Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-pip revision d000c3dc37c44e12c3703e67d1c669b8
This commit is contained in:
commit
2421673472
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
27
CVE-2023-5752-r-param-hg.patch
Normal file
27
CVE-2023-5752-r-param-hg.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 389cb799d0da9a840749fcd14878928467ed49b4 Mon Sep 17 00:00:00 2001
|
||||
From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
|
||||
Date: Sun, 1 Oct 2023 14:10:25 +0100
|
||||
Subject: [PATCH 1/2] Use `-r=...` instead of `-r ...` for hg
|
||||
|
||||
This ensures that the resulting revision can not be misinterpreted as an
|
||||
option.
|
||||
---
|
||||
news/12306.bugfix.rst | 1 +
|
||||
src/pip/_internal/vcs/mercurial.py | 2 +-
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
--- /dev/null
|
||||
+++ b/news/12306.bugfix.rst
|
||||
@@ -0,0 +1 @@
|
||||
+Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial.
|
||||
--- a/src/pip/_internal/vcs/mercurial.py
|
||||
+++ b/src/pip/_internal/vcs/mercurial.py
|
||||
@@ -31,7 +31,7 @@ class Mercurial(VersionControl):
|
||||
|
||||
@staticmethod
|
||||
def get_base_rev_args(rev: str) -> List[str]:
|
||||
- return [rev]
|
||||
+ return ["-r={}".format(rev)]
|
||||
|
||||
def fetch_new(
|
||||
self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int
|
17
distutils-reproducible-compile.patch
Normal file
17
distutils-reproducible-compile.patch
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
src/pip/_vendor/distlib/wheel.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
|
||||
===================================================================
|
||||
--- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
|
||||
+++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
|
||||
@@ -567,7 +567,7 @@ class Wheel(object):
|
||||
maker.source_dir = workdir
|
||||
maker.target_dir = None
|
||||
try:
|
||||
- for zinfo in zf.infolist():
|
||||
+ for zinfo in sorted(zf.infolist()):
|
||||
arcname = zinfo.filename
|
||||
if isinstance(arcname, text_type):
|
||||
u_arcname = arcname
|
BIN
pip-22.3.1-gh.tar.gz
(Stored with Git LFS)
Normal file
BIN
pip-22.3.1-gh.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
152
pip-shipped-requests-cabundle.patch
Normal file
152
pip-shipped-requests-cabundle.patch
Normal file
@ -0,0 +1,152 @@
|
||||
---
|
||||
src/pip/_vendor/certifi/core.py | 70 ++++------------------------------------
|
||||
tests/unit/test_options.py | 5 ++
|
||||
2 files changed, 13 insertions(+), 62 deletions(-)
|
||||
|
||||
Index: pip-22.3.1/src/pip/_vendor/certifi/core.py
|
||||
===================================================================
|
||||
--- pip-22.3.1.orig/src/pip/_vendor/certifi/core.py
|
||||
+++ pip-22.3.1/src/pip/_vendor/certifi/core.py
|
||||
@@ -3,106 +3,17 @@ certifi.py
|
||||
~~~~~~~~~~
|
||||
|
||||
This module returns the installation location of cacert.pem or its contents.
|
||||
+Patched by openSUSE: return the system bundle
|
||||
"""
|
||||
-import sys
|
||||
|
||||
+def read_text(_module=None, _path=None, encoding="ascii"):
|
||||
+ with open(where(), "r", encoding=encoding) as data:
|
||||
+ return data.read()
|
||||
|
||||
-if sys.version_info >= (3, 11):
|
||||
|
||||
- from importlib.resources import as_file, files
|
||||
+def where() -> str:
|
||||
+ return "/etc/ssl/ca-bundle.pem"
|
||||
|
||||
- _CACERT_CTX = None
|
||||
- _CACERT_PATH = None
|
||||
-
|
||||
- def where() -> str:
|
||||
- # This is slightly terrible, but we want to delay extracting the file
|
||||
- # in cases where we're inside of a zipimport situation until someone
|
||||
- # actually calls where(), but we don't want to re-extract the file
|
||||
- # on every call of where(), so we'll do it once then store it in a
|
||||
- # global variable.
|
||||
- global _CACERT_CTX
|
||||
- global _CACERT_PATH
|
||||
- if _CACERT_PATH is None:
|
||||
- # This is slightly janky, the importlib.resources API wants you to
|
||||
- # manage the cleanup of this file, so it doesn't actually return a
|
||||
- # path, it returns a context manager that will give you the path
|
||||
- # when you enter it and will do any cleanup when you leave it. In
|
||||
- # the common case of not needing a temporary file, it will just
|
||||
- # return the file system location and the __exit__() is a no-op.
