Accepting request 1299256 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/1299256
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pip?expand=0&rev=71

disable-ssl-context-in-buildenv.patch

@@ -0,0 +1,30 @@
+Index: pip-24.2/src/pip/_vendor/requests/adapters.py
+===================================================================
+--- pip-24.2.orig/src/pip/_vendor/requests/adapters.py
++++ pip-24.2/src/pip/_vendor/requests/adapters.py
+@@ -81,7 +81,7 @@ try:
+     _preloaded_ssl_context.load_verify_locations(
+         extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
+     )
+-except ImportError:
++except (ImportError, FileNotFoundError, ssl.SSLError):
+     # Bypass default SSLContext creation when Python
+     # interpreter isn't built with the ssl module.
+     _preloaded_ssl_context = None
+Index: pip-24.2/src/pip/_internal/cli/index_command.py
+===================================================================
+--- pip-24.2.orig/src/pip/_internal/cli/index_command.py
++++ pip-24.2/src/pip/_internal/cli/index_command.py
+@@ -43,7 +43,11 @@ def _create_truststore_ssl_context() ->
+         return None
+ 
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+-    ctx.load_verify_locations(certifi.where())
++    try:
++        ctx.load_verify_locations(certifi.where())
++    except (FileNotFoundError, ssl.SSLError):
++        logger.warning("Disabling truststore because of missing certificates")
++        return None
+     return ctx
+ 
+ 

distutils-reproducible-compile.patch

@@ -1,17 +0,0 @@
----
- src/pip/_vendor/distlib/wheel.py |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
-===================================================================
---- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
-+++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
-@@ -567,7 +567,7 @@ class Wheel(object):
-             maker.source_dir = workdir
-             maker.target_dir = None
-             try:
--                for zinfo in zf.infolist():
-+                for zinfo in sorted(zf.infolist()):
-                     arcname = zinfo.filename
-                     if isinstance(arcname, text_type):
-                         u_arcname = arcname

flit-core.patch

@@ -0,0 +1,369 @@
+From 9abe08127cb666e9eef9e231d4bec0e89afdc830 Mon Sep 17 00:00:00 2001
+From: Damian Shaw <damian.peter.shaw@gmail.com>
+Date: Fri, 1 Aug 2025 20:59:08 -0400
+Subject: [PATCH 1/5] Use flit to build pip distributions
+
+---
+ .github/workflows/ci.yml                      |  2 +-
+ MANIFEST.in                                   | 34 -----------
+ build-project/build-requirements.in           |  2 +-
+ build-project/build-requirements.txt          | 16 +++--
+ .../html/development/architecture/anatomy.rst |  1 -
+ pyproject.toml                                | 60 +++++++++++--------
+ 6 files changed, 44 insertions(+), 71 deletions(-)
+ delete mode 100644 MANIFEST.in
+
+diff --git a/MANIFEST.in b/MANIFEST.in
+deleted file mode 100644
+index 998cb4f485e..00000000000
+--- a/MANIFEST.in
++++ /dev/null
+@@ -1,34 +0,0 @@
+-include NEWS.rst
+-include README.rst
+-include SECURITY.md
+-include pyproject.toml
+-
+-include build-project/build-requirements.in
+-include build-project/build-requirements.txt
+-include build-project/build-project.py
+-include build-project/.python-version
+-
+-include src/pip/_vendor/README.rst
+-include src/pip/_vendor/vendor.txt
+-
+-include docs/requirements.txt
+-
+-exclude .git-blame-ignore-revs
+-exclude .mailmap
+-exclude .readthedocs.yml
+-exclude .pre-commit-config.yaml
+-exclude .readthedocs-custom-redirects.yml
+-exclude noxfile.py
+-
+-recursive-include src/pip/_vendor *.pem
+-recursive-include src/pip/_vendor py.typed
+-recursive-include docs *.css *.py *.rst *.md
+-recursive-include docs *.dot *.png
+-
+-recursive-exclude src/pip/_vendor *.pyi
+-
+-prune .github
+-prune docs/build
+-prune news
+-prune tests
+-prune tools
+diff --git a/build-project/build-requirements.in b/build-project/build-requirements.in
+index 4bc215a28d0..07a76cea647 100644
+--- a/build-project/build-requirements.in
++++ b/build-project/build-requirements.in
+@@ -1,2 +1,2 @@
+ build
+-setuptools
++flit-core
+diff --git a/build-project/build-requirements.txt b/build-project/build-requirements.txt
