From 014ebb2a4a011bc0e56a9329d547aa8b25cc5c8f55a94213966fee9748796120 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Tue, 2 May 2023 08:05:44 +0000 Subject: [PATCH 1/6] - Add patch support-pip-23.patch: * pip 23 also colorizes output, confusing the test. - Add patch support-tarfile-data-filter.patch: * Set tarfile.data_filter if available. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=19 --- python-build.changes | 8 +++++++ python-build.spec | 5 ++++- support-pip-23.patch | 36 +++++++++++++++++++++++++++++++ support-tarfile-data-filter.patch | 12 +++++++++++ 4 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 support-pip-23.patch create mode 100644 support-tarfile-data-filter.patch diff --git a/python-build.changes b/python-build.changes index 03d2a49..e012442 100644 --- a/python-build.changes +++ b/python-build.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue May 2 08:04:24 UTC 2023 - Steve Kowalik + +- Add patch support-pip-23.patch: + * pip 23 also colorizes output, confusing the test. +- Add patch support-tarfile-data-filter.patch: + * Set tarfile.data_filter if available. + ------------------------------------------------------------------- Fri Apr 21 12:22:56 UTC 2023 - Dirk Müller diff --git a/python-build.spec b/python-build.spec index 7af6423..651671a 100644 --- a/python-build.spec +++ b/python-build.spec @@ -34,13 +34,16 @@ Version: 0.10.0 Release: 0 Summary: Simple PEP517 package builder License: MIT -Group: Development/Languages/Python URL: https://github.com/pypa/build Source0: https://github.com/pypa/build/archive/%{version}.tar.gz#/build-%{version}.tar.gz # Needs the wheels for wheel, flit-core, pytoml, and tomli for testing Source10: https://files.pythonhosted.org/packages/py2.py3/w/wheel/wheel-0.37.1-py2.py3-none-any.whl Source11: https://files.pythonhosted.org/packages/py3/f/flit-core/flit_core-3.8.0-py3-none-any.whl Source12: https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl +# PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114 +Patch0: support-pip-23.patch +# PATCH-FIX-OPENSUSE Support new tarfile data_filter +Patch1: support-tarfile-data-filter.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module flit-core >= 3.4} BuildRequires: %{python_module pip} diff --git a/support-pip-23.patch b/support-pip-23.patch new file mode 100644 index 0000000..0089f10 --- /dev/null +++ b/support-pip-23.patch @@ -0,0 +1,36 @@ +From b52fdbd70550a9ef58e65b3376cec1e9951d2114 Mon Sep 17 00:00:00 2001 +From: Henry Schreiner +Date: Wed, 15 Mar 2023 09:33:53 -0400 +Subject: [PATCH] tests: strip formatting from stderr (pip 23) + +Signed-off-by: Henry Schreiner +--- + tests/test_main.py | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tests/test_main.py b/tests/test_main.py +index e924d8bd..456ff749 100644 +--- a/tests/test_main.py ++++ b/tests/test_main.py +@@ -20,6 +20,8 @@ + cwd = os.getcwd() + out = os.path.join(cwd, 'dist') + ++ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])') ++ + + @pytest.mark.parametrize( + ('cli_args', 'build_args', 'hook'), +@@ -368,8 +370,10 @@ def test_output_env_subprocess_error( + assert stdout[:4] == stdout_body + assert stdout[-1].startswith(stdout_error) + +- assert len(stderr) == 1 +- assert stderr[0].startswith('ERROR: Invalid requirement: ') ++ # Newer versions of pip also color stderr - strip them if present ++ cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip() ++ assert len(cleaned_stderr.splitlines()) == 1 ++ assert cleaned_stderr.startswith('ERROR: Invalid requirement: ') + + + @pytest.mark.parametrize( diff --git a/support-tarfile-data-filter.patch b/support-tarfile-data-filter.patch new file mode 100644 index 0000000..c9d98c6 --- /dev/null +++ b/support-tarfile-data-filter.patch @@ -0,0 +1,12 @@ +Index: build-0.10.0/src/build/__main__.py +=================================================================== +--- build-0.10.0.orig/src/build/__main__.py ++++ build-0.10.0/src/build/__main__.py +@@ -239,6 +239,7 @@ def build_package_via_sdist( + built: list[str] = [] + # extract sdist + with tarfile.open(sdist) as t: ++ t.extraction_filter = getattr(tarfile, 'data_filter', (lambda m, path: m)) + t.extractall(sdist_out) + try: + builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')])) From 