From ace4ab3762416c5479f3d92883819044bcd431fe6a3e41582bb3be3ffa96eb53 Mon Sep 17 00:00:00 2001
From: Steve Kowalik <steven.kowalik@suse.com>
Date: Wed, 20 Sep 2023 07:51:39 +0000
Subject: [PATCH] - Update to 1.0.3:   * Avoid CPython 3.8.17, 3.9.17, 3.10.12,
 and 3.11.4 tarfile symlink bug     triggered by adding data_filter in 1.0.0. 
  * Removed the toml library fallback; toml can no longer be used as a    
 substitute for tomli   * Added runner parameter to
 util.project_wheel_metadata   * Modified ProjectBuilder constructor
 signature, added alternative     ProjectBuilder.from_env constructor,
 redefined env.IsolatedEnv interface,     and exposed env.DefaultIsolatedEnv,
 replacing env.IsolatedEnvBuilder.   * virtualenv is no longer imported when
 using -n, for faster builds   * The SDist now contains the repository
 contents, including tests.     Flit-core 3.8+ required.   * The minimum
 version of importlib-metadata has been increased to 4.6 and     Python 3.10
 due to a bug in the standard library version with URL     requirements in
 extras.   * Tests now contain a network marker   * Config-settings are now
 passed to get_requires* hooks, fixing a long     standing bug.   * Test on
 Python 3.12 betas/RCs   * Filter out malicious files when extracting tar
 archives when Python     supports it   * Specify encoding, fixing issues when
 PYTHONWARNDEFAULTENCODING is set. - Drop patches 589-colorized-pip23.patch,
 609-filter-out-malicious.patch:   * Included upstream. - Add runtests.py
 which chdirs before running tests, but after the macros   have polluted the
 current working directory, avoiding test failures.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-build?expand=0&rev=26
---
 589-colorized-pip23.patch      | 36 ------------------
 609-filter-out-malicious.patch | 68 ----------------------------------
 build-0.10.0.tar.gz            |  3 --
 build-1.0.3.tar.gz             |  3 ++
 python-build.changes           | 30 +++++++++++++++
 python-build.spec              | 21 +++--------
 runtests.py                    |  8 ++++
 7 files changed, 47 insertions(+), 122 deletions(-)
 delete mode 100644 589-colorized-pip23.patch
 delete mode 100644 609-filter-out-malicious.patch
 delete mode 100644 build-0.10.0.tar.gz
 create mode 100644 build-1.0.3.tar.gz
 create mode 100644 runtests.py

