Sync from SUSE:SLFO:Main python-pip revision 26e3a93f00851570ad2b739b3c34d300

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

_multibuild

@@ -0,0 +1,4 @@
+<multibuild>
+  <package>test</package>
+  <package>wheel</package>
+</multibuild>

distutils-reproducible-compile.patch

@@ -0,0 +1,17 @@
+---
+ src/pip/_vendor/distlib/wheel.py |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
+===================================================================
+--- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
++++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
+@@ -567,7 +567,7 @@ class Wheel(object):
+             maker.source_dir = workdir
+             maker.target_dir = None
+             try:
+-                for zinfo in zf.infolist():
++                for zinfo in sorted(zf.infolist()):
+                     arcname = zinfo.filename
+                     if isinstance(arcname, text_type):
+                         u_arcname = arcname

pip-shipped-requests-cabundle.patch

@@ -0,0 +1,148 @@
+---
+ src/pip/_vendor/certifi/core.py |  105 +++-------------------------------------
+ tests/unit/test_options.py      |    5 +
+ 2 files changed, 13 insertions(+), 97 deletions(-)
+
+--- a/src/pip/_vendor/certifi/core.py
++++ b/src/pip/_vendor/certifi/core.py
+@@ -3,106 +3,17 @@ certifi.py
+ ~~~~~~~~~~
+ 
+ This module returns the installation location of cacert.pem or its contents.
++Patched by openSUSE: return the system bundle
+ """
+-import sys
+ 
++def read_text(_module=None, _path=None, encoding="ascii"):
++    with open(where(), "r", encoding=encoding) as data:
++        return data.read()
+ 
+-if sys.version_info >= (3, 11):
+ 
+-    from importlib.resources import as_file, files
++def where() -> str:
++    return "/etc/ssl/ca-bundle.pem"
+ 
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
+-
+-    def where() -> str:
+-        # This is slightly terrible, but we want to delay extracting the file
+-        # in cases where we're inside of a zipimport situation until someone
+-        # actually calls where(), but we don't want to re-extract the file
+-        # on every call of where(), so we'll do it once then store it in a
+-        # global variable.
+-        global _CACERT_CTX
+-        global _CACERT_PATH
+-        if _CACERT_PATH is None:
+-            # This is slightly janky, the importlib.resources API wants you to
+-            # manage the cleanup of this file, so it doesn't actually return a
+-            # path, it returns a context manager that will give you the path
+-            # when you enter it and will do any cleanup when you leave it. In
+-            # the common case of not needing a temporary file, it will just
+-            # return the file system location and the __exit__() is a no-op.
+-            #
+-            # We also have to hold onto the actual context manager, because
+-            # it will do the cleanup whenever it gets garbage collected, so
+-            # we will also store that at the global level as well.
+-            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
+-            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-
+-        return _CACERT_PATH
+-
+-    def contents() -> str:
+-        return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
+-
+-elif sys.version_info >= (3, 7):
+-
+-    from importlib.resources import path as get_path, read_text
+-
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
+-
+-    def where() -> str:
+-        # This is slightly terrible, but we want to delay extracting the
+-        # file in cases where we're inside of a zipimport situation until
+-        # someone actually calls where(), but we don't want to re-extract
+-        # the file on every call of where(), so we'll do it once then store
+-        # it in a global variable.
+-        global _CACERT_CTX
+-        global _CACERT_PATH
+-        if _CACERT_PATH is None:
+-            # This is slightly janky, the importlib.resources API wants you