2a1cc284b3b917db68d9edd17139023127e3a8d72c1e52f4d05b31d05a74e26d Mon Sep 17 00:00:00 2001 From: Benjamin Greiner Date: Tue, 2 May 2023 10:58:17 +0000 Subject: [PATCH 2/6] Accepting request 1084005 from home:bnavigator:branches:devel:languages:python - Remove support-tarfile-data-filter.patch: better documentation required, preferable supported through upstream * gh#pypa/build#609 OBS-URL: https://build.opensuse.org/request/show/1084005 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=20 --- python-build.changes | 7 +++++++ python-build.spec | 5 +---- support-tarfile-data-filter.patch | 12 ------------ 3 files changed, 8 insertions(+), 16 deletions(-) delete mode 100644 support-tarfile-data-filter.patch diff --git a/python-build.changes b/python-build.changes index e012442..535bae7 100644 --- a/python-build.changes +++ b/python-build.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue May 2 10:52:23 UTC 2023 - Ben Greiner + +- Remove support-tarfile-data-filter.patch: better documentation + required, preferable supported through upstream + * gh#pypa/build#609 + ------------------------------------------------------------------- Tue May 2 08:04:24 UTC 2023 - Steve Kowalik diff --git a/python-build.spec b/python-build.spec index 651671a..09cf06a 100644 --- a/python-build.spec +++ b/python-build.spec @@ -27,7 +27,6 @@ # wheeldir of name build does not work well with this packagename gh#openSUSE/python-rpm-macros#157 %define _pyproject_wheeldir distwheel -%define skip_python2 1 %{?sle15_python_module_pythons} Name: python-build%{psuffix} Version: 0.10.0 @@ -42,8 +41,6 @@ Source11: https://files.pythonhosted.org/packages/py3/f/flit-core/flit_cor Source12: https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl # PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114 Patch0: support-pip-23.patch -# PATCH-FIX-OPENSUSE Support new tarfile data_filter -Patch1: support-tarfile-data-filter.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module flit-core >= 3.4} BuildRequires: %{python_module pip} @@ -111,7 +108,7 @@ popd %license LICENSE %python_alternative %{_bindir}/pyproject-build %{python_sitelib}/build -%{python_sitelib}/build-%{version}*-info +%{python_sitelib}/build-%{version}.dist-info %endif %changelog diff --git a/support-tarfile-data-filter.patch b/support-tarfile-data-filter.patch deleted file mode 100644 index c9d98c6..0000000 --- a/support-tarfile-data-filter.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: build-0.10.0/src/build/__main__.py -=================================================================== ---- build-0.10.0.orig/src/build/__main__.py -+++ build-0.10.0/src/build/__main__.py -@@ -239,6 +239,7 @@ def build_package_via_sdist( - built: list[str] = [] - # extract sdist - with tarfile.open(sdist) as t: -+ t.extraction_filter = getattr(tarfile, 'data_filter', (lambda m, path: m)) - t.extractall(sdist_out) - try: - builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')])) From d476f0a8d4e3c02ba979afb445301d312428a0f871979aba980c2e8444817635 Mon Sep 17 00:00:00 2001 From: Benjamin Greiner Date: Tue, 2 May 2023 11:59:55 +0000 Subject: [PATCH 3/6] * ignore the DeprecationWarning instead OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=21 --- python-build.changes | 1 + python-build.spec | 2 ++ 2 files changed, 3 insertions(+) diff --git a/python-build.changes b/python-build.changes index 535bae7..bb03cc6 100644 --- a/python-build.changes +++ b/python-build.changes @@ -4,6 +4,7 @@ Tue May 2 10:52:23 UTC 2023 - Ben Greiner - Remove support-tarfile-data-filter.patch: better documentation required, preferable supported through upstream * gh#pypa/build#609 + * ignore the DeprecationWarning instead ------------------------------------------------------------------- Tue May 2 08:04:24 UTC 2023 - Steve Kowalik diff --git a/python-build.spec b/python-build.spec index 09cf06a..8c985d1 100644 --- a/python-build.spec +++ b/python-build.spec @@ -75,6 +75,8 @@ It is a simple build tool and does not perform any dependency management. %prep %autosetup -p1 -n build-%{version} +# until we have gh#pypa/build#609 +sed -i '/"error",/ a \ "ignore::DeprecationWarning:tarfile",' pyproject.toml %if !