyPI server for uploading & downloading packages with pip/easy_install Resources 9

follow the Docker instructions

create the jobs directories

mkdir -p /home/jobs/scripts/by-user/root/docker/pypiserver
chmod 700 /home/jobs/scripts/by-user/root/docker/pypiserver

install and run pypiserver. Use this Docker compose file

/home/jobs/scripts/by-user/root/docker/pypiserver/docker-compose.yml

version: '3.7'

services:
    pypiserver-authenticated:
        image: pypiserver/pypiserver:latest
        volumes:
            # Authentication file.
            - type: bind
              source: /home/jobs/scripts/by-user/root/docker/pypiserver/auth
              target: /data/auth

            # Python files.
            - type: bind
              source: /data/pypiserver/packages
              target: /data/packages
        ports:
            - "127.0.0.1:4000:8080"

        # I have purposefully removed the
        #    --fallback-url https://pypi.org/simple/
        # option to have a fully isolated environment.
        command: --disable-fallback --passwords /data/auth/.htpasswd --authenticate update /data/packages

create a Systemd unit file. See also the Docker compose services section

/home/jobs/services/by-user/root/docker-compose.pypiserver.service

[Unit]
Requires=docker.service
Requires=network-online.target
After=docker.service
After=network-online.target

[Service]
Type=simple
WorkingDirectory=/home/jobs/scripts/by-user/root/docker/pypiserver

ExecStart=/usr/bin/docker-compose up --remove-orphans
ExecStop=/usr/bin/docker-compose down --remove-orphans

Restart=always

[Install]
WantedBy=multi-user.target

fix the permissions

chmod 700 /home/jobs/scripts/by-user/root/docker/pypiserver
chmod 700 -R /home/jobs/services/by-user/root

run the deploy script
modify the reverse proxy port of your webserver configuration with 4000

Apache configuration

If you use Apache as webserver you should enable caching. The upstream documentation shows how to configure pypiserver for Nginx but not for Apache.

See also

GitHub - pypiserver/pypiserver: Minimal PyPI server for uploading & downloading packages with pip/easy_install - Serving Thousands of Packages 10
Caching Guide - Apache HTTP Server Version 2.4 11
mod_cache - Apache HTTP Server Version 2.4 12

create a new Apache virtual host. Replace FQDN with the appropriate domain

/etc/apache2/pypi_server.apache.conf

###############
# pypiserver  #
###############
<IfModule mod_ssl.c>
<VirtualHost *:443>
    UseCanonicalName on

    Keepalive On
    RewriteEngine on

    ServerName ${FQDN}

    SSLCompression      off

    RewriteRule    ^/simple$  /simple/  [R]
    ProxyPass      / http://127.0.0.1:4000/ Keepalive=On max=50 timeout=300 connectiontimeout=10
    ProxyPassReverse   / http://127.0.0.1:4000/
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Host "${FQDN}"

    Header set Service "pypi"

    CacheRoot "/var/cache/apache"
    CacheEnable disk /
    CacheDirLevels 4
    CacheDirLength 1

    CacheDefaultExpire 3600
    CacheIgnoreNoLastMod On
    CacheIgnoreCacheControl On
    CacheMaxFileSize 640000
    CacheReadSize 1024
    CacheIgnoreNoLastMod On
    CacheIgnoreQueryString On
    CacheIgnoreHeaders X-Forwarded-Proto X-Forwarded-For X-Forwarded-Host

    # Debug. Turn these two variables off after testing.
    CacheHeader on
    CacheDetailHeader On

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/${FQDN}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${FQDN}/privkey.pem
</VirtualHost>
</IfModule>

Warning

The included Cache* options are very aggressive!

create the cache directory

mkdir /var/cache/apache
chown www-data:www-data /var/cache/apache
chmod 775 /var/cache/apache

enable the Apache modules

a2enmod cache cache_disk
systemctl start apache-htcacheclean.service
systemctl restart apache2

check for a cache hit. Replace FQDN with the appropriate domain
```
curl -s https://${FQDN} 1>/dev/null 2>/dev/null
curl -s -D - https://${FQDN} | head -n 20
```
Note

The /packages/ page does not get cached.
set CacheHeader and CacheDetailHeader to Off
restart Apache
```
systemctl restart apache2
```

Virtual machine compiling the packages

I suggest using a virtual machine to compile packages to improve isolation and security: arbitrary code might be executed when compiling a package.

See also

A collection of scripts I have written and/or adapted that I currently use on my systems as automated tasks 13
Git repository pointers and configurations to build Python packages from source 14
python - pushd through os.system - Stack Overflow 15
Pass options to `build_ext · Issue #328 · pypa/build · GitHub` 16

create a virtual machine with Debian Bullseye (stable) and transform it into Sid (unstable). Using the unstable version will provide more up to date software for development.