|
||||
- #
|
||||
- # We also have to hold onto the actual context manager, because
|
||||
- # it will do the cleanup whenever it gets garbage collected, so
|
||||
- # we will also store that at the global level as well.
|
||||
- _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
|
||||
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
|
||||
-
|
||||
- return _CACERT_PATH
|
||||
-
|
||||
- def contents() -> str:
|
||||
- return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
|
||||
-
|
||||
-elif sys.version_info >= (3, 7):
|
||||
-
|
||||
- from importlib.resources import path as get_path, read_text
|
||||
-
|
||||
- _CACERT_CTX = None
|
||||
- _CACERT_PATH = None
|
||||
-
|
||||
- def where() -> str:
|
||||
- # This is slightly terrible, but we want to delay extracting the
|
||||
- # file in cases where we're inside of a zipimport situation until
|
||||
- # someone actually calls where(), but we don't want to re-extract
|
||||
- # the file on every call of where(), so we'll do it once then store
|
||||
- # it in a global variable.
|
||||
- global _CACERT_CTX
|
||||
- global _CACERT_PATH
|
||||
- if _CACERT_PATH is None:
|
||||
- # This is slightly janky, the importlib.resources API wants you
|
||||
- # to manage the cleanup of this file, so it doesn't actually
|
||||
- # return a path, it returns a context manager that will give
|
||||
- # you the path when you enter it and will do any cleanup when
|
||||
- # you leave it. In the common case of not needing a temporary
|
||||
- # file, it will just return the file system location and the
|
||||
- # __exit__() is a no-op.
|
||||
- #
|
||||
- # We also have to hold onto the actual context manager, because
|
||||
- # it will do the cleanup whenever it gets garbage collected, so
|
||||
- # we will also store that at the global level as well.
|
||||
- _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
|
||||
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
|
||||
-
|
||||
- return _CACERT_PATH
|
||||
-
|
||||
- def contents() -> str:
|
||||
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
|
||||
-
|
||||
-else:
|
||||
- import os
|
||||
- import types
|
||||
- from typing import Union
|
||||
-
|
||||
- Package = Union[types.ModuleType, str]
|
||||
- Resource = Union[str, "os.PathLike"]
|
||||
-
|
||||
- # This fallback will work for Python versions prior to 3.7 that lack the
|
||||
- # importlib.resources module but relies on the existing `where` function
|
||||
- # so won't address issues with environments like PyOxidizer that don't set
|
||||
- # __file__ on modules.
|
||||
- def read_text(
|
||||
- package: Package,
|
||||
- resource: Resource,
|
||||
- encoding: str = 'utf-8',
|
||||
- errors: str = 'strict'
|
||||
- ) -> str:
|
||||
- with open(where(), encoding=encoding) as data:
|
||||
- return data.read()
|
||||
-
|
||||
- # If we don't have importlib.resources, then we will just do the old logic
|
||||
- # of assuming we're on the filesystem and munge the path directly.
|
||||
- def where() -> str:
|
||||
- f = os.path.dirname(__file__)
|
||||
|
||||
- return os.path.join(f, "cacert.pem")
|
||||
-
|
||||
- def contents() -> str:
|
||||
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
|
||||
+def contents() -> str:
|
||||
+ return read_text(encoding="ascii")
|
||||
Index: pip-22.3.1/tests/unit/test_options.py
|
||||
===================================================================
|
||||
--- pip-22.3.1.orig/tests/unit/test_options.py
|
||||
+++ pip-22.3.1/tests/unit/test_options.py
|
||||
@@ -1,4 +1,5 @@
|
||||
import os
|
||||
+import os.path
|
||||
from contextlib import contextmanager
|
||||
from optparse import Values
|
||||
from tempfile import NamedTemporaryFile
|
||||
@@ -11,6 +12,7 @@ from pip._internal.cli.main import main
|
||||
from pip._internal.commands import create_command
|
||||
from pip._internal.commands.configuration import ConfigurationCommand