+-            # to manage the cleanup of this file, so it doesn't actually
+-            # return a path, it returns a context manager that will give
+-            # you the path when you enter it and will do any cleanup when
+-            # you leave it. In the common case of not needing a temporary
+-            # file, it will just return the file system location and the
+-            # __exit__() is a no-op.
+-            #
+-            # We also have to hold onto the actual context manager, because
+-            # it will do the cleanup whenever it gets garbage collected, so
+-            # we will also store that at the global level as well.
+-            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
+-            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-
+-        return _CACERT_PATH
+-
+-    def contents() -> str:
+-        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+-
+-else:
+-    import os
+-    import types
+-    from typing import Union
+-
+-    Package = Union[types.ModuleType, str]
+-    Resource = Union[str, "os.PathLike"]
+-
+-    # This fallback will work for Python versions prior to 3.7 that lack the
+-    # importlib.resources module but relies on the existing `where` function
+-    # so won't address issues with environments like PyOxidizer that don't set
+-    # __file__ on modules.
+-    def read_text(
+-        package: Package,
+-        resource: Resource,
+-        encoding: str = 'utf-8',
+-        errors: str = 'strict'
+-    ) -> str:
+-        with open(where(), encoding=encoding) as data:
+-            return data.read()
+-
+-    # If we don't have importlib.resources, then we will just do the old logic
+-    # of assuming we're on the filesystem and munge the path directly.
+-    def where() -> str:
+-        f = os.path.dirname(__file__)
+ 
+-        return os.path.join(f, "cacert.pem")
+-
+-    def contents() -> str:
+-        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
++def contents() -> str:
++    return read_text(encoding="ascii")
+--- a/tests/unit/test_options.py
++++ b/tests/unit/test_options.py
+@@ -1,4 +1,5 @@
+ import os
++import os.path
+ from contextlib import contextmanager
+ from optparse import Values
+ from tempfile import NamedTemporaryFile
+@@ -11,6 +12,7 @@ from pip._internal.cli.main import main
+ from pip._internal.commands import create_command
+ from pip._internal.commands.configuration import ConfigurationCommand
+ from pip._internal.exceptions import PipError
++from pip._vendor.certifi import where
+ from tests.lib.options_helpers import AddFakeCommandMixin
+ 
+ 
+@@ -618,6 +620,9 @@ class TestOptionsConfigFiles:
+         else:
+             assert expect == cmd._determine_file(options, need_value=False)
+ 
++    def test_certificates(self):
++        assert os.path.exists(where())
++
+ 
+ class TestOptionsExpandUser(AddFakeCommandMixin):
+     def test_cache_dir(self) -> None:

python-pip.spec

@@ -0,0 +1,194 @@
+#
+# spec file
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global flavor @BUILD_FLAVOR@%{nil}
+%if "%{flavor}" == "test"
+%define psuffix -test
+%bcond_without test
+%bcond_with wheel
+%else
+%if "%{flavor}" == "wheel"
+%define psuffix -wheel
+%bcond_without wheel
+%bcond_with test
+%else
+%define psuffix %{nil}
+%bcond_with test
+%bcond_with wheel
+%endif
+%endif
+%global skip_python2 1
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
+%{?sle15_python_module_pythons}
+Name:           python-pip%{psuffix}
+Version:        23.3.2
+Release:        0
+Summary:        A Python package management system
+License:        MIT
+URL:            https://pip.pypa.io
+# The PyPI archive lacks the tests
+Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
+# PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package
+Patch0:         pip-shipped-requests-cabundle.patch
+# PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
+# To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
+Patch1:         distutils-reproducible-compile.patch