See the QEMU server section. You might need to assign a lost of disk space.
connect to the virtual machine. See the QEMU client section

create a new user

sudo -i
useradd --system -s /bin/bash -U python-source-package-updater
passwd python-source-package-updater
usermod -aG jobs python-source-package-updater

create the jobs directories. See reference

mkdir -p /home/jobs/{scripts,services}/by-user/python-source-package-updater
chown -R kiwix:kiwix /home/jobs/{scripts,services}/by-user/python-source-package-updater
chmod 700 -R /home/jobs/{scripts,services}/by-user/python-source-package-updater

install these packages in the virtual machine:

apt-get install build-essential fakeroot devscripts git python3-dev python3-all-dev \
    games-python3-dev libgmp-dev libssl-dev libssl1.1=1.1.1k-1 libcurl4-openssl-dev \
    python3-pip python3-build twine libffi-dev graphviz libgraphviz-dev pkg-config \
    clang-tools libblas-dev astro-all libblas-dev libatlas-base-dev libopenblas-dev \
    libgsl-dev libblis-dev liblapack-dev liblapack3 libgslcblas0 libopenblas-base \
    libatlas3-base libblas3 clang-9 clang-13 clang-12 clang-11 sphinx-doc \
    libbliss-dev libblis-dev libbliss2 libblis64-serial-dev libblis64-pthread-dev \
    libblis64-openmp-dev libblis64-3-serial libblis64-dev libblis64-3-pthread \
    libblis64-3-openmp libblis64-3 libblis3-serial libblis3-pthread \
    libblis-serial-dev libblis-pthread-dev libargon2-dev libargon2-0 libargon2-1

Note

This is just a selection. Some Python packages need other dependencies not listed here.

install the dependencies of the script

apt-get install python3-yaml python3-appdirs

install fpyutils. See reference

add the script

/home/jobs/scripts/by-user/python-source-packages-updater/build_python_packages.py

#!/usr/bin/env python3
#
# build_python_packages.py
#
# Copyright (C) 2021-2022 Franco Masotti (franco \D\o\T masotti {-A-T-} tutanota \D\o\T com)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
r"""build_python_packages.py."""

import contextlib
import multiprocessing
import os
import pathlib
import shlex
import shutil
import signal
import subprocess
import sys

import fpyutils
import yaml
from appdirs import AppDirs


class InvalidCache(Exception):
    pass


class InvalidConfiguration(Exception):
    pass


def check_keys_type(keys: list, key_type) -> bool:
    """Check that all elements of a list correspond to a specific python type."""
    ok = True

    i = 0
    while ok and i < len(keys):
        if isinstance(keys[i], key_type):
            ok = ok & True
        else:
            ok = ok & False
        i += 1

    return ok


def check_values_type(keys: list, values: dict, level_0_value_type, level_1_value_type, has_level_1_value: bool) -> bool:
    """Check that all elements of a list correspond to a specific python type."""
    ok = True

    i = 0
    while ok and i < len(values):
        if isinstance(values[keys[i]], level_0_value_type):
            j = 0
            while has_level_1_value and ok and j < len(values[keys[i]]):
                if isinstance(values[keys[i]][j], level_1_value_type):
                    ok = ok & True
                else:
                    ok = ok & False
                j += 1
        else:
            ok = ok & False

        i += 1

    return ok


##################################
# Check configuration structure  #
##################################
def check_configuration_structure_ignore(configuration: dict) -> bool:
    ok = True
    if ('submodules' in configuration
       and isinstance(configuration['submodules'], dict)
       and 'ignore' in configuration['submodules']
       and isinstance(configuration['submodules']['ignore'], dict)):

        ignore_keys = list(configuration['submodules']['ignore'].keys())

        ok = ok & check_keys_type(ignore_keys, str)
        ok = ok & check_values_type(ignore_keys, configuration['submodules']['ignore'], list, str, True)

    return ok


def check_configuration_structure_base_directory_override(configuration: dict) -> bool:
    ok = True
    if ('submodules' in configuration
       and isinstance(configuration['submodules'], dict)
       and 'base_directory_override' in configuration['submodules']
       and isinstance(configuration['submodules']['base_directory_override'], dict)):

        base_directory_override_keys = list(configuration['submodules']['base_directory_override'].keys())
        ok = ok & check_keys_type(base_directory_override_keys, str)
        ok = ok & check_values_type(base_directory_override_keys, configuration['submodules']['base_directory_override'], str, None, False)
    else:
        ok = False

    return ok


def check_configuration_structure_checkout(configuration: dict) -> bool:
    ok = True
    if ('submodules' in configuration
       and 'checkout' in configuration['submodules']
       and isinstance(configuration['submodules'], dict)
       and isinstance(configuration['submodules']['checkout'], dict)):

        checkout_keys = list(configuration['submodules']['checkout'].keys())
        ok = ok & check_keys_type(checkout_keys, str)
        ok = ok & check_values_type(checkout_keys, configuration['submodules']['checkout'], list, str, True)
    else:
        ok = False

    return ok


def check_configuration_structure_build(configuration: dict) -> bool:
    ok = True
    if ('submodules' in configuration
       and 'build' in configuration['submodules']
       and isinstance(configuration['submodules'], dict)
       and isinstance(configuration['submodules']['build'], dict)
       and 'pre_commands' in configuration['submodules']['build']
       and 'post_commands' in configuration['submodules']['build']):
        pre = configuration['submodules']['build']['pre_commands']
        post = configuration['submodules']['build']['post_commands']
        pre_commands_block_keys = list(pre.keys())
        ok = ok & check_keys_type(pre_commands_block_keys, str)
        post_commands_block_keys = list(post.keys())
        ok = ok & check_keys_type(post_commands_block_keys, str)

