Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-pip revision d000c3dc37c44e12c3703e67d1c669b8

This commit is contained in:
Adrian Schröter 2024-07-15 12:55:32 +02:00
commit 2421673472
7 changed files with 2425 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@ -0,0 +1,27 @@
From 389cb799d0da9a840749fcd14878928467ed49b4 Mon Sep 17 00:00:00 2001
From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
Date: Sun, 1 Oct 2023 14:10:25 +0100
Subject: [PATCH 1/2] Use `-r=...` instead of `-r ...` for hg
This ensures that the resulting revision can not be misinterpreted as an
option.
---
news/12306.bugfix.rst | 1 +
src/pip/_internal/vcs/mercurial.py | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--- /dev/null
+++ b/news/12306.bugfix.rst
@@ -0,0 +1 @@
+Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial.
--- a/src/pip/_internal/vcs/mercurial.py
+++ b/src/pip/_internal/vcs/mercurial.py
@@ -31,7 +31,7 @@ class Mercurial(VersionControl):
@staticmethod
def get_base_rev_args(rev: str) -> List[str]:
- return [rev]
+ return ["-r={}".format(rev)]
def fetch_new(
self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int

View File

@ -0,0 +1,17 @@
---
src/pip/_vendor/distlib/wheel.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
===================================================================
--- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
+++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
@@ -567,7 +567,7 @@ class Wheel(object):
maker.source_dir = workdir
maker.target_dir = None
try:
- for zinfo in zf.infolist():
+ for zinfo in sorted(zf.infolist()):
arcname = zinfo.filename
if isinstance(arcname, text_type):
u_arcname = arcname

BIN
pip-22.3.1-gh.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,152 @@
---
src/pip/_vendor/certifi/core.py | 70 ++++------------------------------------
tests/unit/test_options.py | 5 ++
2 files changed, 13 insertions(+), 62 deletions(-)
Index: pip-22.3.1/src/pip/_vendor/certifi/core.py
===================================================================
--- pip-22.3.1.orig/src/pip/_vendor/certifi/core.py
+++ pip-22.3.1/src/pip/_vendor/certifi/core.py
@@ -3,106 +3,17 @@ certifi.py
~~~~~~~~~~
This module returns the installation location of cacert.pem or its contents.
+Patched by openSUSE: return the system bundle
"""
-import sys
+def read_text(_module=None, _path=None, encoding="ascii"):
+ with open(where(), "r", encoding=encoding) as data:
+ return data.read()
-if sys.version_info >= (3, 11):
- from importlib.resources import as_file, files
+def where() -> str:
+ return "/etc/ssl/ca-bundle.pem"
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the file
- # in cases where we're inside of a zipimport situation until someone
- # actually calls where(), but we don't want to re-extract the file
- # on every call of where(), so we'll do it once then store it in a
- # global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you to
- # manage the cleanup of this file, so it doesn't actually return a
- # path, it returns a context manager that will give you the path
- # when you enter it and will do any cleanup when you leave it. In
- # the common case of not needing a temporary file, it will just
- # return the file system location and the __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
-
-elif sys.version_info >= (3, 7):
-
- from importlib.resources import path as get_path, read_text
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the
- # file in cases where we're inside of a zipimport situation until
- # someone actually calls where(), but we don't want to re-extract
- # the file on every call of where(), so we'll do it once then store
- # it in a global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you
- # to manage the cleanup of this file, so it doesn't actually
- # return a path, it returns a context manager that will give
- # you the path when you enter it and will do any cleanup when
- # you leave it. In the common case of not needing a temporary
- # file, it will just return the file system location and the
- # __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
-
-else:
- import os
- import types
- from typing import Union
-
- Package = Union[types.ModuleType, str]
- Resource = Union[str, "os.PathLike"]
-
- # This fallback will work for Python versions prior to 3.7 that lack the
- # importlib.resources module but relies on the existing `where` function
- # so won't address issues with environments like PyOxidizer that don't set
- # __file__ on modules.