+index c0cf0575088..65b647daf2c 100644
+--- a/build-project/build-requirements.txt
++++ b/build-project/build-requirements.txt
+@@ -8,17 +8,15 @@ build==1.2.2.post1 \
+     --hash=sha256:1d61c0887fa860c01971625baae8bdd338e517b836a2f70dd1f7aa3a6b2fc5b5 \
+     --hash=sha256:b36993e92ca9375a219c99e606a122ff365a760a2d4bba0caa09bd5278b608b7
+     # via -r build-requirements.in
+-packaging==24.2 \
+-    --hash=sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 \
+-    --hash=sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f
++flit-core==3.12.0 \
++    --hash=sha256:18f63100d6f94385c6ed57a72073443e1a71a4acb4339491615d0f16d6ff01b2 \
++    --hash=sha256:e7a0304069ea895172e3c7bb703292e992c5d1555dd1233ab7b5621b5b69e62c
++    # via -r build-requirements.in
++packaging==25.0 \
++    --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484 \
++    --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f
+     # via build
+ pyproject-hooks==1.2.0 \
+     --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8 \
+     --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913
+     # via build
+-
+-# The following packages are considered to be unsafe in a requirements file:
+-setuptools==80.9.0 \
+-    --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \
+-    --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c
+-    # via -r build-requirements.in
+diff --git a/docs/html/development/architecture/anatomy.rst b/docs/html/development/architecture/anatomy.rst
+index d5e205654ff..7a0fefbfa63 100644
+--- a/docs/html/development/architecture/anatomy.rst
++++ b/docs/html/development/architecture/anatomy.rst
+@@ -18,7 +18,6 @@ The ``README``, license, ``pyproject.toml``, and so on are in the top level.
+ 
+ * ``AUTHORS.txt``
+ * ``LICENSE.txt``
+-* ``MANIFEST.in``
+ * ``NEWS.rst``
+ * ``pyproject.toml``
+ * ``README.rst``
+diff --git a/pyproject.toml b/pyproject.toml
+index 2da4e4aa2b5..7c68cc64433 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -1,6 +1,5 @@
+ [project]
+ dynamic = ["version"]
+-
+ name = "pip"
+ description = "The PyPA recommended tool for installing Python packages."
+ readme = "README.rst"
+@@ -46,12 +45,13 @@ Source = "https://github.com/pypa/pip"
+ Changelog = "https://pip.pypa.io/en/stable/news/"
+ 
+ [build-system]
+-requires = ["setuptools>=77"]
+-build-backend = "setuptools.build_meta"
++requires = ["flit-core >=3.11,<4"]
++build-backend = "flit_core.buildapi"
+ 
+ [dependency-groups]
+ test = [
+     "cryptography",
++    "flit-core >= 3.11, < 4",
+     "freezegun",
+     "installer",
+     # pytest-subket requires 7.0+
+@@ -73,37 +73,35 @@ test = [
+ ]
+ 
+ test-common-wheels = [
++    "flit-core >= 3.11, < 4",
+     # We pin setuptools<80 because our test suite currently
+     # depends on setup.py develop to generate egg-link files.
+     "setuptools >= 40.8.0, != 60.6.0, <80",
+     "wheel",
++    "flit-core",
+     # As required by pytest-cov.
+     "coverage >= 4.4",
+     "pytest-subket >= 0.8.1",
+ ]
+ 
+-[tool.setuptools]
+-package-dir = {"" = "src"}
+-include-package-data = false
+-
+-[tool.setuptools.dynamic]
+-version = {attr = "pip.__version__"}
+-
+-[tool.setuptools.packages.find]
+-where = ["src"]
+-exclude = ["contrib", "docs", "tests*", "tasks"]
+-
+-[tool.setuptools.package-data]
+-"pip" = ["py.typed"]
+-"pip._vendor" = ["vendor.txt"]
+-"pip._vendor.certifi" = ["*.pem"]
+-"pip._vendor.distlib" = [
+-    "t32.exe",
+-    "t64.exe",
+-    "t64-arm.exe",
+-    "w32.exe",
+-    "w64.exe",
+-    "w64-arm.exe",
++[tool.flit.sdist]
++include = [
++    "NEWS.rst",
++    "SECURITY.md",
++    "build-project/.python-version",
++    "build-project/build-project.py",
++    "build-project/build-requirements.in",
++    "build-project/build-requirements.txt",
++    "docs/requirements.txt",
++    "docs/**/*.css",
++    "docs/**/*.dot",
++    "docs/**/*.md",
++    "docs/**/*.png",
++    "docs/**/*.py",
++    "docs/**/*.rst",
++]
++exclude = [
++    "src/pip/_vendor/**/*.pyi",
+ ]
+ 
+ ######################################################################################
+@@ -362,3 +360,15 @@ exclude_also = [
+     # This excludes typing-specific code, which will be validated by mypy anyway.
