create_pygmentize_bundle: use pypi's JSON API

The old XML-RPC API is considered deprecated and is now rate limited,
such that making two queries in quick succession (like this script does)
hits the limit. Fix by using the JSON API.

While we're here, use the SHA256 sum instead of MD5.

Change-Id: Ib2156649e234d974cc4fc75807a5d140aa99bd44

pygments/create_pygmentize_bundle

@@ -7,11 +7,11 @@
 """
 import hashlib
 import io
+import json
 import os
 import stat
 import textwrap
 import urllib.request
-import xmlrpc.client
 import zipfile
 
 
@@ -28,14 +28,15 @@ PYGMENTIZE_LAUNCHER = textwrap.dedent('''\
 
 
 print('Querying PyPI for the latest Pygments release...')
-pypi = xmlrpc.client.ServerProxy('https://pypi.python.org/pypi')
-latest_version = pypi.package_releases('Pygments')[0]
+req = urllib.request.urlopen('https://pypi.python.org/pypi/Pygments/json')
+data = json.loads(req.read().decode('utf-8'))
+latest_version = data['info']['version']
 url = None
-for release in pypi.release_urls('Pygments', latest_version):
+for release in data['releases'][latest_version]:
     if (release['packagetype'] == 'bdist_wheel' and
            'py3' in release['python_version']):
         url = release['url']
-        md5_digest = release['md5_digest']
+        digest = release['digests']['sha256']
         break
 
 if not url:
@@ -46,8 +47,8 @@ req = urllib.request.urlopen(url)
 buf = io.BytesIO(req.read())
 
 print('Verifying...')
-if hashlib.md5(buf.getvalue()).hexdigest() != md5_digest:
-    raise RuntimeError('MD5 checksum mismatch.')
+if hashlib.sha256(buf.getvalue()).hexdigest() != digest:
+    raise RuntimeError('checksum mismatch!')
 
 print('Creating executable ZIP bundle...')
 with zipfile.ZipFile(buf, 'a') as zf:
@@ -67,3 +68,4 @@ with open(os.path.join(script_dir, 'VERSION'), 'w') as f:
     f.write(latest_version + '\n')
 
 print('Done. Wrote %s bytes to %s' % (len(data), file_path))
+print("Don't forget to run updateCSS.php and updateLexerList.php (in ../maintenance).")