- def read_text(
- package: Package,
- resource: Resource,
- encoding: str = 'utf-8',
- errors: str = 'strict'
- ) -> str:
- with open(where(), encoding=encoding) as data:
- return data.read()
-
- # If we don't have importlib.resources, then we will just do the old logic
- # of assuming we're on the filesystem and munge the path directly.
- def where() -> str:
- f = os.path.dirname(__file__)
- return os.path.join(f, "cacert.pem")
-
- def contents() -> str:
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+def contents() -> str:
+ return read_text(encoding="ascii")
Index: pip-22.3.1/tests/unit/test_options.py
===================================================================
--- pip-22.3.1.orig/tests/unit/test_options.py
+++ pip-22.3.1/tests/unit/test_options.py
@@ -1,4 +1,5 @@
import os
+import os.path
from contextlib import contextmanager
from optparse import Values
from tempfile import NamedTemporaryFile
@@ -11,6 +12,7 @@ from pip._internal.cli.main import main
from pip._internal.commands import create_command
from pip._internal.commands.configuration import ConfigurationCommand
from pip._internal.exceptions import PipError
+from pip._vendor.certifi import where
from tests.lib.options_helpers import AddFakeCommandMixin
@@ -619,6 +621,9 @@ class TestOptionsConfigFiles:
else:
assert expect == cmd._determine_file(options, need_value=False)
+ def test_certificates(self):
+ assert os.path.exists(where())
+
class TestOptionsExpandUser(AddFakeCommandMixin):
def test_cache_dir(self) -> None:

2003
saltbundlepy-pip.changes Normal file

File diff suppressed because it is too large Load Diff

200
saltbundlepy-pip.spec Normal file
View File

@ -0,0 +1,200 @@
#
# spec file for package saltbundlepy-pip
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
%define pythons saltbundlepy
%global flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "test"
%define psuffix -test
%bcond_without test
%bcond_with wheel
%else
%if "%{flavor}" == "wheel"
%define psuffix -wheel
%bcond_without wheel
%else
%define psuffix %{nil}
%bcond_with test
%bcond_with wheel
%endif
%endif
Name: saltbundlepy-pip%{psuffix}
Version: 22.3.1
Release: 0
Summary: A Python package management system
License: MIT
URL: http://www.pip-installer.org
# The PyPI archive lacks the tests
Source: https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
# PATCH-FIX-OPENSUSE return-CA-bundle-for-distro.patch -- adapted patch from saltbundlepy-certifi package
Patch0: pip-shipped-requests-cabundle.patch
# PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
# To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
Patch1: distutils-reproducible-compile.patch
# PATCH-FIX-UPSTREAM CVE-2023-5752-r-param-hg.patch bsc#1217353 mcepl@suse.com
# avoid configurable injection via hg parameter
Patch2: CVE-2023-5752-r-param-hg.patch
BuildRequires: %{saltbundlepy_module base >= 3.10}
BuildRequires: %{saltbundlepy_module setuptools >= 40.8.0}
BuildRequires: fdupes
BuildRequires: saltbundlepy-rpm-macros
Requires: ca-certificates
Requires: coreutils
Requires: saltbundlepy-setuptools
Requires: saltbundlepy-xml
Requires(post): update-alternatives
Requires(postun): update-alternatives
BuildArch: noarch
%if %{with test}
# Test requirements:
BuildRequires: %{saltbundlepy_module PyYAML}
BuildRequires: %{saltbundlepy_module Werkzeug}
BuildRequires: %{saltbundlepy_module cryptography}
BuildRequires: %{saltbundlepy_module csv23}
BuildRequires: %{saltbundlepy_module docutils}
BuildRequires: %{saltbundlepy_module freezegun}
BuildRequires: %{saltbundlepy_module pretend}
BuildRequires: %{saltbundlepy_module pytest}
BuildRequires: %{saltbundlepy_module scripttest}
BuildRequires: %{saltbundlepy_module setuptools-wheel}
BuildRequires: %{saltbundlepy_module virtualenv >= 1.10}
BuildRequires: %{saltbundlepy_module wheel}
%if 0%{?suse_version} <= 1500
BuildRequires: %{saltbundlepy_module mock}
%endif
BuildRequires: ca-certificates
BuildRequires: git
BuildRequires: subversion
%endif
%if %{with wheel}
BuildRequires: %{saltbundlepy_module wheel}
%endif
%python_subpackages
%description
Pip is a replacement for easy_install. It uses mostly the same techniques for
finding packages, so packages that were made easy_installable should be
pip-installable as well.