|
||||
from pip._internal.exceptions import PipError
|
||||
+from pip._vendor.certifi import where
|
||||
from tests.lib.options_helpers import AddFakeCommandMixin
|
||||
|
||||
|
||||
@@ -619,6 +621,9 @@ class TestOptionsConfigFiles:
|
||||
else:
|
||||
assert expect == cmd._determine_file(options, need_value=False)
|
||||
|
||||
+ def test_certificates(self):
|
||||
+ assert os.path.exists(where())
|
||||
+
|
||||
|
||||
class TestOptionsExpandUser(AddFakeCommandMixin):
|
||||
def test_cache_dir(self) -> None:
|
2003
saltbundlepy-pip.changes
Normal file
2003
saltbundlepy-pip.changes
Normal file
File diff suppressed because it is too large
Load Diff
200
saltbundlepy-pip.spec
Normal file
200
saltbundlepy-pip.spec
Normal file
@ -0,0 +1,200 @@
|
||||
#
|
||||
# spec file for package saltbundlepy-pip
|
||||
#
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
|
||||
%define pythons saltbundlepy
|
||||
|
||||
|
||||
%global flavor @BUILD_FLAVOR@%{nil}
|
||||
%if "%{flavor}" == "test"
|
||||
%define psuffix -test
|
||||
%bcond_without test
|
||||
%bcond_with wheel
|
||||
%else
|
||||
%if "%{flavor}" == "wheel"
|
||||
%define psuffix -wheel
|
||||
%bcond_without wheel
|
||||
%else
|
||||
%define psuffix %{nil}
|
||||
%bcond_with test
|
||||
%bcond_with wheel
|
||||
%endif
|
||||
%endif
|
||||
Name: saltbundlepy-pip%{psuffix}
|
||||
Version: 22.3.1
|
||||
Release: 0
|
||||
Summary: A Python package management system
|
||||
License: MIT
|
||||
URL: http://www.pip-installer.org
|
||||
# The PyPI archive lacks the tests
|
||||
Source: https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
|
||||
# PATCH-FIX-OPENSUSE return-CA-bundle-for-distro.patch -- adapted patch from saltbundlepy-certifi package
|
||||
Patch0: pip-shipped-requests-cabundle.patch
|
||||
# PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
|
||||
# To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
|
||||
Patch1: distutils-reproducible-compile.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2023-5752-r-param-hg.patch bsc#1217353 mcepl@suse.com
|
||||
# avoid configurable injection via hg parameter
|
||||
Patch2: CVE-2023-5752-r-param-hg.patch
|
||||
BuildRequires: %{saltbundlepy_module base >= 3.10}
|
||||
BuildRequires: %{saltbundlepy_module setuptools >= 40.8.0}
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: saltbundlepy-rpm-macros
|
||||
Requires: ca-certificates
|
||||
Requires: coreutils
|
||||
Requires: saltbundlepy-setuptools
|
||||
Requires: saltbundlepy-xml
|
||||
Requires(post): update-alternatives
|
||||
Requires(postun): update-alternatives
|
||||
BuildArch: noarch
|
||||
%if %{with test}
|
||||
# Test requirements:
|
||||
BuildRequires: %{saltbundlepy_module PyYAML}
|
||||
BuildRequires: %{saltbundlepy_module Werkzeug}
|
||||
BuildRequires: %{saltbundlepy_module cryptography}
|
||||
BuildRequires: %{saltbundlepy_module csv23}
|
||||
BuildRequires: %{saltbundlepy_module docutils}
|
||||
BuildRequires: %{saltbundlepy_module freezegun}
|
||||
BuildRequires: %{saltbundlepy_module pretend}
|
||||
BuildRequires: %{saltbundlepy_module pytest}
|
||||
BuildRequires: %{saltbundlepy_module scripttest}
|
||||
BuildRequires: %{saltbundlepy_module setuptools-wheel}
|
||||
BuildRequires: %{saltbundlepy_module virtualenv >= 1.10}
|
||||
BuildRequires: %{saltbundlepy_module wheel}
|
||||
%if 0%{?suse_version} <= 1500
|
||||
BuildRequires: %{saltbundlepy_module mock}
|
||||
%endif
|
||||
BuildRequires: ca-certificates
|
||||
BuildRequires: git
|
||||
BuildRequires: subversion
|
||||
%endif
|
||||
%if %{with wheel}
|
||||
BuildRequires: %{saltbundlepy_module wheel}
|
||||
%endif
|
||||
%python_subpackages
|
||||
|
||||
%description
|
||||
Pip is a replacement for easy_install. It uses mostly the same techniques for
|
||||
finding packages, so packages that were made easy_installable should be
|
||||
pip-installable as well.