%{with test} %build From 613696a4ad9b51a46cf9d5275565af4f7cf0acf02ea322a041fd135b51cd93e2 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 6 May 2023 15:58:32 +0000 Subject: [PATCH 4/6] WIP OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=22 --- 589-colorized-pip23.patch | 36 ++++++++++++++++++ 609-filter-out-malicious.patch | 68 ++++++++++++++++++++++++++++++++++ python-build.spec | 12 ++++-- 3 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 589-colorized-pip23.patch create mode 100644 609-filter-out-malicious.patch diff --git a/589-colorized-pip23.patch b/589-colorized-pip23.patch new file mode 100644 index 0000000..9f533aa --- /dev/null +++ b/589-colorized-pip23.patch @@ -0,0 +1,36 @@ +From 4f5362fccc908820574fdbac2f6b6871c0f371c5 Mon Sep 17 00:00:00 2001 +From: Henry Schreiner +Date: Wed, 15 Mar 2023 09:33:53 -0400 +Subject: [PATCH] tests: strip formatting from stderr (pip 23) + +Signed-off-by: Henry Schreiner +--- + tests/test_main.py | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tests/test_main.py b/tests/test_main.py +index e924d8bd..456ff749 100644 +--- a/tests/test_main.py ++++ b/tests/test_main.py +@@ -20,6 +20,8 @@ + cwd = os.getcwd() + out = os.path.join(cwd, 'dist') + ++ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])') ++ + + @pytest.mark.parametrize( + ('cli_args', 'build_args', 'hook'), +@@ -368,8 +370,10 @@ def test_output_env_subprocess_error( + assert stdout[:4] == stdout_body + assert stdout[-1].startswith(stdout_error) + +- assert len(stderr) == 1 +- assert stderr[0].startswith('ERROR: Invalid requirement: ') ++ # Newer versions of pip also color stderr - strip them if present ++ cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip() ++ assert len(cleaned_stderr.splitlines()) == 1 ++ assert cleaned_stderr.startswith('ERROR: Invalid requirement: ') + + + @pytest.mark.parametrize( diff --git a/609-filter-out-malicious.patch b/609-filter-out-malicious.patch new file mode 100644 index 0000000..7ae4d70 --- /dev/null +++ b/609-filter-out-malicious.patch @@ -0,0 +1,68 @@ +From 083fde33e7593d8ff9add04bd4d237a3ddcbfe44 Mon Sep 17 00:00:00 2001 +From: layday +Date: Fri, 28 Apr 2023 15:22:53 +0300 +Subject: [PATCH] main: filter out malicious files when extracting tar archives + +See https://peps.python.org/pep-0706/. +--- + src/build/__main__.py | 5 +++-- + src/build/util.py | 14 +++++++++++++- + 2 files changed, 16 insertions(+), 3 deletions(-) + +--- a/src/build/__main__.py ++++ b/src/build/__main__.py +@@ -9,7 +9,6 @@ import platform + import shutil + import subprocess + import sys +-import tarfile + import tempfile + import textwrap + import traceback +@@ -228,6 +227,8 @@ def build_package_via_sdist( + :param isolation: Isolate the build in a separate environment + :param skip_dependency_check: Do not perform the dependency check + """ ++ from .util import TarFile ++ + if 'sdist' in distributions: + raise ValueError('Only binary distributions are allowed but sdist was specified') + +@@ -238,7 +239,7 @@ def build_package_via_sdist( + sdist_out = tempfile.mkdtemp(prefix='build-via-sdist-') + built: list[str] = [] + # extract sdist +- with tarfile.open(sdist) as t: ++ with TarFile.open(sdist) as t: + t.extractall(sdist_out) + try: + builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')])) +--- a/src/build/util.py ++++ b/src/build/util.py +@@ -5,6 +5,7 @@ from __future__ import annotations + import os + import pathlib + import sys ++import tarfile + import tempfile + + import pyproject_hooks +@@ -56,6 +57,17 @@ def project_wheel_metadata( + return _project_wheel_metadata(builder) + + ++# Per https://peps.python.org/pep-0706/, the "data" filter will become ++# the default in Python 3.14. ++if sys.version_info >= (3, 12) and sys.version_info < (3, 14): ++ ++ class TarFile(tarfile.TarFile): ++ extraction_filter = tarfile.data_filter ++ ++else: ++ TarFile = tarfile.TarFile ++ ++ + __all__ = [ +- 'project_wheel_metadata', ++ 'project_wheel_metadata', 'TarFile', + ] diff --git a/python-build.spec b/python-build.spec index 8c985d1..ca1b7c9 100644 --- a/python-build.spec +++ b/python-build.spec @@ -39,8 +39,14 @@ Source0: https://github.com/pypa/build/archive/%{version}.tar.gz#/build-% Source10: https://files.pythonhosted.org/packages/py2.py3/w/wheel/wheel-0.37.1-py2.py3-none-any.whl Source11: https://files.pythonhosted.org/packages/py3/f/flit-core/flit_core-3.8.0-py3-none-any.whl Source12: https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl -# PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114 -Patch0: support-pip-23.patch +# PATCH-FIX-UPSTREAM 589-colorized-pip23.patch gh#pypa/build#587 mcepl@suse.com +# Different style of colouring in pip 23 (actually I see it even with pip 22) +Patch0: 589-colorized-pip23.patch +# PATCH-FIX-UPSTREAM 609-filter-out-malicious.patch gh#pypa/build!609 mcepl@suse.com +# With new tarfile filters, there is now new warning +Patch1: 609-filter-out-malicious.patch +# # PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114 +# Patch0: support-pip-23.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module flit-core >= 3.4} BuildRequires: %{python_module pip} @@ -94,7 +100,7 @@ mkdir -p wheels cp %{SOURCE10} %{SOURCE11} %{SOURCE12} wheels/ export PIP_FIND_LINKS="%{python3_sitelib}/../wheels $PWD/wheels" pushd tests -%pytest -n auto -x +%pytest -n auto popd %endif From 7715cb62bd54436d62bc934b300f0023409c41a9c157e6f03337a8af6d31f0b0 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 6 May 2023 15:59:34 +0000 Subject: [PATCH 5/6] REmove superflous patch. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=23 --- python-build.spec | 2 -- support-pip-23.patch | 36 ------------------------------------ 2 files changed, 38 deletions(-) delete mode 100644 support-pip-23.patch diff --git a/python-build.spec b/python-build.spec index ca1b7c9..4b9d296 100644 --- a/python-build.spec +++ b/python-build.spec @@ -45,8 +45,6 @@ Patch0: 589-colorized-pip23.patch # PATCH-FIX-UPSTREAM 609-filter-out-malicious.patch gh#pypa/build!609 mcepl@suse.com # With new tarfile filters, there is now new warning Patch1: 609-filter-out-malicious.patch -# # PATCH-FIX-UPSTREAM gh#pypa/build#b52fdbd70550a9ef58e65b3376cec1e9951d2114 -# Patch0: support-pip-23.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module flit-core >= 3.4} BuildRequires: %{python_module pip} diff --git a/support-pip-23.patch b/support-pip-23.patch deleted file mode 100644 index 0089f10..0000000 --- a/support-pip-23.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b52fdbd70550a9ef58e65b3376cec1e9951d2114 Mon Sep 17 00:00:00 2001 -From: Henry Schreiner -Date: Wed, 15 Mar 2023 09:33:53 -0400 -Subject: [PATCH] tests: strip formatting from stderr (pip 23) - -Signed-off-by: Henry Schreiner ---- - tests/test_main.py | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/tests/test_main.py b/tests/test_main.py -index e924d8bd..456ff749 100644 ---- a/tests/test_main.py -+++ b/tests/test_main.py -@@ -20,6 +20,8 @@ - cwd = os.getcwd() - out = os.path.join(cwd, 'dist') - -+ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])') -+ - - @pytest.mark.parametrize( - ('cli_args', 'build_args', 'hook'), -@@ -368,8 +370,10 @@ def test_output_env_subprocess_error( - assert stdout[:4] == stdout_body - assert stdout[-1].startswith(stdout_error) - -- assert len(stderr) == 1 -- assert stderr[0].startswith('ERROR: Invalid requirement: ') -+ # Newer versions of pip also color stderr - strip them if present -+ cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip() -+ assert len(cleaned_stderr.splitlines()) == 1 -+ assert cleaned_stderr.startswith('ERROR: Invalid requirement: ') - - - @pytest.mark.parametrize( From be093e5baeac6f5e55184fe843e7a793c7afdb4947f95b5c170f159747a46099 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 6 May 2023 17:01:25 +0000 Subject: [PATCH 6/6] - Renamed patches support-pip-23.patch and support-tarfile-data-filter.patch to 589-colorized-pip23.patch and 609-filter-out-malicious.patch, respectively. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=24 --- python-build.changes | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/python-build.changes b/python-build.changes index bb03cc6..1aec82f 100644 --- a/python-build.changes +++ b/python-build.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat May 6 16:59:52 UTC 2023 - Matej Cepl + +- Renamed patches support-pip-23.patch and + support-tarfile-data-filter.patch to 589-colorized-pip23.patch + and 609-filter-out-malicious.patch, respectively. + ------------------------------------------------------------------- Tue May 2 10:52:23 UTC 2023 - Ben Greiner