+     "if TYPE_CHECKING",
+ ]
++
++[tool.check-sdist]
++git-only = [
++  "tests/**",
++  "tools/**",
++  "news/.gitignore",
++  ".gitattributes",
++  ".gitignore",
++  ".git-blame-ignore-revs",
++  ".mailmap",
++  ".readthedocs-custom-redirects.yml"
++]
+
+From 95f685d279473a401314a4b583ebbcf6ce4720af Mon Sep 17 00:00:00 2001
+From: Damian Shaw <damian.peter.shaw@gmail.com>
+Date: Fri, 1 Aug 2025 20:59:19 -0400
+Subject: [PATCH 2/5] Fix tests for flit
+
+---
+ tests/functional/test_freeze.py      | 41 ++++++++++++----------------
+ tests/functional/test_self_update.py |  3 ++
+ 2 files changed, 21 insertions(+), 23 deletions(-)
+
+diff --git a/tests/functional/test_freeze.py b/tests/functional/test_freeze.py
+index 0a7cedd11cb..9883beb87fd 100644
+--- a/tests/functional/test_freeze.py
++++ b/tests/functional/test_freeze.py
+@@ -99,38 +99,33 @@ def test_freeze_with_pip(script: PipTestEnvironment) -> None:
+ 
+ def test_freeze_with_setuptools(script: PipTestEnvironment) -> None:
+     """
+-    Test that pip shows setuptools only when --all is used
+-    or _should_suppress_build_backends() returns false
++    Test that pip shows setuptools only when --all is used on Python < 3.12,
++    otherwise it should be shown in default freeze output.
+     """
+ 
+     result = script.pip("freeze", "--all")
+     assert "setuptools==" in result.stdout
+ 
+-    (script.site_packages_path / "mock.pth").write_text("import mock\n")
+-
+-    (script.site_packages_path / "mock.py").write_text(
+-        textwrap.dedent(
+-            """\
+-                import pip._internal.commands.freeze as freeze
+-                freeze._should_suppress_build_backends = lambda: False
+-            """
+-        )
+-    )
+-
++    # Test the default behavior (without --all)
+     result = script.pip("freeze")
+-    assert "setuptools==" in result.stdout
+ 
+-    (script.site_packages_path / "mock.py").write_text(
+-        textwrap.dedent(
+-            """\
+-                import pip._internal.commands.freeze as freeze
+-                freeze._should_suppress_build_backends = lambda: True
+-            """
++    should_suppress = sys.version_info < (3, 12)
++    if should_suppress:
++        # setuptools should be hidden in default freeze output
++        assert "setuptools==" not in result.stdout, (
++            f"setuptools should be suppressed in Python {sys.version_info[:2]} "
++            f"but was found in freeze output: {result.stdout}"
++        )
++    else:
++        # setuptools should be shown in default freeze output
++        assert "setuptools==" in result.stdout, (
++            f"setuptools should be shown in Python {sys.version_info[:2]} "
++            f"but was not found in freeze output: {result.stdout}"
+         )
+-    )
+ 
+-    result = script.pip("freeze")
+-    assert "setuptools==" not in result.stdout
++    # --all should always show setuptools regardless of version
++    result_all = script.pip("freeze", "--all")
++    assert "setuptools==" in result_all.stdout
+ 
+ 
+ def test_exclude_and_normalization(script: PipTestEnvironment, tmpdir: Path) -> None:
+diff --git a/tests/functional/test_self_update.py b/tests/functional/test_self_update.py
+index 1331a87c319..9019e89211d 100644
+--- a/tests/functional/test_self_update.py
++++ b/tests/functional/test_self_update.py
+@@ -8,6 +8,9 @@ def test_self_update_editable(script: Any, pip_src: Any) -> None:
+     # mode, that pip can safely update itself to an editable install.
+     # See https://github.com/pypa/pip/issues/12666 for details.
+ 
++    # Install flit-core (build backend) since we use --no-build-isolation
++    script.pip("install", "flit-core")
++
+     # Step 1. Install pip as non-editable. This is expected to succeed as
+     # the existing pip in the environment is installed in editable mode, so
+     # it only places a .pth file in the environment.
+
+From 41352dfaae2b518b361158748303bf6b6a821336 Mon Sep 17 00:00:00 2001
+From: Damian Shaw <damian.peter.shaw@gmail.com>
+Date: Fri, 1 Aug 2025 20:59:26 -0400
+Subject: [PATCH 3/5] News entry
+
+---
+ news/13743.feature.rst | 2 ++
+ 1 file changed, 2 insertions(+)
+ create mode 100644 news/13743.feature.rst
+
+diff --git a/news/13743.feature.rst b/news/13743.feature.rst
+new file mode 100644
+index 00000000000..37f7db147f8
+--- /dev/null
++++ b/news/13743.feature.rst
+@@ -0,0 +1,2 @@
++Building pip itself from source now uses flit-core instead of setuptools.