+BuildRequires:  %{python_module base >= 3.7}
+BuildRequires:  %{python_module setuptools >= 40.8.0}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros >= 20210929
+Requires:       ca-certificates
+Requires:       coreutils
+Requires:       python-setuptools
+Requires:       python-xml
+Recommends:     ca-certificates-mozilla
+BuildArch:      noarch
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+%endif
+%if %{with test}
+# Test requirements:
+BuildRequires:  %{python_module PyYAML}
+BuildRequires:  %{python_module Werkzeug}
+BuildRequires:  %{python_module cryptography}
+BuildRequires:  %{python_module docutils}
+BuildRequires:  %{python_module freezegun}
+BuildRequires:  %{python_module installer}
+BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module scripttest}
+BuildRequires:  %{python_module setuptools-wheel}
+BuildRequires:  %{python_module virtualenv >= 1.10}
+BuildRequires:  %{python_module wheel}
+BuildRequires:  ca-certificates
+BuildRequires:  git-core
+%if 0%{?suse_version} <= 1500
+BuildRequires:  %{python_module mock}
+%endif
+%endif
+%if %{with wheel}
+BuildRequires:  %{python_module wheel}
+%endif
+%python_subpackages
+
+%description
+Pip is a replacement for easy_install. It uses mostly the same techniques for
+finding packages, so packages that were made easy_installable should be
+pip-installable as well.
+
+%prep
+# Unbundling is not advised by upstream. See src/pip/_vendor/README.rst
+# Exception: Use our own cabundle. Adapted patch from python-certifi package
+%autosetup -p1 -n pip-%{version}
+
+rm src/pip/_vendor/certifi/cacert.pem
+
+%if %{with test}
+mkdir -p tests/data/common_wheels
+%python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
+%endif
+# remove shebangs verbosely (if only sed would offer a verbose mode...)
+for f in $(find src -name \*.py -exec grep -l '^#!%{_bindir}/env' {} \;); do
+    sed -i 's|^#!%{_bindir}/env .*$||g' $f
+done
+
+# Remove windows executable binaries
+# bsc#1212015
+rm -v src/pip/_vendor/distlib/*.exe
+sed -i '/\.exe/d' setup.py
+
+%build
+%if ! %{with wheel}
+%python_build
+%else
+%python_exec setup.py bdist_wheel --universal
+%endif
+
+%if !%{with test} && !%{with wheel}
+%install
+%python_install
+%python_clone -a %{buildroot}%{_bindir}/pip
+%python_clone -a %{buildroot}%{_bindir}/pip3
+# if we just cloned to pip3-2.7 delete it
+rm -f %{buildroot}%{_bindir}/pip3-2*
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+%endif
+
+%if %{with wheel}
+%python_expand install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
+%endif
+
+%if %{with test}
+%check
+export PYTHONPATH=$(pwd)/build/lib
+# Looks broken with 22.3.1
+donttest="test_pip_self_version_check_calls_underlying_implementation"
+%pytest -m "not network" -k "not ($donttest)" tests/unit
+%endif
+
+%pre
+# Since /usr/bin/pip became ghosted to be used with update-alternatives, we have to get rid
+# of the old binary resulting from the non-update-alternatives-ified package:
+[ -h %{_bindir}/pip ] || rm -f %{_bindir}/pip
+[ -h %{_bindir}/pip3 ] || rm -f %{_bindir}/pip3
+# If libalternatives is used: Removing old update-alternatives entries.
+%python_libalternatives_reset_alternative pip
+
+%if !%{with test} && !%{with wheel}
+%post
+# keep the alternative groups separate. Users could decide to let pip and pip3 point to
+# different flavors
+%python_install_alternative pip
+%if "%{python_flavor}" != "python2"
+%python_install_alternative pip3
+%endif
+
+%postun
+%python_uninstall_alternative pip
+%python_uninstall_alternative pip3
+%endif
+
+%files %{python_files}
+%if !%{with test} && !%{with wheel}
+%license LICENSE.txt
+%doc AUTHORS.txt NEWS.rst README.rst
+%python_alternative %{_bindir}/pip
+%if "%{python_flavor}" == "python2"
+%{_bindir}/pip2
+%else
+%python_alternative %{_bindir}/pip3
+%endif
+%{_bindir}/pip%{python_bin_suffix}
+%{python_sitelib}/pip-%{version}*-info
+%{python_sitelib}/pip
+%endif
+
+%if %{with wheel}
+%dir %{python_sitelib}/../wheels
+%{python_sitelib}/../wheels/*
+%endif
+
+%changelog