        i = 0
        while ok and i < len(pre):
            pre_section = pre[list(pre.keys())[i]]
            ok = ok & check_values_type(list(pre_section.keys()), pre_section, list, str, True)
            i += 1
        i = 0
        while ok and i < len(post):
            post_section = pre[list(post.keys())[i]]
            ok = ok & check_values_type(list(post_section.keys()), post_section, list, str, True)
            i += 1
    else:
        ok = False

    return ok


def check_configuration_structure(configuration: dict) -> bool:
    ok = True
    if ('repository' in configuration
       and 'submodules' in configuration
       and 'other' in configuration
       and 'path' in configuration['repository']
       and 'remote' in configuration['repository']
       and 'default branch' in configuration['repository']
       and isinstance(configuration['submodules'], dict)
       and isinstance(configuration['repository']['path'], str)
       and isinstance(configuration['repository']['remote'], str)
       and isinstance(configuration['repository']['default branch'], str)
       and 'concurrent_workers' in configuration['other']
       and 'unit_workers_per_block' in configuration['other']
       and isinstance(configuration['other']['concurrent_workers'], int)
       and isinstance(configuration['other']['unit_workers_per_block'], int)
       and 'ignored_are_successuful' in configuration['submodules']
       and 'mark_failed_as_successful' in configuration['submodules']
       and isinstance(configuration['submodules']['ignored_are_successuful'], bool)
       and isinstance(configuration['submodules']['mark_failed_as_successful'], bool)):
        ok = True
    else:
        ok = False

    ok = ok & check_configuration_structure_ignore(configuration)

    return ok


def elements_are_unique(struct: list) -> bool:
    unique = False
    if len(struct) == len(set(struct)):
        unique = True

    return unique


#########################
# Check cache structure #
#########################
def check_cache_structure(cache: dict) -> bool:
    ok = True
    if not isinstance(cache, dict):
        ok = False

    elements = list(cache.keys())

    ok = ok & check_keys_type(elements, str)

    # Check that tags are unique within the same git repository.
    i = 0
    while ok and i < len(cache):
        if not elements_are_unique(cache[elements[i]]):
            ok = ok & False
        i += 1

    ok = ok & check_values_type(elements, cache, list, str, True)

    return ok


###########
# Generic #
###########
def send_notification(message: str, notify: dict):
    m = notify['gotify']['message'] + '\n' + message
    if notify['gotify']['enabled']:
        fpyutils.notify.send_gotify_message(
            notify['gotify']['url'],
            notify['gotify']['token'], m,
            notify['gotify']['title'],
            notify['gotify']['priority'])
    if notify['email']['enabled']:
        fpyutils.notify.send_email(message,
                                   notify['email']['smtp server'],
                                   notify['email']['port'],
                                   notify['email']['sender'],
                                   notify['email']['user'],
                                   notify['email']['password'],
                                   notify['email']['receiver'],
                                   notify['email']['subject'])


# See
# https://stackoverflow.com/a/13847807
# CC BY-SA 4.0
# spiralman, bryant1410
@contextlib.contextmanager
def pushd(new_dir):
    previous_dir = os.getcwd()
    os.chdir(new_dir)
    try:
        yield
    finally:
        os.chdir(previous_dir)


def build_message(total_tags: int, total_successful_tags: int) -> str:
    message = '\ncurrent successful package git tags: ' + str(total_successful_tags)
    message += '\ntotal package git tags: ' + str(total_tags)
    if total_tags != 0:
        message += '\ncurrent success rate percent: ' + str((total_successful_tags / total_tags) * 100)
    else:
        message += '\ncurrent success rate percent: 0'

    return message


def print_information(repository_name: str, git_ref: str, message: str = 'processing'):
    print('\n==========================')
    print('note: ' + message + ': ' + repository_name + '; git ref: ' + git_ref)
    print('==========================\n')


#########
# Files #
#########
def read_yaml_file(file: str) -> dict:
    data = dict()
    if pathlib.Path(file).is_file():
        data = yaml.load(open(file, 'r'), Loader=yaml.SafeLoader)

    return data


def read_cache_file(file: str) -> dict:
    cache = read_yaml_file(file)
    if not check_cache_structure(cache):
        raise InvalidCache

    return cache


def update_cache(cache: dict, new_cache: dict):
    for c in cache:
        if c in new_cache:
            cache[c] = list(set(cache[c]).union(set(new_cache[c])))

    for c in new_cache:
        if c not in cache:
            cache[c] = new_cache[c]


def write_cache(cache: dict, new_cache: dict, cache_file: str):
    print('note: writing cache')

    update_cache(cache, new_cache)

    with open(cache_file, 'w') as f:
        f.write(yaml.dump(cache))