++This does not affect how pip installs or builds packages you use.
+
+From a7807befc6905429eb4127b6765283155d0e97f3 Mon Sep 17 00:00:00 2001
+From: Damian Shaw <damian.peter.shaw@gmail.com>
+Date: Sat, 2 Aug 2025 13:04:24 -0400
+Subject: [PATCH 4/5] Install flit-core offline for `test_self_update_editable`
+
+---
+ tests/functional/test_self_update.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/tests/functional/test_self_update.py b/tests/functional/test_self_update.py
+index 9019e89211d..bd09736aead 100644
+--- a/tests/functional/test_self_update.py
++++ b/tests/functional/test_self_update.py
+@@ -1,15 +1,16 @@
+ # Check that pip can update itself correctly
+ 
++from pathlib import Path
+ from typing import Any
+ 
+ 
+-def test_self_update_editable(script: Any, pip_src: Any) -> None:
++def test_self_update_editable(script: Any, pip_src: Any, common_wheels: Path) -> None:
+     # Test that if we have an environment with pip installed in non-editable
+     # mode, that pip can safely update itself to an editable install.
+     # See https://github.com/pypa/pip/issues/12666 for details.
+ 
+     # Install flit-core (build backend) since we use --no-build-isolation
+-    script.pip("install", "flit-core")
++    script.pip("install", "--no-index", "-f", common_wheels, "flit-core")
+ 
+     # Step 1. Install pip as non-editable. This is expected to succeed as
+     # the existing pip in the environment is installed in editable mode, so
+
+From d652eb9a847e061818ef07ba3e8e2f795a959c0f Mon Sep 17 00:00:00 2001
+From: Damian Shaw <damian.peter.shaw@gmail.com>
+Date: Wed, 6 Aug 2025 20:54:24 -0400
+Subject: [PATCH 5/5] Update pyproject.toml
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Co-authored-by: Stéphane Bidoul <stephane.bidoul@acsone.eu>
+---
+ pyproject.toml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/pyproject.toml b/pyproject.toml
+index 7c68cc64433..56180b9d4a0 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -78,7 +78,6 @@ test-common-wheels = [
+     # depends on setup.py develop to generate egg-link files.
+     "setuptools >= 40.8.0, != 60.6.0, <80",
+     "wheel",
+-    "flit-core",
+     # As required by pytest-cov.
+     "coverage >= 4.4",
+     "pytest-subket >= 0.8.1",

pip-24.0-gh.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ad0dfe75fb28092a8cbe18523391695ceb0c0d65a5c9a969349fcb13b12b84c7
-size 9398156

pip-25.2-gh.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d09e469f9c6d829eb5094f8369912519c025868a772077e826afd161abd67aee
+size 9121715

pip-shipped-requests-cabundle.patch

@@ -3,26 +3,32 @@
  tests/unit/test_options.py      |    5 +
  2 files changed, 13 insertions(+), 97 deletions(-)
 
---- a/src/pip/_vendor/certifi/core.py
-+++ b/src/pip/_vendor/certifi/core.py
-@@ -3,106 +3,17 @@ certifi.py
+Index: pip-25.2/src/pip/_vendor/certifi/core.py
+===================================================================
+--- pip-25.2.orig/src/pip/_vendor/certifi/core.py
++++ pip-25.2/src/pip/_vendor/certifi/core.py
+@@ -3,81 +3,14 @@ certifi.py
  ~~~~~~~~~~
  
  This module returns the installation location of cacert.pem or its contents.
 +Patched by openSUSE: return the system bundle
  """
 -import sys
- 
+-import atexit
 +def read_text(_module=None, _path=None, encoding="ascii"):
 +    with open(where(), "r", encoding=encoding) as data:
 +        return data.read()
  
--if sys.version_info >= (3, 11):
- 
--    from importlib.resources import as_file, files
+-def exit_cacert_ctx() -> None:
+-    _CACERT_CTX.__exit__(None, None, None)  # type: ignore[union-attr]
 +def where() -> str:
 +    return "/etc/ssl/ca-bundle.pem"
  
+-
+-if sys.version_info >= (3, 11):
+-
+-    from importlib.resources import as_file, files
+-
 -    _CACERT_CTX = None
 -    _CACERT_PATH = None
 -
@@ -47,13 +53,14 @@
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
 -    def contents() -> str:
 -        return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
 -
--elif sys.version_info >= (3, 7):
+-else:
 -
 -    from importlib.resources import path as get_path, read_text
 -
@@ -82,61 +89,35 @@
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
 -    def contents() -> str:
 -        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
--
--else:
--    import os
--    import types
--    from typing import Union
--
--    Package = Union[types.ModuleType, str]
--    Resource = Union[str, "os.PathLike"]
--
--    # This fallback will work for Python versions prior to 3.7 that lack the
--    # importlib.resources module but relies on the existing `where` function
--    # so won't address issues with environments like PyOxidizer that don't set
--    # __file__ on modules.
