From c5958d98a44f91ac99dca7e34f2fdd7474798c663b2e32f09ae5d6fc6d82a3d2 Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Wed, 4 Feb 2026 14:12:11 +0000
Subject: [PATCH] - migrate to libalternatives - Update to version 6.18.0   -
 Store all available hashes of files.   - Validate hashes of all files during
 devpi-import, not only     releases.   ## Bug Fixes   - Apply argparse
 transformations on values read from config file or     environment.   -
 Restore Python and platform info in user agent string after switch     to
 httpx.   - Remove all database entries on project deletion instead of only   
  emptying them.   - Fix error at end of replica streaming caused by changed
 behavior     from switch to httpx.   - Fix #1102: The data stream was cut off
 after 64k when proxying     from replica to primary after switching to httpx.
   - Fix #1107: retry file downloads if there has been an error during    
 download.   # Other Changes   - The filenames of some exported doczip files
 change due to     normalization of the project name caused by changing the
 internals     during export to allow ``--hard-links`` to work. - 6.17.0
 (2025-08-27)   ## Deprecations and Removals   - Dropped support for migrating
 old password hashes that were     replaced in devpi-server 4.2.0.   - Removed
 support for basic authorization in primary URL. The     connection is already
 secured by a bearer token header.   - Removed the experimental
 ``--replica-cert`` option. The replica is     already using a token via a
 shared secret, so this is redundant.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-devpi-server?expand=0&rev=32
---
 devpi_server-6.11.0.tar.gz  |   3 -
 devpi_server-6.18.0.tar.gz  |   3 +
 python-devpi-server.changes | 136 ++++++++++++++++++++++++++++++++++++
 python-devpi-server.spec    |  24 +++++--
 4 files changed, 158 insertions(+), 8 deletions(-)
 delete mode 100644 devpi_server-6.11.0.tar.gz
 create mode 100644 devpi_server-6.18.0.tar.gz

diff --git a/devpi_server-6.11.0.tar.gz b/devpi_server-6.11.0.tar.gz
deleted file mode 100644
index 4064245..0000000
--- a/devpi_server-6.11.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e8e32d1f1978e85843b29dc9a8c4446a054287ef2b90fa25f4fb3d8978be9c76
-size 266378
diff --git a/devpi_server-6.18.0.tar.gz b/devpi_server-6.18.0.tar.gz
new file mode 100644
index 0000000..bbad780
--- /dev/null
+++ b/devpi_server-6.18.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8a38248e9cf4b144f2cacd89ca32a56bbf8d592ae17c2abffb72f403073e9558
+size 298393
diff --git a/python-devpi-server.changes b/python-devpi-server.changes
index 5b3e2ab..d8cdc99 100644
--- a/python-devpi-server.changes
+++ b/python-devpi-server.changes
@@ -1,3 +1,139 @@
+-------------------------------------------------------------------
+Wed Feb  4 13:24:48 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
+
+- migrate to libalternatives
+- Update to version 6.18.0
+  - Store all available hashes of files.
+  - Validate hashes of all files during devpi-import, not only
+    releases.
+  ## Bug Fixes
+  - Apply argparse transformations on values read from config file or
+    environment.
+  - Restore Python and platform info in user agent string after switch
+    to httpx.
+  - Remove all database entries on project deletion instead of only
+    emptying them.
+  - Fix error at end of replica streaming caused by changed behavior
+    from switch to httpx.
+  - Fix #1102: The data stream was cut off after 64k when proxying
+    from replica to primary after switching to httpx.
+  - Fix #1107: retry file downloads if there has been an error during
+    download.
+  # Other Changes
+  - The filenames of some exported doczip files change due to
+    normalization of the project name caused by changing the internals
+    during export to allow ``--hard-links`` to work.
+
+- 6.17.0 (2025-08-27)
+  ## Deprecations and Removals
+  - Dropped support for migrating old password hashes that were
+    replaced in devpi-server 4.2.0.
+  - Removed support for basic authorization in primary URL. The
+    connection is already secured by a bearer token header.
+  - Removed the experimental ``--replica-cert`` option. The replica is
+    already using a token via a shared secret, so this is redundant.
+  - Removed ``--replica-max-retries`` option. It wasn't implemented
+    for async_httpget and didn't work correctly when streaming data.
+  ## Features
+  - Use httpx for all data fetching for mirrors and fetch projects
+    list asynchronously to allow update in background even after a
+    timeout.
+  - Use httpx instead of requests when proxying from replicas to
+    primary.
+  - Use httpx for all requests from replicas to primary.
+  - Use httpx when pushing releases to external index.
+  - Added ``mirror_ignore_serial_header`` mirror index option, which
+    allows switching from PyPI to a mirror without serials header when
+    set to ``True``, otherwise only stale links will be served and no
+    updates be stored.
+  - The HTTP cache information for mirrored projects is persisted and
+    re-used on server restarts.
+  - Added ``--file-replication-skip-indexes`` option to skip file
+    replication for ``all``, by index type (i.e. ``mirror``) or index
+    name (i.e. ``root/pypi``).
+  ## Bug Fixes
+  - Correctly handle lists for ``Provides-Extra`` and ``License-File``
+    metadata in database.
+  - Fix traceback by returning 401 error code when using wrong
+    password with a user that was created using an authentication
+    plugin like devpi-ldap which passes authentication through in that
+    case.
+  - Fix #1053: allow users to update their passwords when
+    ``--restrict-modify`` is used.
+  - Fix #1097: return 404 when trying to POST to +simple.
+  ## Other Changes
+  - Changed User-Agent when fetching data for mirrors from just
+    "server" to "devpi-server".
+
+- 6.16.0 (2025-06-25)
+  ## Deprecations and Removals
+  - Dropped support for Python 3.7 and 3.8.
+  ## Features
+  - Update stored package metadata fields to version 2.4 for license
+    expressions (PEP 639).
+  ## Bug Fixes
+  - Preserve hash when importing mirror data to prevent unnecessary
+    updates later on.
+  - Keep original metadata_version in database.
+
+- 6.15.0 (2025-05-18)
+  ## Features
+  - Add ``--connection-limit`` option to devpi-server passed on to
+    waitress.
+
+- 6.14.0 (2024-10-16)
+  ## Features
+  - Allow pushing of versions which only have documentation and no
+    releases.
+  - Allow pushing of release files only with no documentation.
+    Requires devpi-client 7.2.0.
+  - Allow pushing of documentation only with no release files.
+    Requires devpi-client 7.2.0.
+  ## Bug Fixes
+  - No longer automatically "register" a project when pushing releases
+    to PyPI. The reply changed from HTTP status 410 to 400 breaking
+    the upload. With devpi-client 7.2.0 there is a
+    ``--register-project`` option if it is still required for some
+    other package registry.
+
+- 6.13.0 (2024-09-19)
+  ## Deprecations and Removals
+  - Remove/Deprecate "master" related terminology in favor of "primary".
+    Usage related changes are the switch to ``--primary-url`` instead
+    of ``--master-url`` and ``--role=primary`` instead of
+    ``--role=master``. Using the old terms will now output warnings.
+    The ``+status`` API has additional fields and the ``role`` field
+    content will change with 7.0.0.
+  ## Features
+  - Enable logging command line options for all commands.
+  - Added support uv pip as an installer.
+  ## Bug Fixes
+  - Don't report on lagging event processing while replicating.
+  - Report primary serial correctly with streaming replication.
+  - Don't store file data in memory when fetching a release while
+    pushing from a mirror.
+  - Only warn about replica not being in sync instead of fatal status
+    while still replicating.
+
+- 6.12.1 (2024-07-24)
+  ## Bug Fixes
+  - Support Python 3.13 by depending on legacy-cgi.
+  - Preserve query string when proxying requests from replica to
+    primary. This fixes force removal on non-volatile indexes and
+    probably other bugs.
+  - Fix #1044: Correctly update cache expiry time when mirrored server
+    returns 304 Not Modified.
+
+- 6.12.0 (2024-06-25)
+  ## Features
+  - Added ``devpiserver_on_toxresult_store`` hook to allow blocking or
+    skipping a toxresult upload on more specific conditions as
+    ``acl_toxresult_upload`` would allow.
+  - Added ``devpiserver_on_toxresult_upload_forbidden`` hook to allow
+    returning a custom message and result (403 or 200).
+  ## Bug Fixes
+  - Return json data if toxresult upload is forbidden.
+
 -------------------------------------------------------------------
 Thu Sep 25 04:39:49 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
 