#######
# Git #
#######
def git_get_updates(git_executable: str, repository_path: str, repository_remote: str, repository_default_branch: str):
    with pushd(repository_path):
        fpyutils.shell.execute_command_live_output(
            shlex.quote(git_executable)
            + ' pull '
            + repository_remote
            + ' '
            + repository_default_branch
        )
        fpyutils.shell.execute_command_live_output(shlex.quote(git_executable) + ' submodule sync')

        # We might need to add the '--recursive' option for 'git submodule update'
        # to build certain packages. This means that we still depend from external
        # services at build time if we use that option.
        fpyutils.shell.execute_command_live_output(shlex.quote(git_executable) + ' submodule update --init --remote')

        fpyutils.shell.execute_command_live_output(shlex.quote(git_executable) + ' submodule foreach git fetch --tags --force')


def git_remove_untracked_files(git_executable: str):
    fpyutils.shell.execute_command_live_output(shlex.quote(git_executable) + ' checkout --')
    fpyutils.shell.execute_command_live_output(shlex.quote(git_executable) + ' clean -d --force')


def git_get_tags(git_executable: str) -> list:
    r"""Get the list of tags of a git repository.

    :returns: s, a list of tags. In case the git repository has no tags, s is an empty list.
    """
    s = subprocess.run([shlex.quote(git_executable), 'tag'], check=True, capture_output=True)
    s = s.stdout.decode('UTF-8').rstrip().split('\n')

    # Avoid an empty element when there are no tags.
    if s == ['']:
        s = list()

    return s


def git_filter_processed_tags(tags: list, cache: dict, software_name: str) -> tuple:
    r"""Given a list of tags filter out the ones already present in cache."""
    successful_tags: int = 0

    if software_name in cache:
        total_tags_original = len(tags)
        # Filter tags not already processed.
        tags = list(set(tags) - set(cache[software_name]))

        # Tags already in cache must be successful.
        # In case len(tags) < len(cache[software_name]) because configuration changed,
        # pick the minimum between the two.
        successful_tags = min(len(cache[software_name]), total_tags_original)

        # Git repositories without tags: remove cache reference if present.
        if tags == cache[software_name] and tags == ['']:
            tags = []

    return tags, successful_tags


def git_filter_ignore_tags(tags: list, ignore_objects: dict, skip_tags: bool, software_name: str) -> list:
    r"""Given a list of tags filter out the ones in an ignore list."""
    if skip_tags:
        tags = list(set(tags) - set(ignore_objects[software_name]))

    return tags


def git_get_repository_timestamp(git_executable: str) -> str:
    r"""Return the timestamp of the last git ref."""
    return subprocess.run(
        [
            shlex.quote(git_executable),
            'log',
            '-1',
            '--pretty=%ct'
        ], check=True, capture_output=True).stdout.decode('UTF-8').strip()


##########
# Python #
##########
def build_dist(python_executable: str, git_executable: str):
    r"""Build the Python package in a reproducable way.

        Remove all dev, pre-releases, etc information from the package name.
        Use a static timestamp.
        See
        https://github.com/pypa/build/issues/328#issuecomment-877028239
    """
    subprocess.run(
        [
            shlex.quote(python_executable),
            '-m',
            'build',
            '--sdist',
            '--wheel',
            '-C--global-option=egg_info',
            '-C--global-option=--no-date',
            '-C--global-option=--tag-build=',
            '.'
        ], check=True, env=dict(os.environ, SOURCE_DATE_EPOCH=git_get_repository_timestamp(git_executable)))


def upload_dist(twine_executable: str, pypi_url: str, pypi_username: str, pypi_password: str):
    r"""Push the compiled package to a remote PyPI server."""
    subprocess.run(
        [
            shlex.quote(twine_executable),
            'upload',
            '--repository-url',
            pypi_url,
            '--non-interactive',
            '--skip-existing',
            'dist/*'
        ], check=True, env=dict(os.environ, TWINE_PASSWORD=pypi_password, TWINE_USERNAME=pypi_username))


def skip_objects(ignore_objects: dict, software_name: str) -> tuple:
    r"""Determine whether to skip repositories and/or tags."""
    skip_repository = False
    skip_tags = False
    if software_name in ignore_objects:
        if len(ignore_objects[software_name]) == 0:
            skip_repository = True
            skip_tags = False
        else:
            skip_tags = True

    return skip_repository, skip_tags


def set_base_directory_override(base_directory_override: dict, directory: str, software_name: str) -> pathlib.Path:
    r"""Change to the appropriate directory.

    :returns: directory, the path of the directory where the setup files
        are present.

    ..note: Values are reported in the remote configuration
    """
    old_directory = directory
    if software_name in base_directory_override:
        directory = pathlib.Path(directory, base_directory_override[software_name])
        # Check if inner_directory exists.
        # inner_directory usually is equal to absolute_directory
        if not directory.is_dir():
            # Fallback.
            directory = pathlib.Path(old_directory)
    else:
        directory = pathlib.Path(directory)

    return directory


def build_package_pre_post_commands(command_block: dict):
    for block in command_block:
        cmd = list()
        for c in command_block[block]:
            cmd.append(shlex.quote(c))
        try:
            subprocess.run(cmd, check=True)
        except subprocess.CalledProcessError as e:
            print(e)


def build_package(
    git_executable,
    python_executable,
    rm_executable: str,
    twine_executable,
    pypi_url,
    pypi_user,
    pypi_password,
    cache: dict,
    directory: str,
    software_name: str,
    tag: str,
    base_directory_override: dict,
    submodule_mark_failed_as_successful: bool,
    command_block_pre: dict,
    command_block_post: dict,
) -> int:
    r"""Checkout, compile and push.