--    def read_text(
--        package: Package,
--        resource: Resource,
--        encoding: str = 'utf-8',
--        errors: str = 'strict'
--    ) -> str:
--        with open(where(), encoding=encoding) as data:
--            return data.read()
--
--    # If we don't have importlib.resources, then we will just do the old logic
--    # of assuming we're on the filesystem and munge the path directly.
--    def where() -> str:
--        f = os.path.dirname(__file__)
- 
--        return os.path.join(f, "cacert.pem")
--
--    def contents() -> str:
--        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
 +def contents() -> str:
 +    return read_text(encoding="ascii")
---- a/tests/unit/test_options.py
-+++ b/tests/unit/test_options.py
-@@ -1,4 +1,5 @@
+Index: pip-25.2/tests/unit/test_options.py
+===================================================================
+--- pip-25.2.orig/tests/unit/test_options.py
++++ pip-25.2/tests/unit/test_options.py
+@@ -1,6 +1,7 @@
+ from __future__ import annotations
+ 
  import os
 +import os.path
+ from collections.abc import Iterator
  from contextlib import contextmanager
  from optparse import Values
- from tempfile import NamedTemporaryFile
-@@ -11,6 +12,7 @@ from pip._internal.cli.main import main
+@@ -13,6 +14,7 @@ import pip._internal.configuration
+ from pip._internal.cli.main import main
  from pip._internal.commands import create_command
  from pip._internal.commands.configuration import ConfigurationCommand
- from pip._internal.exceptions import PipError
 +from pip._vendor.certifi import where
+ from pip._internal.exceptions import PipError
+ 
  from tests.lib.options_helpers import AddFakeCommandMixin
- 
- 
-@@ -618,6 +620,9 @@ class TestOptionsConfigFiles:
+@@ -621,6 +623,9 @@ class TestOptionsConfigFiles:
          else:
              assert expect == cmd._determine_file(options, need_value=False)
  

python-pip.changes

@@ -1,3 +1,282 @@
+-------------------------------------------------------------------
+Wed Aug 13 12:25:02 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- update to 25.2
+  # 25.1
+  * Drop support for Python 3.8.
+  * On python 3.14+, the pkg_resources metadata backend cannot be used
+    anymore.
+  * Hide --no-python-version-warning from CLI help and documentation
+    as it's useless since Python 2 support was removed.
+  * A warning is emitted when the deprecated pkg_resources library is
+    used to inspect and discover installed packages.
+  * Deprecate the legacy setup.py bdist_wheel mechanism. To silence
+    the warning, and future-proof their setup, users should enable
+    --use-pep517 or add a pyproject.toml file to the projects they
+    control.
+  * Using --debug also enables verbose logging.
+  * Display a transient progress bar during package installation.
+  * Add a --group option which allows installation from PEP 735
+    Dependency Groups.
+  * Use PEP 753 "Well-known Project URLs in Metadata" normalization
+    rules when identifying an equivalent project URL to replace
+    a missing Home-Page field in pip show.
+  * Add a new, experimental, pip lock command, implementing PEP 751.
+  * Resolvelib 1.1.0 fixes a known issue where pip would report a
+    ResolutionImpossible error even though there is a valid solution.
+    However, some very complex dependency resolutions that previously
+    resolved may resolve slower or fail with an ResolutionTooDeep error.
+  # 25.2
+  * Declare support for Python 3.14
+  * Automatic download resumption and retrying is enabled by default.
+  * Requires-Python error message displays version clauses in numerical
+    order.
+  * Show time taken instead of eta 0:00:00 at download completion.
+  * Remove warning when cloning from a Git reference that does not look
+    like a commit hash.
+  * pip's own licensing metadata now follows PEP 639. In addition, the
+    licenses of pip's vendored dependencies are now included in the
+    License-File metadata field and in the wheel.
+- Drop no-longer-applicable distutils-reproducible-compile.patch
+  * distlib was trimmed https://github.com/pypa/pip/pull/13342
+- Add upstream flit-core.patch to fix build
+
+-------------------------------------------------------------------
+Thu Apr 17 12:40:51 UTC 2025 - Felix Stegmeier <felix.stegmeier@suse.com>
+
+- update to 25.0.1
+  * Fix an unsupported type annotation on Python 3.10 and earlier. 
