From c959b126b7e64d6a0890aa07c015036307935abe954e7b196e0c9cc931072ff5 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Thu, 18 Sep 2025 01:37:33 +0000 Subject: [PATCH] - Update to 6.2.0: * Features: + Refresh short-lived PyPI token in long running Trusted Publishing uploads. * Bugfixes + Fix compatibility kludge for invalid License-File metadata entries emitted by build backends to work also with packaging version 24.0. + Fix a couple of incorrectly rendered error messages. + twine now enforces keyring >= 21.2.0. + twine now catches configparser.Error to prevent accidental leaks of secret tokens or passwords to the user's console. * Deprecations and Removals: + Remove hacks that support --skip-existing for indexes other than PyPI and TestPyPI. + Remove support for MD5 digests during uploads. - Drop patch skip-unsupported-Metadata-Version-test.patch, merged upstream. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-twine?expand=0&rev=53 --- .gitattributes | 23 ++ .gitignore | 1 + 0001-remove-disable-socket-pytest-opt.patch | 14 + python-twine.changes | 343 ++++++++++++++++++++ python-twine.spec | 117 +++++++ twine-6.2.0.tar.gz | 3 + 6 files changed, 501 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-remove-disable-socket-pytest-opt.patch create mode 100644 python-twine.changes create mode 100644 python-twine.spec create mode 100644 twine-6.2.0.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-remove-disable-socket-pytest-opt.patch b/0001-remove-disable-socket-pytest-opt.patch new file mode 100644 index 0000000..b91b8a2 --- /dev/null +++ b/0001-remove-disable-socket-pytest-opt.patch @@ -0,0 +1,14 @@ +Only in twine-3.4.1: .coverage +Only in twine-3.4.1: .pytest_cache +--- + pytest.ini | 1 - + 1 file changed, 1 deletion(-) + +--- a/pytest.ini ++++ b/pytest.ini +@@ -6,5 +6,4 @@ filterwarnings= + ignore:the imp module is deprecated::setuptools + + addopts = +- --disable-socket + --ignore-glob '*integration*.py' diff --git a/python-twine.changes b/python-twine.changes new file mode 100644 index 0000000..cf28670 --- /dev/null +++ b/python-twine.changes @@ -0,0 +1,343 @@ +------------------------------------------------------------------- +Thu Sep 18 01:35:42 UTC 2025 - Steve Kowalik + +- Update to 6.2.0: + * Features: + + Refresh short-lived PyPI token in long running Trusted Publishing + uploads. + * Bugfixes + + Fix compatibility kludge for invalid License-File metadata entries + emitted by build backends to work also with packaging version 24.0. + + Fix a couple of incorrectly rendered error messages. + + twine now enforces keyring >= 21.2.0. + + twine now catches configparser.Error to prevent accidental leaks of + secret tokens or passwords to the user's console. + * Deprecations and Removals: + + Remove hacks that support --skip-existing for indexes other than PyPI + and TestPyPI. + + Remove support for MD5 digests during uploads. +- Drop patch skip-unsupported-Metadata-Version-test.patch, merged upstream. + +------------------------------------------------------------------- +Mon Aug 25 14:24:32 UTC 2025 - Markéta Machová + +- Convert to libalternatives on SLE-16-based and newer systems + +------------------------------------------------------------------- +Sat Jan 25 21:08:56 UTC 2025 - Matej Cepl + +- Add missing Requires. + +------------------------------------------------------------------- +Fri Jan 24 15:30:25 UTC 2025 - ecsos + +- Update to 6.1.0 + * Features + - Twine now has preliminary built-in support for Trusted Publishing as an authentication mechanism. (#1194) + * Deprecations and Removals + - Remove support for egg and wininst distribution types. + These are not accepted by PyPI and not produced by any modern build-backends. (#1195) + - Twine no longer supports .tar.bz2 source distributions. (#1200) + * Misc + - packaging is used instead of pkginfo for parsing and validating metadata. + This aligns metadata validation to the one performed by PyPI. + packaging version 24.0 or later is required. Support for metadata version 2.4 + requires packaging 24.2 or later. pkginfo is not a dependency anymore. (#1180) + - Use "source" instead of None as pyversion for sdist uploads. This is what PyPI (and most likely other package indexes) expects. (#1191) +- Changes from 6.0.1 + * Bugfixes + - Fixed a regression where twine check would fail to expand wildcards, e.g. twine check 'dist/*'. (#1188) + * Misc + #1184 +- Changes from 6.0.0 + * Bugfixes + - Restore support for pkginfo 1.11 (#1116) + * Deprecations and Removals + - Username for PyPI and Test PyPI now defaults to __token__ but no longer overrides a username + configured in the environment or supplied on the command line. Workflows still supplying + anything other than __token__ for the username when uploading to PyPI or Test PyPI will now fail. + Either supply __token__ or do not supply a username