|
||||
|
||||
%prep
|
||||
# Unbundling is not advised by upstream. See src/pip/_vendor/README.rst
|
||||
# Exception: Use our own cabundle. Adapted patch from python-certifi package
|
||||
%autosetup -p1 -n pip-%{version}
|
||||
|
||||
%if 0%{?suse_version}
|
||||
export CA_BUNDLE_PATH=/etc/ssl/ca-bundle.pem
|
||||
%endif
|
||||
%if 0%{?rhel} || 0%{?fedora} || 0%{?openeuler_version}
|
||||
export CA_BUNDLE_PATH=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
%endif
|
||||
%if 0%{?debian_version} || 0%{?ubuntu_version}
|
||||
export CA_BUNDLE_PATH=/etc/ssl/certs/ca-certificates.crt
|
||||
%endif
|
||||
if [ -z "${CA_BUNDLE_PATH}" ]; then
|
||||
echo "Error: Unable to define CA bundle path!"
|
||||
exit 1
|
||||
fi
|
||||
sed -i "s#/etc/ssl/ca-bundle.pem#${CA_BUNDLE_PATH}#" src/pip/_vendor/certifi/core.py
|
||||
|
||||
rm src/pip/_vendor/certifi/cacert.pem
|
||||
|
||||
%if %{with test}
|
||||
mkdir -p tests/data/common_wheels
|
||||
%python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
|
||||
%endif
|
||||
# remove shebangs verbosely (if only sed would offer a verbose mode...)
|
||||
for f in $(find src -name \*.py -exec grep -l '^#!%{_bindir}/env' {} \;); do
|
||||
sed -i 's|^#!%{_bindir}/env .*$||g' $f
|
||||
done
|
||||
# Remove windows executable binaries
|
||||
# bsc#1212015
|
||||
rm -v src/pip/_vendor/distlib/*.exe
|
||||
sed -i '/\.exe/d' setup.py
|
||||
|
||||
%build
|
||||
%if ! %{with wheel}
|
||||
%python_build
|
||||
%else
|
||||
%python_exec setup.py bdist_wheel --universal
|
||||
%endif
|
||||
|
||||
%if !%{with test} && !%{with wheel}
|
||||
%install
|
||||
%python_install
|
||||
%python_clone -a %{buildroot}%{_bindir}/pip
|
||||
%python_clone -a %{buildroot}%{_bindir}/pip3
|
||||
# if we just cloned to pip3-2.7 delete it
|
||||
rm -f %{buildroot}%{_bindir}/pip3-2*
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
%endif
|
||||
|
||||
%if %{with wheel}
|
||||
%python_expand install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
|
||||
%endif
|
||||
|
||||
%if %{with test}
|
||||
%check
|
||||
export PYTHONPATH=$(pwd)/build/lib
|
||||
# Looks broken with 22.3.1
|
||||
donttest="test_pip_self_version_check_calls_underlying_implementation"
|
||||
%pytest -m "not network" -k "not ($donttest)" tests/unit
|
||||
%endif
|
||||
|
||||
%pre
|
||||
# Since /usr/bin/pip became ghosted to be used with update-alternatives, we have to get rid
|
||||
# of the old binary resulting from the non-update-alternatives-ified package:
|
||||
[ -h %{_bindir}/pip ] || rm -f %{_bindir}/pip
|
||||
[ -h %{_bindir}/pip3 ] || rm -f %{_bindir}/pip3
|
||||
# If libalternatives is used: Removing old update-alternatives entries.
|
||||
%python_libalternatives_reset_alternative pip
|
||||
|
||||
%if !%{with test} && !%{with wheel}
|
||||
%post
|
||||
# keep the alternative groups separate. Users could decide to let pip and pip3 point to
|
||||
# different flavors
|
||||
%python_install_alternative pip
|
||||
%python_install_alternative pip3
|
||||
|
||||
%postun
|
||||
%python_uninstall_alternative pip
|
||||
%python_uninstall_alternative pip3
|
||||
%endif
|
||||
|
||||
%files %{python_files}
|
||||
%if !%{with test} && !%{with wheel}
|
||||
%license LICENSE.txt
|
||||
%doc AUTHORS.txt NEWS.rst README.rst
|
||||
%python_alternative %{_bindir}/pip
|
||||
%if "%{python_flavor}" == "python2"
|
||||
%{_bindir}/pip2
|
||||
%else
|
||||
%python_alternative %{_bindir}/pip3
|
||||
%endif
|
||||
%{_bindir}/pip%{python_bin_suffix}
|
||||
%{python_sitelib}/pip-%{version}*-info
|
||||
%{python_sitelib}/pip
|
||||
%endif
|
||||
|
||||
%if %{with wheel}
|
||||
%dir %{python_sitelib}/../wheels
|
||||
%{python_sitelib}/../wheels/*
|
||||
%endif
|
||||
|
||||
%changelog
|
Loading…
Reference in New Issue
Block a user