+    (#13181)
+  * Fix a regression where truststore would never be used while 
+    installing build dependencies. (#13186)
+  * Deprecate the no-python-version-warning flag as it has long done 
+    nothing since Python 2 support was removed in pip 21.0. (#13154)
+  * Prefer to display PEP 639 License-Expression in pip show if
+    metadata version is at least 2.4. (#13112)
+  * Support PEP 639 License-Expression and License-File metadata 
+    fields in JSON output. pip inspect and pip install --report now 
+    emit license_expression and license_file fields in the metadata 
+    object, if the corresponding fields are present in the installed 
+    METADATA file. (#13134)
+  * Files in the network cache will inherit the read/write permissions 
+    of pip’s cache directory (in addition to the current user retaining 
+    read/write access). This enables a single cache to be shared among 
+    multiple users. (#11012)
+  * Return the size, along with the number, of files cleared on pip 
+    cache purge and pip cache remove (#12176)
+  * Cache python-requires checks while filtering potential installation 
+    candidates. (#13128)
+  * Optimize package collection by avoiding unnecessary URL parsing and 
+    other processing. (#13132)
+  * Reorder the encoding detection when decoding a requirements file, 
+    relying on UTF-8 over the locale encoding by default, matching the 
+    documented behaviour. (#12771)
+  * The pip version self check is disabled on EXTERNALLY-MANAGED 
+    environments. (#11820)
+  * Fix a security bug allowing a specially crafted wheel to execute 
+    code during installation. (#13079)
+  * The inclusion of packaging 24.2 changes how pre-release specifiers 
+    with < and > behave. Including a pre-release version with these 
+    specifiers now implies accepting pre-releases (e.g., <2.0dev can 
+    include 1.0rc1). To avoid implying pre-releases, avoid specifying 
+    them (e.g., use <2.0). The exception is !=, which never implies 
+    pre-releases. (#13163)
+  * The --cert and --client-cert command-line options are now 
+    respected while installing build dependencies. Consequently, the 
+    private _PIP_STANDALONE_CERT environment variable is no longer 
+    used. (#5502)
+  * The --proxy command-line option is now respected while installing 
+    build dependencies. (#6018)
+
+
+-------------------------------------------------------------------
+Wed Oct 30 08:10:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.3.1:
+  * Allow multiple nested inclusions of the same requirements
+    file again.
+  * Deprecate wheel filenames that are not compliant with PEP
+    440.
+  * Detect recursively referencing requirements files and help
+    users identify the source.
+  * Support for PEP 730 iOS wheels.
+  * Display a better error message when an already installed
+    package has an invalid requirement.
+  * Ignore PIP_TARGET and pip.conf global.target when preparing a
+    build environment.
+  * Restore support for macOS 10.12 and older (via truststore).
+  * Allow installing pip in editable mode in a virtual
+    environment on Windows.
+  * Upgrade certifi to 2024.8.30
+  * Upgrade distlib to 0.3.9
+  * Upgrade truststore to 0.10.0
+  * Upgrade urllib3 to 1.26.20
+
+-------------------------------------------------------------------
+Mon Sep 23 11:21:24 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Adapt disable-ssl-context-in-buildenv.patch to make it compatible
+  with leap
+
+-------------------------------------------------------------------
+Mon Aug 12 16:49:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.2:
+  * Deprecate pip install --editable falling back to setup.py
+    develop when using a setuptools version that does not support
+    PEP 660 (setuptools v63 and older).
+  * Check unsupported packages for the current platform. (#11054)
+  * Check unsupported packages for the current platform.
+  * Use system certificates and certifi certificates to verify
+    HTTPS connections on Python 3.10+. Python 3.9 and earlier
+    only use certifi. To revert to previous behaviour, pass the
+    flag --use-deprecated=legacy-certs. (#11647)
+  * Use system certificates and certifi certificates to verify
+    HTTPS connections on Python 3.10+. Python 3.9 and earlier
+    only use certifi.
+  * To revert to previous behaviour, pass the flag --use-
+    deprecated=legacy-certs.
+  * Improve discovery performance of installed packages when the
+    importlib.metadata backend is used to load distribution
+    metadata (used by default under Python 3.11+). (#12656)
+  * Improve discovery performance of installed packages when the
+    importlib.metadata backend is used to load distribution
+    metadata (used by default under Python 3.11+).
+  * Improve performance when the same requirement string appears
+    many times during resolution, by consistently caching the
+    parsed requirement string. (#12663)
+  * Improve performance when the same requirement string appears
+    many times during resolution, by consistently caching the
+    parsed requirement string.
