WIP

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=22
2023-05-06 15:58:32 +00:00 · 2023-05-06 15:58:32 +00:00 · 613696a4ad
commit 613696a4ad
parent d476f0a8d4
3 changed files with 113 additions and 3 deletions
--- a/589-colorized-pip23.patch
+++ b/589-colorized-pip23.patch
@ -0,0 +1,36 @@
+From 4f5362fccc908820574fdbac2f6b6871c0f371c5 Mon Sep 17 00:00:00 2001
+From: Henry Schreiner <henryschreineriii@gmail.com>
+Date: Wed, 15 Mar 2023 09:33:53 -0400
+Subject: [PATCH] tests: strip formatting from stderr (pip 23)
+
+Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
+---
+ tests/test_main.py | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_main.py b/tests/test_main.py
+index e924d8bd..456ff749 100644
+--- a/tests/test_main.py
+++ b/tests/test_main.py
+@@ -20,6 +20,8 @@
+ cwd = os.getcwd()
+ out = os.path.join(cwd, 'dist')
+ 
+ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
+
+ 
+ @pytest.mark.parametrize(
+     ('cli_args', 'build_args', 'hook'),
+@@ -368,8 +370,10 @@ def test_output_env_subprocess_error(
+     assert stdout[:4] == stdout_body
+     assert stdout[-1].startswith(stdout_error)
+ 
+-    assert len(stderr) == 1
+-    assert stderr[0].startswith('ERROR: Invalid requirement: ')
+    # Newer versions of pip also color stderr - strip them if present
+    cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip()
+    assert len(cleaned_stderr.splitlines()) == 1
+    assert cleaned_stderr.startswith('ERROR: Invalid requirement: ')
+ 
+ 
+ @pytest.mark.parametrize(
--- a/609-filter-out-malicious.patch
+++ b/609-filter-out-malicious.patch
@ -0,0 +1,68 @@
+From 083fde33e7593d8ff9add04bd4d237a3ddcbfe44 Mon Sep 17 00:00:00 2001
+From: layday <layday@protonmail.com>
+Date: Fri, 28 Apr 2023 15:22:53 +0300
+Subject: [PATCH] main: filter out malicious files when extracting tar archives
+
+See https://peps.python.org/pep-0706/.
+---
+ src/build/__main__.py |    5 +++--
+ src/build/util.py     |   14 +++++++++++++-
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+--- a/src/build/__main__.py
+++ b/src/build/__main__.py
+@@ -9,7 +9,6 @@ import platform
+ import shutil
+ import subprocess
+ import sys
+-import tarfile
+ import tempfile
+ import textwrap
+ import traceback
+@@ -228,6 +227,8 @@ def build_package_via_sdist(
+     :param isolation: Isolate the build in a separate environment
+     :param skip_dependency_check: Do not perform the dependency check
+     """
+    from .util import TarFile
+
+     if 'sdist' in distributions:
+         raise ValueError('Only binary distributions are allowed but sdist was specified')
+ 
+@@ -238,7 +239,7 @@ def build_package_via_sdist(
+     sdist_out = tempfile.mkdtemp(prefix='build-via-sdist-')
+     built: list[str] = []
+     # extract sdist
+-    with tarfile.open(sdist) as t:
+    with TarFile.open(sdist) as t:
+         t.extractall(sdist_out)
+         try:
+             builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')]))
+--- a/src/build/util.py
+++ b/src/build/util.py
+@@ -5,6 +5,7 @@ from __future__ import annotations
+ import os
+ import pathlib
+ import sys
+import tarfile
+ import tempfile
+ 
+ import pyproject_hooks
+@@ -56,6 +57,17 @@ def project_wheel_metadata(
+         return _project_wheel_metadata(builder)
+ 
+ 
+# Per https://peps.python.org/pep-0706/, the "data" filter will become
+# the default in Python 3.14.
+if sys.version_info >= (3, 12) and sys.version_info < (3, 14):
+
+    class TarFile(tarfile.TarFile):
+        extraction_filter = tarfile.data_filter
+
+else:
+    TarFile = tarfile.TarFile
+
+
+ __all__ = [
+-    'project_wheel_metadata',
+    'project_wheel_metadata', 'TarFile',
+ ]
--- a/python-build.spec
+++ b/python-build.spec
@ -39,8 +39,14 @@ Source0:        https://github.com/pypa/build/archive/%{version}.tar.gz#/build-%
 Source10:       https://files.pythonhosted.org/packages/py2.py3/w/wheel/wheel-0.37.1-py2.py3-none-any.whl
 Source11:       https://files.pythonhosted.org/packages/py3/f/flit-core/flit_core-3.8.0-py3-none-any.whl
 Source12:       https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl
-# PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114
-Patch0:         support-pip-23.patch
+# PATCH-FIX-UPSTREAM 589-colorized-pip23.patch gh#pypa/build#587 mcepl@suse.com
+# Different style of colouring in pip 23 (actually I see it even with pip 22)
+Patch0:         589-colorized-pip23.patch
+# PATCH-FIX-UPSTREAM 609-filter-out-malicious.patch gh#pypa/build!609 mcepl@suse.com
+# With new tarfile filters, there is now new warning
+Patch1:         609-filter-out-malicious.patch
+# # PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114
+# Patch0:         support-pip-23.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module flit-core >= 3.4}
 BuildRequires:  %{python_module pip}
@ -94,7 +100,7 @@ mkdir -p wheels
 cp %{SOURCE10} %{SOURCE11} %{SOURCE12} wheels/
 export PIP_FIND_LINKS="%{python3_sitelib}/../wheels $PWD/wheels"
 pushd tests
-%pytest -n auto -x
+%pytest -n auto
 popd
 %endif