    This function processes repositories without tags.
    In this case they are marked as successful but are not added to the cache.
    """
    successful_tag: int = 0
    directory_relative_path = directory.stem
    # Cleanup.
    git_remove_untracked_files(git_executable)

    print_information(directory_relative_path, tag, 'processing')

    # Checkout repository with tags: avoid checking out tagless repositories.
    if tag != str():
        fpyutils.shell.execute_command_live_output(
            shlex.quote(git_executable)
            + ' checkout '
            + tag
        )

    # Decide whether to change directory based on remote configuration.
    inner_directory = set_base_directory_override(base_directory_override, directory, software_name)
    subdirectory_absolute_path = str(inner_directory)
    with pushd(subdirectory_absolute_path):
        fpyutils.shell.execute_command_live_output(shlex.quote(rm_executable) + ' -rf build dist')
        try:
            build_package_pre_post_commands(command_block_pre)
            build_dist(python_executable, git_executable)
            build_package_pre_post_commands(command_block_post)

            upload_dist(twine_executable, pypi_url, pypi_user, pypi_password)

            # Register success in cache yaml file.
            successful_tag = 1
            if tag != str():
                cache[software_name].append(tag)

        except subprocess.CalledProcessError:
            print_information(directory.stem, tag, 'error')

            if submodule_mark_failed_as_successful:
                # Do not add an empty git tag to the cache.
                successful_tag = 1
                if tag != str():
                    cache[software_name].append(tag)

        git_remove_untracked_files(git_executable)

    return successful_tag


def read_remote_configuration(repository_path: str) -> dict:
    """Retrieve the configuration of the remote repository."""
    remote_configuration_file = pathlib.Path(repository_path, 'configuration.yaml')
    remote_config = dict()
    if remote_configuration_file.is_file():
        remote_config = yaml.load(open(remote_configuration_file, 'r'), Loader=yaml.SafeLoader)
        if (not check_configuration_structure_base_directory_override(remote_config)
           or not check_configuration_structure_checkout(remote_config)
           or not check_configuration_structure_build(remote_config)):
            raise InvalidConfiguration

    return remote_config


def worker(args: list) -> tuple:
    directory: pathlib.Path = next(args)
    ignore_objects: dict = next(args)
    cache: dict = next(args)
    submodules_ignored_are_successuful: bool = next(args)
    git_executable: str = next(args)
    python_executable: str = next(args)
    rm_executable: str = next(args)
    twine_executable: str = next(args)
    pypi_url: str = next(args)
    pypi_user: str = next(args)
    pypi_password: str = next(args)
    submodule_mark_failed_as_successful: bool = next(args)
    remote_config: dict = next(args)
    repository_path: str = next(args)

    total_tags_including_processed: int = 0
    total_tags_to_process: int = 0
    total_successful_tags_including_processed: int = 0
    successful_tags: int = 0

    # The software name is used in the cache as key.
    software_name = pathlib.Path(directory).stem
    skip_repository, skip_tags = skip_objects(ignore_objects, software_name)
    submodule_absolute_path = str(pathlib.Path(repository_path, directory))

    # Create a new cache slot.
    if software_name not in cache:
        cache[software_name] = list()

    # Mark ignored repositories as successful if the setting is enabled.
    # Save in cache.
    if (skip_repository
       and submodules_ignored_are_successuful):
        with pushd(submodule_absolute_path):
            tags = git_get_tags(git_executable)

            # Bulk append: all tags are successful.
            cache[software_name] = tags

            total_tags: int = len(tags)
            successful_tags = total_tags
            total_tags_including_processed = total_tags
            total_tags_to_process = total_tags

    # Process the repository normally.
    elif not skip_repository:
        with pushd(submodule_absolute_path):
            # Cleanup previous runs.
            git_remove_untracked_files(git_executable)

            # Get all git tags and iterate.
            tags = git_get_tags(git_executable)
            # Useful to detect tagless repositories.
            total_tags_original = len(tags)

            if total_tags_original > 0:
                # Filter out tags that are in the ignore list.
                tags = git_filter_ignore_tags(tags, ignore_objects, skip_tags, software_name)

                # The 'checkout' section in the remote configuration rewrites all tags.
                if software_name in remote_config['submodules']['checkout']:
                    tags = remote_config['submodules']['checkout'][software_name]

                total_tags_including_processed = len(tags)

                # Filter tags not already processed (i.e: not already in cache marked as successful).
                tags, successful_tags = git_filter_processed_tags(tags, cache, software_name)
                total_tags_to_process = len(tags)
            else:
                # Tagless repositories have 1 dummy tag.
                total_tags_to_process = 1
                total_tags_including_processed = 1