+  * Minor performance improvement of finding applicable package
+    candidates by not repeatedly calculating their versions
+    (#12664)
+  * Minor performance improvement of finding applicable package
+    candidates by not repeatedly calculating their versions
+  * Disable pip's self version check when invoking a pip
+    subprocess to install PEP 517 build requirements. (#12683)
+  * Disable pip's self version check when invoking a pip
+    subprocess to install PEP 517 build requirements.
+  * Improve dependency resolution performance by caching platform
+    compatibility tags during wheel cache lookup. (#12712)
+  * Improve dependency resolution performance by caching platform
+    compatibility tags during wheel cache lookup.
+  * wheel is no longer explicitly listed as a build dependency of
+    pip. setuptools injects this dependency in the
+    get_requires_for_build_wheel() hook and no longer needs it on
+    newer versions. (#12728)
+  * wheel is no longer explicitly listed as a build dependency of
+    pip. setuptools injects this dependency in the
+    get_requires_for_build_wheel() hook and no longer needs it on
+    newer versions.
+  * Ignore --require-virtualenv for pip check and pip freeze
+    (#12842)
+  * Ignore --require-virtualenv for pip check and pip freeze
+  * Improve package download and install performance. Increase
+    chunk sizes when downloading (256 kB, up from 10 kB) and
+    reading files (1 MB, up from 8 kB). This reduces the
+    frequency of updates to pip's progress bar. (#12810)
+  * Improve package download and install performance.
+  * Increase chunk sizes when downloading (256 kB, up from 10 kB)
+    and reading files (1 MB, up from 8 kB). This reduces the
+    frequency of updates to pip's progress bar.
+  * Improve pip install performance. Files are now extracted in
+    1MB blocks, or in one block matching the file size for
+    smaller files. A decompressor is no longer instantiated when
+    extracting 0 bytes files, it is not necessary because there
+    is no data to decompress. (#12803)
+  * Improve pip install performance.
+  * Files are now extracted in 1MB blocks, or in one block
+    matching the file size for smaller files. A decompressor is
+    no longer instantiated when extracting 0 bytes files, it is
+    not necessary because there is no data to decompress.
+  * Set no_color to global rich.Console instance.
+  * Fix resolution to respect --python-version when checking
+    Requires-Python.
+  * Perform hash comparisons in a case-insensitive manner.
+  * Avoid dlopen failure for glibc detection in musl builds
+  * Avoid keyring logging crashes when pip is run in verbose
+    mode.
+  * Fix finding hardlink targets in tar files with an ignored
+    top-level directory.
+  * Improve pip install performance by only creating required
+    parent directories once, instead of before extracting every
+    file in the wheel.
+  * Improve pip install performance by calculating installed
+    packages printout in linear time instead of quadratic time.
+  * Remove vendored tenacity.
+  * Update the preload list for the DEBUNDLED case, to replace
+    pep517 that has been renamed to pyproject_hooks.
+  * Use tomllib from the stdlib if available, rather than tomli
+  * Upgrade certifi to 2024.7.4
+  * Upgrade platformdirs to 4.2.2
+  * Upgrade pygments to 2.18.0
+  * Upgrade setuptools to 70.3.0
+  * Upgrade typing_extensions to 4.12.2
+  * Correct —-ignore-conflicts (including an em dash) to
+    --ignore-conflicts.
+  * Fix finding hardlink targets in tar files with an ignored
+    top-level directory.
+- add disable-ssl-context-in-buildenv.patch: treat missing
+  ca-certificates as "ssl not available" for buildenvs
+
+-------------------------------------------------------------------
+Sun Jun 30 18:45:16 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.1.1:
+  * Actually use system trust stores when the truststore feature
+    is enabled.
+  * Report informative messages about invalid requirements.
+  * Eagerly import the self version check logic to avoid crashes
+    while upgrading or downgrading pip at the same time.
+  * Accommodate for mismatches between different sources of truth
+    for extra names, for packages generated by setuptools.
+  * Accommodate for development versions of CPython ending in +
+    in the version string.
+  * requests provides optional character detection support on
+    some APIs when processing ambiguous bytes. This isn't
+    relevant for pip to function and we're able to remove it due
+    to recent upstream changes.
+  * Drop support for EOL Python 3.7.
+  * Remove support for legacy versions and dependency specifiers.
+  * Packages with non standard-compliant versions or dependency
+    specifiers are now ignored by the resolver. Already installed
+    packages with non standard-compliant versions or dependency
+    specifiers must be uninstalled before upgrading them.
+  * Improve performance of resolution of large dependency trees,
+    with more caching.