diff --git a/python-devpi-server.spec b/python-devpi-server.spec
index f850028..5326f16 100644
--- a/python-devpi-server.spec
+++ b/python-devpi-server.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-devpi-server
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,17 @@
 #
 
 
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
+
 %define commands export fsck gen-config import init passwd server gen-secret
 
 %{?sle15_python_module_pythons}
 Name:           python-devpi-server
-Version:        6.11.0
+Version:        6.18.0
 Release:        0
 Summary:        Private PyPI caching server
 License:        MIT
@@ -32,7 +38,6 @@ BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-aiohttp
 Requires:       python-argon2-cffi >= 16.2
 Requires:       python-attrs
 Requires:       python-defusedxml
@@ -50,8 +55,13 @@ Requires:       python-repoze.lru >= 0.6
 Requires:       python-ruamel.yaml >= 0.15.94
 Requires:       python-strictyaml
 Requires:       python-waitress >= 1.0.1
+%if %{with libalternatives}
+Requires:       alts
+BuildRequires:  alts
+%else
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
+%endif
 # nginx tests failing when not skipped, likely due to rpmbuild environment
 Suggests:       nginx
 Suggests:       python-WebTest
@@ -60,7 +70,6 @@ Suggests:       python-beautifulsoup4
 BuildArch:      noarch
 # SECTION test requirements
 BuildRequires:  %{python_module WebTest}
-BuildRequires:  %{python_module aiohttp}
 BuildRequires:  %{python_module argon2-cffi >= 16.2}
 BuildRequires:  %{python_module attrs}
 BuildRequires:  %{python_module beautifulsoup4}
@@ -89,7 +98,6 @@ inherit packages from each other or from the pypi.org site.
 
 %prep
 %setup -q -n devpi_server-%{version}
-sed -i "s/ruamel.yaml<=[^']*,/ruamel.yaml/g" setup.py
 sed -i "s/--flake8//" tox.ini
 
 %build
@@ -117,6 +125,12 @@ export PYTHONPATH=:%{buildroot}%{$python_sitelib}
 $python -m pytest --ignore test_devpi_server -k "not ($donttest)" %{buildroot}%{$python_sitelib}/test_devpi_server
 }
 
+%pre
+# removing old update-alternatives entries
+for c in %{commands}; do
+%python_libalternatives_reset_alternative devpi-$c
+done
+
 %post
 for c in %{commands}; do
   %python_install_alternative devpi-$c