            # Get pre-post build commands.
            if software_name in remote_config['submodules']['build']['pre_commands']:
                pre_commands = remote_config['submodules']['build']['pre_commands'][software_name]
            else:
                pre_commands = dict()
            if software_name in remote_config['submodules']['build']['post_commands']:
                post_commands = remote_config['submodules']['build']['post_commands'][software_name]
            else:
                post_commands = dict()

            # Build the Python package.
            if total_tags_original == 0:
                print('note: tag 1 of 1')
                # Tagless repository. Pass an empty string as tag id.
                successful_tags += build_package(
                    git_executable,
                    python_executable,
                    rm_executable,
                    twine_executable,
                    pypi_url,
                    pypi_user,
                    pypi_password,
                    cache,
                    directory,
                    software_name,
                    str(),
                    remote_config['submodules']['base_directory_override'],
                    submodule_mark_failed_as_successful,
                    pre_commands,
                    post_commands,
                )
            else:
                i = 1
                for t in tags:
                    print('note: tag ' + str(i) + ' of ' + str(len(tags)))
                    successful_tags += build_package(
                        git_executable,
                        python_executable,
                        rm_executable,
                        twine_executable,
                        pypi_url,
                        pypi_user,
                        pypi_password,
                        cache,
                        directory,
                        software_name,
                        t,
                        remote_config['submodules']['base_directory_override'],
                        submodule_mark_failed_as_successful,
                        pre_commands,
                        post_commands,
                    )
                    i += 1

    total_successful_tags_including_processed = successful_tags

    return cache, total_tags_including_processed, total_tags_to_process, total_successful_tags_including_processed


def build_worker_arg(
    directory: pathlib.Path,
    ignore_objects: dict,
    cache: dict,
    submodules_ignored_are_successuful: bool,
    git_executable,
    python_executable: str,
    rm_executable: str,
    twine_executable: str,
    pypi_url: str,
    pypi_user: str,
    pypi_password: str,
    submodule_mark_failed_as_successful: str,
    remote_config: dict,
    repository_path: str
) -> iter:

    return iter([directory, ignore_objects, cache, submodules_ignored_are_successuful,
                 git_executable, python_executable, rm_executable, twine_executable, pypi_url,
                 pypi_user, pypi_password, submodule_mark_failed_as_successful, remote_config, repository_path])


def process(
    cache: dict,
    cache_file: str,
    ignore_objects: dict,
    submodules_ignored_are_successuful: bool,
    notify: dict,
    git_executable: str,
    python_executable: str,
    rm_executable: str,
    twine_executable: str,
    pypi_url: str,
    pypi_user: str,
    pypi_password: str,
    repository_path: str,
    repository_remote: str,
    repository_default_branch: str,
    submodule_mark_failed_as_successful: bool,
    concurrent_workers: int = multiprocessing.cpu_count(),
    unit_workers_per_block: int = 1,
):
    quit: bool = False

    # Define and register the signals.
    def signal_handler(*args):
        global quit
        quit = True
        print('\n==========================')
        print('note: signal received. finished queued workers and writing ' + str(len(cache)) + ' repository elements to cache before exit')
        print('==========================\n')
    signal.signal(signal.SIGINT, signal_handler)
    signal.signal(signal.SIGTERM, signal_handler)

    # Autodetect.
    if concurrent_workers <= 0:
        concurrent_workers = multiprocessing.cpu_count()
    if unit_workers_per_block <= 0:
        unit_workers_per_block = 1

    git_get_updates(git_executable, repository_path, repository_remote, repository_default_branch)

    remote_config = read_remote_configuration(repository_path)

    # Go to the submodules subdirectory.
    repository_path = pathlib.Path(repository_path, 'submodules')

    dirs: list = [x for x in pathlib.Path(repository_path).iterdir()]
    len_dirs: int = len(dirs)
    n: int = 0
    new_cache: dict = dict()
    new_total_tags_including_processed: int = 0
    new_total_tags_to_process: int = 0
    new_total_successful_tags: int = 0
    import copy
    tmp_cache: dict = copy.deepcopy(cache)

    while n < len_dirs and not quit:
        signal.signal(signal.SIGINT, signal.SIG_IGN)
        signal.signal(signal.SIGTERM, signal.SIG_IGN)
        signal.signal(signal.SIGABRT, signal.SIG_IGN)
        signal.signal(signal.SIGALRM, signal.SIG_IGN)

        remaining_dirs: int = len_dirs - n
        args: list = list()
        step = min(concurrent_workers * unit_workers_per_block, remaining_dirs)

        print('note: remaining ' + str(remaining_dirs) + ' repositories')

        for i in range(0, step):
            # Skip non.directories and the ./.git directory.
            if dirs[n + i].is_dir() and dirs[n + i].stem != '.git':
                args.append(build_worker_arg(dirs[n + i], ignore_objects, tmp_cache,
                            submodules_ignored_are_successuful, git_executable,
                            python_executable, rm_executable, twine_executable, pypi_url,
                            pypi_user, pypi_password, submodule_mark_failed_as_successful,
                            remote_config, repository_path))