+  * Further improve resolution performance of large dependency
+    trees, by caching hash calculations.
+  * Reduce startup time of commands (e.g. show, freeze) that do
+    not access the network by 15-30%.
+  * Reword and improve presentation of uninstallation errors.
+  * Add a 'raw' progress_bar type for simple and parsable
+    download progress reports
+  * pip list no longer performs the pip version check unless
+    --outdated or --uptodate is given.
+  * Use the data_filter when extracting tarballs, if it's
+    available.
+  * Display the Project-URL value under key "Home-page" in pip
+    show when the Home-Page metadata field is not set.
+  * The Project-URL key detection is case-insensitive, and
+    ignores any dashes and underscores.
+  * Ensure -vv gets passed to any pip install build environment
+    subprocesses.
+  * Deduplicate entries in the Requires field of pip show.
+  * Fix error on checkout for subversion and bazaar with verbose
+    mode on.
+  * Fix exception with completions when COMP_CWORD is not set
+  * Fix intermittent "cannot locate t64.exe" errors when
+    upgrading pip.
+  * Remove duplication in invalid wheel error message
+  * Remove the incorrect pip3.x console entrypoint from the pip
+    wheel. This console script continues to be generated by pip
+    when it installs itself.
+  * Gracefully skip VCS detection in pip freeze when PATH points
+    to a non-directory path.
+  * Make the --proxy parameter take precedence over environment
+    variables.
+
 -------------------------------------------------------------------
 Sun Apr 28 19:10:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

python-pip.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-pip
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,12 +29,11 @@
 %else
 %bcond_with libalternatives
 %endif
-
 # in order to avoid rewriting for subpackage generator
 %define mypython python
 %{?sle15_python_module_pythons}
 Name:           python-pip%{psuffix}
-Version:        24.0
+Version:        25.2
 Release:        0
 Summary:        A Python package management system
 License:        MIT
@@ -43,11 +42,13 @@ URL:            https://pip.pypa.io
 Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
 # PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package
 Patch0:         pip-shipped-requests-cabundle.patch
-# PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
-# To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
-Patch1:         distutils-reproducible-compile.patch
-BuildRequires:  %{python_module base >= 3.7}
-BuildRequires:  %{python_module setuptools >= 40.8.0}
+# PATCH-FIX-OPENSUSE: deal missing ca-certificates as "ssl not available"
+Patch1:         disable-ssl-context-in-buildenv.patch
+# PATCH-FIX-UPSTREAM https://github.com/pypa/pip/pull/13473 Use flit-core to build pip distributions
+# setuptools was unable to handle the new license expression for some reason
+Patch2:         flit-core.patch
+BuildRequires:  %{python_module base >= 3.9}
+BuildRequires:  %{python_module flit-core >= 3.11}
 # The rpm python-wheel build is bootstrap friendly since 0.42
 BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
@@ -64,20 +65,21 @@ Requires(post): update-alternatives
 Requires(postun): update-alternatives
 %endif
 %if %{with test}
-# Test requirements:
-BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module PyYAML}
 BuildRequires:  %{python_module Werkzeug}
 BuildRequires:  %{python_module cryptography}
-BuildRequires:  %{python_module docutils}
 BuildRequires:  %{python_module freezegun}
 BuildRequires:  %{python_module installer}
+# Test requirements:
+BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest-socket}
+BuildRequires:  %{python_module pytest-xdist}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module scripttest}
 BuildRequires:  %{python_module setuptools-wheel}
 BuildRequires:  %{python_module virtualenv >= 1.10}
-BuildRequires:  ca-certificates
+BuildRequires:  ca-certificates-mozilla
 BuildRequires:  git-core
 %endif
 %python_subpackages
@@ -100,8 +102,6 @@ the wheel needs to be used directly in test or install setups
 # Exception: Use our own cabundle. Adapted patch from python-certifi package
 %autosetup -p1 -n pip-%{version}
 
-rm src/pip/_vendor/certifi/cacert.pem
-
 %if %{with test}
 mkdir -p tests/data/common_wheels
 %python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
@@ -114,7 +114,6 @@ done
 # Remove windows executable binaries
 # bsc#1212015
 rm -v src/pip/_vendor/distlib/*.exe
-sed -i '/\.exe/d' setup.py
 
 %build
 %if !%{with test}
@@ -136,7 +135,7 @@ install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
 }
 
 %{python_expand # Fix shebang path for "pip3.XX" binaries
-sed -i "1s|#\!.*python.*|#\!/usr/bin/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
+sed -i "1s|#\!.*python.*|#\!%{_bindir}/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
 }
 
 %python_clone -a %{buildroot}%{_bindir}/pip