at all. (#1121) + * Misc + #1024 + +------------------------------------------------------------------- +Thu Nov 14 03:51:14 UTC 2024 - Steve Kowalik + +- Skip a test broken by importlib_metadata 8.5+. + +------------------------------------------------------------------- +Fri Oct 11 11:50:51 UTC 2024 - John Paul Adrian Glaubitz + +- Update to 5.1.1 + * Resolve DeprecationWarnings when extracting ``twine`` metadata. + * Fix bug for Repository URLs with auth where the port was lost. When attempting + to prevent printing authentication credentials in URLs provided with username + and password, we did not properly handle the case where the URL also contains + a port (when reconstructing the URL). This is now handled and tested to + ensure no regressions. + +------------------------------------------------------------------- +Sat Jun 29 12:59:17 UTC 2024 - Dirk Müller + +- update to 5.1.0: + * Add the experimental --attestations flag. + +------------------------------------------------------------------- +Wed Apr 10 08:39:37 UTC 2024 - Ana Guerrero + +- Add BuildRequires on python-jaraco.packaging that was pulled + by other Build Requires. + +------------------------------------------------------------------- +Mon Mar 18 08:14:45 UTC 2024 - Matej Cepl + +- Update to 5.0.0: + - Use email.message instead of cgi as cgi has been deprecated +- Remove upstreamed patch license_files.patch +- Add skip-unsupported-Metadata-Version-test.patch + (gh#pypa/twine#1071) to skip failing test case. + +------------------------------------------------------------------- +Fri May 5 13:44:23 UTC 2023 - Matej Cepl + +- Update to 4.0.2: + - Remove deprecated function to fix twine check with pkginfo + 1.9.0. + - Improve logging when keyring fails. + - Reconfgure root logger to show all log messages. + - Drop support for Python 3.6. + - Use Rich instead of tqdm for upload progress bar. + - Remove Twine’s dependencies from the User-Agent header when + uploading. + - Improve detection of disabled BLAKE2 hashing due to FIPS + mode. + - Restore warning for missing long_description. + - Add --verbose logging for querying keyring credentials. + - Log all upload responses with --verbose. + - Show more helpful error message for invalid metadata. + - Require a recent version of urllib3. + - Add support for core metadata version 2.2, defined in PEP + 643. + - Add support for Python 3.10. + - Show more helpful messages for invalid passwords. + - Allow the --skip-existing option to work with GCP Artifact + Registry. + - Add a helpful error message when an upload fails due to + missing a trailing slash in the URL. + - Generalize --verbose suggestion when an upload fails. + - Improve error messages + - Do not include md5_digest or blake2_256_digest if FIPS mode + is enabled on the host. This removes those fields from the + metadata before sending the metadata to the repository. +- Add license_files.patch to make pip happy. + +------------------------------------------------------------------- +Fri Apr 21 12:38:02 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:45:36 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Sun Jul 11 17:40:20 UTC 2021 - Michael Ströder + +- added 0001-remove-disable-socket-pytest-opt.patch +- update to 3.4.1 + * 3.4.1 (2021-03-16) + Bugfixes + - Fix a regression that was causing some namespace packages with dots in them fail to upload to PyPI. (#745) + * 3.4.0 (2021-03-15) + Features + - Prefer importlib.metadata for entry point handling. (#728) + - Rely on importlib_metadata 3.6 for nicer entry point processing. (#732) + - Eliminate dependency on setuptools/pkg_resources and replace with packaging and importlib_metadata. (#736) + * 3.3.0 (2020-12-23) + Features + - Print files to be uploaded using ``upload --verbose`` (#670) + - Print configuration file location when using ``upload --verbose`` (#675) + - Print source and values of credentials when using ``upload --verbose`` (#685) + - Add support for Python 3.9 (#708) + - Turn warnings into errors when using ``check --strict`` (#715) + Bugfixes + - Make password optional when using ``upload --client-cert`` (#678) + - Support more Nexus versions with ``upload --skip-existing`` (#693) + - Support Gitlab Enterprise with ``upload --skip-existing`` (#698) + - Show a better error message for malformed files (#714) + Improved Documentation + - Adopt PSF code of conduct (#680) + - Adopt towncrier for the changleog (#718) + +------------------------------------------------------------------- +Thu Jul 23 12:22:51 UTC 2020 - Marketa Calabkova + +- update to 3.2.0 + * :feature:`666` Improve display of HTTP errors during upload + * :feature:`649` Use red text when printing errors on the command line + * :feature:`652` Print packages and signatures to be uploaded when using + ``--verbose`` option + * :bug:`655 major` Update URL to ``.pypirc`` specfication + * :feature:`602` Require repository URL scheme to be ``http`` or ``https`` + * :bug:`612 major` Don't raise an exception when Python version can't be + parsed from filename + +------------------------------------------------------------------- +Sun Apr 5 07:40:00 UTC 2020 - Tomáš Chvátal + +- Update deps to really match up reality + +------------------------------------------------------------------- +Thu Mar 26 09:15:04 UTC 2020 - pgajdos@suse.com + +- version update to 3.1.1 + bug`548` Restore --non-interactive as a flag not expecting an argument. + :feature:`547` Add support for specifying --non-interactive as an environment variable. + :feature:`336` When a client certificate is indicated, all password processing is disabled. + :feature:`489` Add --non-interactive flag to abort upload rather than interactively prompt if credentials are missing. + :feature:`524` Twine now unconditionally requires the keyring library and no longer supports uninstalling keyring as a means to disable that functionality. Instead, use keyring --disable keyring functionality if necessary. + :feature:`518` Add Python 3.8 to classifiers. + bug`332 major` More robust handling of server response in --skip-existing + :feature:`437` Twine now requires Python 3.6 or later. Use pip 9 or pin to "twine<2" to install twine on older Python versions. + bug`491 major` Require requests 2.20 or later to avoid reported security vulnerabilities in earlier releases. +- python3 only package + +------------------------------------------------------------------- +Thu Mar 12 07:53:47 UTC 2020 - Tomáš Chvátal + +- Fix build without python2 + +------------------------------------------------------------------- +Tue Feb 25 11:22:38 UTC 2020 - Ondřej Súkup + +- update to 1.15.0 +- last with python2 +- Improved output on check command + +------------------------------------------------------------------- +Tue Sep 10 09:42:43 UTC 2019 - Tomáš Chvátal + +- Update to 1.14.0: + * Better error handling and gpg2 fallback if gpg not available. + * Fixes for python 3.8 + +------------------------------------------------------------------- +Sat Mar 2 04:53:11 UTC 2019 - Arun Persaud + +- specfile: + * be more specific in %files section + * remove patch fix-keyring-support.patch, included upstream + +- update to version 1.13.0: + * bug`452` Restore prompts while retaining support for suppressing + prompts. + * bug`447` Avoid requests-toolbelt to 0.9.0 to prevent attempting to + use openssl when it isn't available. + * :feature:`427` Add disable_progress_bar option to disable tqdm. + * :feature:`426` Allow defining an empty username and password in + .pypirc. + * bug`441` Only install pyblake2 if needed. + * bug`444` Use io.StringIO instead of StringIO. + * bug`436` Use modern Python language features. + * :support:`439` Refactor tox env and travis config. + * bug`435` Specify python_requires in setup.py + * bug`432` Use https URLs everywhere. + * bug`428` Fix --skip-existing for Nexus Repos. + * :feature:`419` Support keyring.get_credential. + * :feature:`418` Support keyring.get_username_and_password. + * bug`421` Remove unnecessary usage of readme_render.markdown. + * :feature:" Add Python 3.7 to classifiers. + * bug`412` Don't crash if there's no package description. + * bug`408` Fix keyring support. + +------------------------------------------------------------------- +Sat Feb 9 19:52:43 CET 2019 - Matej Cepl + +- Add fix-keyring-support.patch fixing + gh#pypa/twine#408 + +------------------------------------------------------------------- +Sat Feb 9 13:45:55 UTC 2019 - Matej Cepl + +- Deduplicate installed files + +------------------------------------------------------------------- +Fri Jan 4 14:54:32 UTC 2019 - Hans-Peter Jansen + +- update to version 1.12.1 + - bug`404` Fix regression with upload exit code + +- update to version 1.12.0 + - feature`395 major` Add twine check command to check long description + - feature`392 major` Drop support for Python 3.3 + - feature`363` Empower --skip-existing for Artifactory repositories + - bug`367` Avoid MD5 when Python is compiled in FIPS mode + +- Fix source URL +- add python-readme_renderer dependency +- BuildRequire python2-pyblake2 for successful testing + +------------------------------------------------------------------- +Mon May 21 09:30:29 UTC 2018 - tchvatal@suse.com + +- Recommend the pyblake2 on python2 as it is included in py3.6+ + but was never in py2 + +------------------------------------------------------------------- +Mon May 21 09:23:53 UTC 2018 - tchvatal@suse.com + +- Switch to github archive to have test fixtures +- Enable tests + +------------------------------------------------------------------- +Sat May 19 09:44:51 UTC 2018 - hpj@urpla.net + +- adjust requirements + +------------------------------------------------------------------- +Fri