%prep
# Unbundling is not advised by upstream. See src/pip/_vendor/README.rst
# Exception: Use our own cabundle. Adapted patch from python-certifi package
%autosetup -p1 -n pip-%{version}
%if 0%{?suse_version}
export CA_BUNDLE_PATH=/etc/ssl/ca-bundle.pem
%endif
%if 0%{?rhel} || 0%{?fedora} || 0%{?openeuler_version}
export CA_BUNDLE_PATH=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
%endif
%if 0%{?debian_version} || 0%{?ubuntu_version}
export CA_BUNDLE_PATH=/etc/ssl/certs/ca-certificates.crt
%endif
if [ -z "${CA_BUNDLE_PATH}" ]; then
echo "Error: Unable to define CA bundle path!"
exit 1
fi
sed -i "s#/etc/ssl/ca-bundle.pem#${CA_BUNDLE_PATH}#" src/pip/_vendor/certifi/core.py
rm src/pip/_vendor/certifi/cacert.pem
%if %{with test}
mkdir -p tests/data/common_wheels
%python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
%endif
# remove shebangs verbosely (if only sed would offer a verbose mode...)
for f in $(find src -name \*.py -exec grep -l '^#!%{_bindir}/env' {} \;); do
sed -i 's|^#!%{_bindir}/env .*$||g' $f
done
# Remove windows executable binaries
# bsc#1212015
rm -v src/pip/_vendor/distlib/*.exe
sed -i '/\.exe/d' setup.py
%build
%if ! %{with wheel}
%python_build
%else
%python_exec setup.py bdist_wheel --universal
%endif
%if !%{with test} && !%{with wheel}
%install
%python_install
%python_clone -a %{buildroot}%{_bindir}/pip
%python_clone -a %{buildroot}%{_bindir}/pip3
# if we just cloned to pip3-2.7 delete it
rm -f %{buildroot}%{_bindir}/pip3-2*
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%endif
%if %{with wheel}
%python_expand install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
%endif
%if %{with test}
%check
export PYTHONPATH=$(pwd)/build/lib
# Looks broken with 22.3.1
donttest="test_pip_self_version_check_calls_underlying_implementation"
%pytest -m "not network" -k "not ($donttest)" tests/unit
%endif
%pre
# Since /usr/bin/pip became ghosted to be used with update-alternatives, we have to get rid
# of the old binary resulting from the non-update-alternatives-ified package:
[ -h %{_bindir}/pip ] || rm -f %{_bindir}/pip
[ -h %{_bindir}/pip3 ] || rm -f %{_bindir}/pip3
# If libalternatives is used: Removing old update-alternatives entries.
%python_libalternatives_reset_alternative pip
%if !%{with test} && !%{with wheel}
%post
# keep the alternative groups separate. Users could decide to let pip and pip3 point to
# different flavors
%python_install_alternative pip
%python_install_alternative pip3
%postun
%python_uninstall_alternative pip
%python_uninstall_alternative pip3
%endif
%files %{python_files}
%if !%{with test} && !%{with wheel}
%license LICENSE.txt
%doc AUTHORS.txt NEWS.rst README.rst
%python_alternative %{_bindir}/pip
%if "%{python_flavor}" == "python2"
%{_bindir}/pip2
%else
%python_alternative %{_bindir}/pip3
%endif
%{_bindir}/pip%{python_bin_suffix}
%{python_sitelib}/pip-%{version}*-info
%{python_sitelib}/pip
%endif
%if %{with wheel}
%dir %{python_sitelib}/../wheels
%{python_sitelib}/../wheels/*
%endif
%changelog