{"id":3802,"library":"setuptools-download","title":"setuptools-download: Setuptools Plugin for External File Downloads","description":"setuptools-download is a plugin for setuptools that enables the declarative downloading of external files as part of a Python package's build process. It allows specifying URLs, SHA256 checksums, and extraction methods (zip, tar) directly within the `pyproject.toml` or `setup.cfg` file. Currently at version 1.1.0, it is actively maintained with infrequent but targeted releases.","status":"active","version":"1.1.0","language":"en","source_language":"en","source_url":"https://github.com/asottile/setuptools-download","tags":["setuptools","packaging","build-system","download","declarative"],"install":[{"cmd":"pip install setuptools-download","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"This library is a plugin for setuptools and requires it to function. It should be listed in your build-system requirements.","package":"setuptools","optional":false}],"imports":[],"quickstart":{"code":"# pyproject.toml\n[build-system]\nrequires = [\"setuptools>=61.0\", \"setuptools-download==1.1.0\"]\nbuild-backend = \"setuptools.build_meta\"\n\n[project]\nname = \"my-package-with-downloads\"\nversion = \"0.0.1\"\ndescription = \"A package that downloads an external file during build\"\nreadme = \"README.md\"\nrequires-python = \">=3.8\"\n\n[tool.setuptools-download]\n# Define a download target: key is an arbitrary name, value is a table of settings\ndownload_example_asset = {\n    url = \"https://example.com/sample.txt\",\n    sha256 = \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\", # SHA256 of an empty file, replace with actual asset's SHA256\n    dest = \"src/my_package/data/sample.txt\"\n}\n\n# To build the package (which triggers the download):\npip install build\npython -m build\n","lang":"toml","description":"setuptools-download is configured declaratively, typically in `pyproject.toml` under the `[tool.setuptools-download]` section. Each download is defined by a unique key (e.g., `download_example_asset`) with required `url` and `sha256` fields, and an optional `dest` field. After configuration, running `python -m build` will execute the download as part of the source distribution (sdist) or wheel (bdist_wheel) build process. Replace `url` and `sha256` with your actual file and its checksum."},"warnings":[{"fix":"Always provide the correct SHA256 checksum for each file you intend to download.","message":"The `sha256` checksum is a mandatory field for every download entry. Omitting it will result in a build error. This is a security feature to ensure the integrity and authenticity of downloaded files.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Prefer using `pyproject.toml` (recommended) or `setup.cfg` to define download operations.","message":"This plugin is designed for declarative configuration via `pyproject.toml` or `setup.cfg`. While `setuptools` still supports `setup.py`, relying on direct programmatic usage within `setup.py` for `setuptools-download`'s features is not the intended or documented pattern and may not work as expected.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Pin your `setuptools` version in `pyproject.toml`'s `build-system.requires` (e.g., `setuptools>=61.0,<80.0.0`) and regularly test against newer `setuptools` releases.","message":"As a plugin, setuptools-download operates within the setuptools build environment. Frequent breaking changes in upstream `setuptools` (e.g., removal of `setup.py` commands, stricter configuration parsing, changes to internal APIs) can indirectly affect this plugin's functionality or the project's ability to build. Users should pin specific versions of `setuptools` for stability.","severity":"breaking","affected_versions":"setuptools versions >=70.0.0, >=78.0.0, >=80.0.0"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}