May 18 12:16:54 UTC 2018 - hpj@urpla.net + +- update to version 1.11.0 + - see https://github.com/pypa/twine/blob/master/docs/changelog.rst + +------------------------------------------------------------------- +Thu May 17 08:26:25 UTC 2018 - tchvatal@suse.com + +- Format with spec-cleaner and reduce the license conditions + +------------------------------------------------------------------- +Thu Jul 6 13:02:30 UTC 2017 - sebix+novell.com@sebix.at + +- fix source url + +------------------------------------------------------------------- +Wed Jul 5 18:50:28 UTC 2017 - sebix+novell.com@sebix.at + +- update to version 1.9.1 +- update specfile to singlespec + +------------------------------------------------------------------- +Wed Jan 18 11:48:32 UTC 2017 - michael@stroeder.com + +- Update to version 1.8.1 +- requires python-requests-toolbelt>=0.4.0 + +------------------------------------------------------------------- +Fri Sep 25 11:27:26 UTC 2015 - p.drouand@gmail.com + +- Update to version 1.6.1 + * bug:`130` Fix signing support for uploads +- Implement update-alternatives + +------------------------------------------------------------------- +Wed Jul 16 09:57:47 UTC 2014 - toddrme2178@gmail.com + +- BuildRequires: python-setuptools +- Add executable + +------------------------------------------------------------------- +Tue Feb 4 10:07:31 UTC 2014 - speilicke@suse.com + +- Initial version + diff --git a/python-twine.spec b/python-twine.spec new file mode 100644 index 0000000..e0dbd2f --- /dev/null +++ b/python-twine.spec @@ -0,0 +1,117 @@ +# +# spec file for package python-twine +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} > 1500 +%bcond_without libalternatives +%else +%bcond_with libalternatives +%endif +%{?sle15_python_module_pythons} +Name: python-twine +Version: 6.2.0 +Release: 0 +Summary: Collection of utilities for interacting with PyPI +License: Apache-2.0 +URL: https://github.com/pypa/twine +Source: https://files.pythonhosted.org/packages/source/t/twine/twine-%{version}.tar.gz +Patch0: 0001-remove-disable-socket-pytest-opt.patch +BuildRequires: %{python_module id} +BuildRequires: %{python_module importlib-metadata >= 3.6} +BuildRequires: %{python_module jaraco.envs} +BuildRequires: %{python_module jaraco.packaging >= 9} +BuildRequires: %{python_module keyring >= 21.2} +BuildRequires: %{python_module munch} +BuildRequires: %{python_module packaging >= 24.2} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pkginfo >= 1.8.1} +BuildRequires: %{python_module portend} +BuildRequires: %{python_module pretend} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module readme_renderer >= 35.0} +BuildRequires: %{python_module requests >= 2.20} +BuildRequires: %{python_module requests-toolbelt >= 0.8.0} +BuildRequires: %{python_module rfc3986 >= 1.4.0} +BuildRequires: %{python_module rich >= 12.0.0} +BuildRequires: %{python_module setuptools >= 45} +BuildRequires: %{python_module setuptools_scm >= 6.0} +BuildRequires: %{python_module urllib3 >= 1.26.0} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-id +Requires: python-keyring >= 21.2 +Requires: python-packaging +Requires: python-readme_renderer >= 35.0 +Requires: python-requests >= 2.20 +Requires: python-requests-toolbelt >= 0.8.0 +Requires: python-rfc3986 >= 1.4.0 +Requires: python-rich >= 12.0.0 +Requires: python-urllib3 >= 1.26 +BuildArch: noarch +%if %{with libalternatives} +BuildRequires: alts +Requires: alts +%else +Requires(post): update-alternatives +Requires(postun): update-alternatives +%endif +%python_subpackages + +%description +Twine is a utility for publishing Python packages on PyPI. + +Currently it supports registering projects, uploading distributions, and +checking, if descriptions will render correctly. + +%prep +%autosetup -p1 -n twine-%{version} + +sed -i '1s/^#!.*//' twine/__main__.py + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_clone -a %{buildroot}%{_bindir}/twine +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +# do not run integration tests +rm tests/test_integration.py +# test_check_status_code_for_wrong_repo_url is online test +# test_package_from_egg broken by importlib_metadata 8.5+ +%pytest -k 'not (test_check_status_code_for_wrong_repo_url or test_package_from_egg)' + +%post +%python_install_alternative twine + +%postun +%python_uninstall_alternative twine + +%pre +%python_libalternatives_reset_alternative twine + +%files %{python_files} +%doc AUTHORS README.rst +%license LICENSE +%python_alternative %{_bindir}/twine +%{python_sitelib}/twine +%{python_sitelib}/twine-%{version}.dist-info + +%changelog diff --git a/twine-6.2.0.tar.gz b/twine-6.2.0.tar.gz new file mode 100644 index 0000000..02e9b10 --- /dev/null +++ b/twine-6.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e5ed0d2fd70c9959770dce51c8f39c8945c574e18173a7b81802dab51b4b75cf +size 172262