        pool = multiprocessing.Pool(processes=concurrent_workers)
        try:
            signal.signal(signal.SIGINT, signal_handler)
            signal.signal(signal.SIGTERM, signal_handler)
            signal.signal(signal.SIGABRT, signal_handler)
            signal.signal(signal.SIGALRM, signal_handler)
            result = pool.map_async(worker, args)
            rr = result.get(timeout=3600)
            for r in rr:
                update_cache(new_cache, r[0])
                new_total_tags_including_processed += r[1]
                new_total_tags_to_process += r[2]
                new_total_successful_tags += r[3]
        except (KeyboardInterrupt, InterruptedError):
            pool.terminate()
            pool.join()
            quit = True
        else:
            pool.close()
            pool.join()

        n += step

    if pool:
        # Cleanup.
        pool.close()
        pool.join()

    write_cache(cache, new_cache, cache_file)

    message = build_message(new_total_tags_including_processed, new_total_successful_tags)
    print(message)
    send_notification(message, notify)


if __name__ == '__main__':
    def main():
        configuration_file = shlex.quote(sys.argv[1])
        config = yaml.load(open(configuration_file, 'r'), Loader=yaml.SafeLoader)
        if not check_configuration_structure(config):
            raise InvalidConfiguration

        dirs = AppDirs('build_pypi_packages')
        # Read the cache file.
        if config['files']['cache']['clear']:
            shutil.rmtree(dirs.user_cache_dir, ignore_errors=True)
        pathlib.Path(dirs.user_cache_dir).mkdir(mode=0o700, exist_ok=True, parents=True)
        cache_file = str(pathlib.Path(dirs.user_cache_dir, config['files']['cache']['file']))
        cache = read_cache_file(cache_file)

        process(
            cache,
            cache_file,
            config['submodules']['ignore'],
            config['submodules']['ignored_are_successuful'],
            config['notify'],
            config['files']['executables']['git'],
            config['files']['executables']['python'],
            config['files']['executables']['rm'],
            config['files']['executables']['twine'],
            config['pypi']['url'],
            config['pypi']['username'],
            config['pypi']['password'],
            config['repository']['path'],
            config['repository']['remote'],
            config['repository']['default branch'],
            config['submodules']['mark_failed_as_successful'],
            config['other']['concurrent_workers'],
            config['other']['unit_workers_per_block'],
        )

    main()

add the configuration

/home/jobs/scripts/by-user/python-source-packages-updater/build_python_packages.yaml

#
# build_python_packages.yaml
#
# Copyright (C) 2021-2022 Franco Masotti (franco \D\o\T masotti {-A-T-} tutanota \D\o\T com)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

notify:
    email:
        enabled: false
        smtp server: 'smtp.gmail.com'
        port: 465
        sender: 'myusername@gmail.com'
        user: 'myusername'
        password: 'my awesome password'
        receiver: 'myusername@gmail.com'
        subject: 'update action'
    gotify:
        enabled: false
        url: '<gotify url>'
        token: '<app token>'
        title: 'update action'
        message: 'update action'
        priority: 5


repository:
    path: '/home/jobs/scripts/by-user/pypi-source-packages-updater/python-packages-source'

    remote: 'origin'

    # Default branch of the main repository.
    default branch: 'dev'

submodules:
    ignored are successuful: true
    mark failed as successful: true

    ignore: {}
        # Directory name.
        # Empty list == all otherwise a list of git tags.
        # Example:
        #
        # ignore:
        #   alabaster: []
        #   argon2-cffi:
        #       # Tags names obtained from git tag
        #         - 0.1
        #         - 0.2

files:
    # Relative path (stem) contextually to the user's cache directory.
    cache file: 'cache'
    clear cache: false

    executables:
        git: 'git'
        python: 'python3'
        rm: 'rm'
        twine: 'twine'

pypi:
    url: '<PyPI URL>'
    username: '<PyPI username>'
    password: '<PyPI password>'

other:
    # Put 0 to set worker number automatically based on CPU.
    concurrent_workers: 0

    # If we set other.concurrent_workers = 3 and other.unit_workers_per_block = 4
    # each block will process other.concurrent_workers * other.unit_workers_per_block repositories, i.e: 12.
    # This nuber works better if it's a multiplier of other.concurrent_workers.
    # The bigger this number the more probability you have to lose
    # updates in the cache structure (~/.cache/build_pypi_packages/cache) due to the way signals work.
    unit_workers_per_block: 1

add the helper script. update_and_build_python_packages.sh clones and updates the python-packages-source 14 repository and compiles all the packages

/home/jobs/scripts/by-user/python-source-packages-updater/update_and_build_python_packages.sh

#!/usr/bin/env bash

REPOSITORY='https://software.franco.net.eu.org/frnmst/python-packages-source.git'

pushd /home/jobs/scripts/by-user/python-source-packages-updater
export PATH=$PATH:/home/python-source-packages-updater/.local/bin/