diff --git a/589-colorized-pip23.patch b/589-colorized-pip23.patch
deleted file mode 100644
index 9f533aa..0000000
--- a/589-colorized-pip23.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 4f5362fccc908820574fdbac2f6b6871c0f371c5 Mon Sep 17 00:00:00 2001
-From: Henry Schreiner <henryschreineriii@gmail.com>
-Date: Wed, 15 Mar 2023 09:33:53 -0400
-Subject: [PATCH] tests: strip formatting from stderr (pip 23)
-
-Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
----
- tests/test_main.py | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/tests/test_main.py b/tests/test_main.py
-index e924d8bd..456ff749 100644
---- a/tests/test_main.py
-+++ b/tests/test_main.py
-@@ -20,6 +20,8 @@
- cwd = os.getcwd()
- out = os.path.join(cwd, 'dist')
- 
-+ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
-+
- 
- @pytest.mark.parametrize(
-     ('cli_args', 'build_args', 'hook'),
-@@ -368,8 +370,10 @@ def test_output_env_subprocess_error(
-     assert stdout[:4] == stdout_body
-     assert stdout[-1].startswith(stdout_error)
- 
--    assert len(stderr) == 1
--    assert stderr[0].startswith('ERROR: Invalid requirement: ')
-+    # Newer versions of pip also color stderr - strip them if present
-+    cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip()
-+    assert len(cleaned_stderr.splitlines()) == 1
-+    assert cleaned_stderr.startswith('ERROR: Invalid requirement: ')
- 
- 
- @pytest.mark.parametrize(
diff --git a/609-filter-out-malicious.patch b/609-filter-out-malicious.patch
deleted file mode 100644
index 7ae4d70..0000000
--- a/609-filter-out-malicious.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 083fde33e7593d8ff9add04bd4d237a3ddcbfe44 Mon Sep 17 00:00:00 2001
-From: layday <layday@protonmail.com>
-Date: Fri, 28 Apr 2023 15:22:53 +0300
-Subject: [PATCH] main: filter out malicious files when extracting tar archives
-
-See https://peps.python.org/pep-0706/.
----
- src/build/__main__.py |    5 +++--
- src/build/util.py     |   14 +++++++++++++-
- 2 files changed, 16 insertions(+), 3 deletions(-)
-
---- a/src/build/__main__.py
-+++ b/src/build/__main__.py
-@@ -9,7 +9,6 @@ import platform
- import shutil
- import subprocess
- import sys
--import tarfile
- import tempfile
- import textwrap
- import traceback
-@@ -228,6 +227,8 @@ def build_package_via_sdist(
-     :param isolation: Isolate the build in a separate environment
-     :param skip_dependency_check: Do not perform the dependency check
-     """
-+    from .util import TarFile
-+
-     if 'sdist' in distributions:
-         raise ValueError('Only binary distributions are allowed but sdist was specified')
- 
-@@ -238,7 +239,7 @@ def build_package_via_sdist(
-     sdist_out = tempfile.mkdtemp(prefix='build-via-sdist-')
-     built: list[str] = []
-     # extract sdist
--    with tarfile.open(sdist) as t:
-+    with TarFile.open(sdist) as t:
-         t.extractall(sdist_out)
-         try:
-             builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')]))
---- a/src/build/util.py
-+++ b/src/build/util.py
-@@ -5,6 +5,7 @@ from __future__ import annotations
- import os
- import pathlib
- import sys
-+import tarfile
- import tempfile
- 
- import pyproject_hooks
-@@ -56,6 +57,17 @@ def project_wheel_metadata(
-         return _project_wheel_metadata(builder)
- 
- 
-+# Per https://peps.python.org/pep-0706/, the "data" filter will become
-+# the default in Python 3.14.
-+if sys.version_info >= (3, 12) and sys.version_info < (3, 14):
-+
-+    class TarFile(tarfile.TarFile):
-+        extraction_filter = tarfile.data_filter
-+
-+else:
-+    TarFile = tarfile.TarFile
-+
-+
- __all__ = [
--    'project_wheel_metadata',
-+    'project_wheel_metadata', 'TarFile',
- ]
diff --git a/build-0.10.0.tar.gz b/build-0.10.0.tar.gz
deleted file mode 100644
index 23edba3..0000000
--- a/build-0.10.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0cbeebaa6047cf8bfc82451038479e41d6cf1e196126a8a110991b1173b39390
-size 41509
diff --git a/build-1.0.3.tar.gz b/build-1.0.3.tar.gz
new file mode 100644
index 0000000..3a704ac
--- /dev/null
+++ b/build-1.0.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f9201228d0af78aac3c672e89a81749a001d8d7f448cf9196d93cce8d5ee45a
+size 43412
diff --git a/python-build.changes b/python-build.changes
index 1aec82f..d8abe71 100644
--- a/python-build.changes
+++ b/python-build.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Wed Sep 20 07:50:56 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 1.0.3:
+  * Avoid CPython 3.8.17, 3.9.17, 3.10.12, and 3.11.4 tarfile symlink bug
+    triggered by adding data_filter in 1.0.0.
+  * Removed the toml library fallback; toml can no longer be used as a
+    substitute for tomli
+  * Added runner parameter to util.project_wheel_metadata
+  * Modified ProjectBuilder constructor signature, added alternative
+    ProjectBuilder.from_env constructor, redefined env.IsolatedEnv interface,
+    and exposed env.DefaultIsolatedEnv, replacing env.IsolatedEnvBuilder.
+  * virtualenv is no longer imported when using -n, for faster builds
+  * The SDist now contains the repository contents, including tests.
+    Flit-core 3.8+ required.
+  * The minimum version of importlib-metadata has been increased to 4.6 and
+    Python 3.10 due to a bug in the standard library version with URL
+    requirements in extras.
+  * Tests now contain a network marker
+  * Config-settings are now passed to get_requires* hooks, fixing a long
+    standing bug.
+  * Test on Python 3.12 betas/RCs
+  * Filter out malicious files when extracting tar archives when Python
+    supports it
+  * Specify encoding, fixing issues when PYTHONWARNDEFAULTENCODING is set.
+- Drop patches 589-colorized-pip23.patch, 609-filter-out-malicious.patch:
+  * Included upstream.
+- Add runtests.py which chdirs before running tests, but after the macros
+  have polluted the current working directory, avoiding test failures.
+
 -------------------------------------------------------------------
 Sat May  6 16:59:52 UTC 2023 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python-build.spec b/python-build.spec
index 4b9d296..078207e 100644
--- a/python-build.spec
+++ b/python-build.spec
@@ -29,24 +29,19 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-build%{psuffix}
-Version:        0.10.0
+Version:        1.0.3
 Release:        0
 Summary:        Simple PEP517 package builder
 License:        MIT
 URL:            https://github.com/pypa/build
 Source0:        https://github.com/pypa/build/archive/%{version}.tar.gz#/build-%{version}.tar.gz
-# Needs the wheels for wheel, flit-core, pytoml, and tomli for testing
+# Needs the wheels for wheel, flit-core, and tomli for testing
 Source10:       https://files.pythonhosted.org/packages/py2.py3/w/wheel/wheel-0.37.1-py2.py3-none-any.whl
 Source11:       https://files.pythonhosted.org/packages/py3/f/flit-core/flit_core-3.8.0-py3-none-any.whl
 Source12:       https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl
-# PATCH-FIX-UPSTREAM 589-colorized-pip23.patch gh#pypa/build#587 mcepl@suse.com
-# Different style of colouring in pip 23 (actually I see it even with pip 22)
-Patch0:         589-colorized-pip23.patch
-# PATCH-FIX-UPSTREAM 609-filter-out-malicious.patch gh#pypa/build!609 mcepl@suse.com
-# With new tarfile filters, there is now new warning
-Patch1:         609-filter-out-malicious.patch
+Source14:       runtests.py
 BuildRequires:  %{python_module base >= 3.7}
-BuildRequires:  %{python_module flit-core >= 3.4}
+BuildRequires:  %{python_module flit-core >= 3.8}
 BuildRequires:  %{python_module pip}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
@@ -67,7 +62,6 @@ BuildRequires:  %{python_module pytest-rerunfailures >= 9.1}
 BuildRequires:  %{python_module pytest-xdist >= 1.34}
 BuildRequires:  %{python_module setuptools >= 42 if %python-base < 3.10}
 BuildRequires:  %{python_module setuptools >= 56 if %python-base >= 3.11}
-BuildRequires:  %{python_module toml >= 0.10.0}
 BuildRequires:  %{python_module wheel >= 0.36}
 BuildRequires:  python3-setuptools-wheel
 %endif
@@ -79,8 +73,6 @@ It is a simple build tool and does not perform any dependency management.
 
 %prep
 %autosetup -p1 -n build-%{version}
-# until we have gh#pypa/build#609
-sed -i '/"error",/ a \  "ignore::DeprecationWarning:tarfile",' pyproject.toml
 
 %if !%{with test}
 %build
@@ -94,12 +86,11 @@ sed -i '/"error",/ a \  "ignore::DeprecationWarning:tarfile",' pyproject.toml
 
 %if %{with test}
 %check
+cp %{SOURCE14} .
 mkdir -p wheels
 cp %{SOURCE10} %{SOURCE11} %{SOURCE12} wheels/
 export PIP_FIND_LINKS="%{python3_sitelib}/../wheels $PWD/wheels"
-pushd tests
-%pytest -n auto
-popd
+%python_exec runtests.py
 %endif
 
 %if !%{with test}
diff --git a/runtests.py b/runtests.py
new file mode 100644
index 0000000..8b48724
--- /dev/null
+++ b/runtests.py
@@ -0,0 +1,8 @@
+#!/usr/bin/python3
+
+import os
+import pathlib
+import pytest
+
+os.chdir(pathlib.Path.cwd() / "tests")
+pytest.main(["-v", "-n", "auto"])