# Clean the existing repository.
rm -rf python-packages-source
rm -rf /home/python-source-packages-updater/.cache/pre-commit
rm -rf /home/python-source-packages-updater/.local/share/virtualenvs

git clone "${REPOSITORY}"

pushd python-packages-source

git checkout dev
git pull

# Always commit and push to dev only.
[ "$(git branch --show-current)" = 'dev' ] || exit 1

# Update all submodules and the stats.
pipenv install --dev
make submodules-update
make submodules-add-gitea
make stats
git add -A
git commit -m "Submodule updates."
git push

popd

# Compile the packages.
./build_python_packages.py ./build_python_packages.yaml

# Cleanup.
rm -rf python-packages-source

popd

add the Systemd service file

/home/jobs/services/by-user/python-source-packages-updater/build-python-packages.service

[Unit]
Description=Build python packages

[Service]
Type=simple
ExecStart=/home/jobs/scripts/by-user/python-source-packages-updater/update_and_build_python_packages.sh
User=python-source-packages-updater
Group=python-source-packages-updater
StandardOutput=null
StandardError=null

add the Systemd timer unit file

/home/jobs/services/by-user/python-source-packages-updater/build-python-packages.timer

[Unit]
Description=Once every week build python packages

[Timer]
OnCalendar=Weekly
Persistent=true

[Install]
WantedBy=timers.target

fix the permissions

chown -R python-source-packages-updater:python-source-packages-updater /home/jobs/{scripts,services}/by-user/python-source-packages-updater
chmod 700 -R /home/jobs/{scripts,services}/by-user/python-source-packages-updater

run the deploy script
To be able to compile most packages you need to manually compile at least these basic ones and push them to you local PyPI server.
- setuptools
- setuptools_scm
- wheel
You can clone the python-packages-source 14 respository then compile and upload these basic packages.
```
sudo -i -u python-source-package-updater
git clone https://software.franco.net.eu.org/frnmst/python-packages-source.git
cd python-packages-source/setuptools
python3 -m build --sdist --wheel
twine upload --repository-url ${your_pypi_index_url} dist/*
exit
```
Important

Some packages might need different dependencies. Have a look at the setup_requires variable in setup.py or in setup.cfg or requires in the pyproject.toml file. If you cannot compile some, download them directly from pypi.python.org.

Updating the package graph

When you run the helper script you can update the stats graph automatically by using a GIT commit hook. The following script generates the graph and copies it to a webserver directory.

connect via SSH to the GIT remote machine and install the dependencies
```
sudo -i
apt-get install git python3 make pipenv
exit
```
connect to the git deploy user
```
sudo -i -u git-deploy
```

configure your remote: add this to the post-receive hooks

${remote_git_repository}/hooks/post-receive

#!/usr/bin/bash -l

IMAGE=""$(echo -n 'frnmst/python-packages-source' | sha1sum | awk '{print $1 }')"_graph0.png"
DOMAIN='assets.franco.net.eu.org'

TMP_GIT_CLONE=""${HOME}"/tmp/python-packages-source"
PUBLIC_WWW="/var/www/${DOMAIN}/image/${IMAGE}"

git clone "${GIT_DIR}" "${TMP_GIT_CLONE}"

pushd "${TMP_GIT_CLONE}"
make install
make plot OUTPUT="${PUBLIC_WWW}"
chmod 770 "${PUBLIC_WWW}"
popd

rm --recursive --force "${TMP_GIT_CLONE}"

Using the PyPI server

change the PyPI index of your programs. See for example https://software.franco.net.eu.org/frnmst/python-packages-source#client-configuration

Footnotes

1: https://guide.debianizzati.org/index.php/Debmirror:_creiamo_un_mirror_Debian CC BY-SA 4.0, Copyright (c) guide.debianizzati contributors
2: https://docs.mirantis.com/mcp/q4-18/mcp-dev-resources/debmirror/debmirror_readme.html unknown license
3: https://www.ducea.com/2006/06/19/apache-tips-tricks-hide-a-file-type-from-directory-indexes/ unknown license
4: https://blog.programster.org/set-up-a-local-ubuntu-mirror-with-apt-mirror unknown license
6: https://bugs.launchpad.net/ubuntu/+source/debmirror/+bug/882941/comments/4 unknown license
9: https://github.com/pypiserver/pypiserver zlib/libpng + MIT license, Copyright (c) 2011-2014 Ralf Schmitt
10: https://github.com/pypiserver/pypiserver#serving-thousands-of-packages zlib/libpng + MIT license, Copyright (c) 2011-2014 Ralf Schmitt
11: https://httpd.apache.org/docs/2.4/caching.html Apache License, Version 2.0. Copyright (c) Apache HTTPD contributors
12: https://httpd.apache.org/docs/2.4/mod/mod_cache.html Apache License, Version 2.0. Copyright (c) Apache HTTPD contributors
13: https://software.franco.net.eu.org/frnmst/automated-tasks GNU GPLv3+, copyright (c) 2019-2022, Franco Masotti
14(1,2,3): https://software.franco.net.eu.org/frnmst/python-packages-source GPLv3+, Copyright (C) 2021-2022, Franco Masotti
15: https://stackoverflow.com/a/13847807 CC BY-SA 4.0, Copyright (c) 2012, 2020, spiralman, bryant1410 (at stackoverflow.com)
16: https://github.com/pypa/build/issues/328#issuecomment-877028239 unknown license