python/python-uv
SHA256
15
0
Fork 0
forked from pool/python-uv
Code Pull Requests Activity
Files
25cb077a72820136ecf0391ef1d1a51bcd6cb89da6ec86d5e2c90acd33177f4c
python-uv/python-uv.spec
Daniel Garcia bb3b270561 - update to 0.9.5 (bsc#1252399, CVE-2025-62518) 
This release contains an upgrade to astral-tokio-tar, which addresses
  a vulnerability in tar extraction on malformed archives with
  mismatching size information between the ustar header and PAX
  extensions. While the astral-tokio-tar advisory has been graded as
  "high" due its potential broader impact, the specific impact to uv is
  low due to a lack of novel attacker capability. Specifically, uv only
  processes tar archives from source distributions, which already
  possess the capability for full arbitrary code execution by design,
  meaning that an attacker gains no additional capabilities through
  astral-tokio-tar.
  Regardless, we take the hypothetical risk of parser differentials very
  seriously. Out of an abundance of caution, we have assigned this
  upgrade an advisory:
  https://github.com/astral-sh/uv/security/advisories/GHSA-w476-p2h3-79g9
  * Security
    * Upgrade astral-tokio-tar to 0.5.6 to address a parsing
      differential (#16387)
  * Enhancements
    * Add required environment marker example to hint (#16244)
    * Fix typo in MissingTopLevel warning (#16351)
    * Improve 403 Forbidden error message to indicate package may not
      exist (#16353)
    * Add a hint on uv pip install failure if the --system flag is
      used to select an externally managed interpreter (#16318)
  * Bug fixes
    * Fix backtick escaping for PowerShell (#16307)
  * Documentation
    * Document metadata consistency expectation (#15683)
    * Remove outdated aarch64 musl note (#16385)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-uv?expand=0&rev=137
2025-10-22 05:57:02 +00:00

200 lines
6.4 KiB
RPMSpec
Raw Blame History

#
# spec file for package python-uv
#
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if 0%{?suse_version} && 0%{?suse_version} < 1550
%global force_gcc_version 13
%endif
%if 0%{?suse_version} > 1600
%bcond_without mold
%else
%bcond_with mold
%endif
%if %{with mold}
%global build_rustflags "-C" "linker=clang" "-C" "link-arg='-fuse-ld=/usr/bin/mold -Wl,-z,relro,-z,now'" "-C" "debuginfo=2" "-C" "incremental=false" "-C" "strip=none"
%endif
%bcond_without libalternatives
%{?sle15_python_module_pythons}
Name: python-uv
Version: 0.9.5
Release: 0
Summary: A Python package installer and resolver, written in Rust
License: Apache-2.0 OR MIT
URL: https://github.com/astral-sh/uv
Source0: https://github.com/astral-sh/uv/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: vendor.tar.zst
BuildRequires: %{python_module maturin}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module tomli}
BuildRequires: alts
BuildRequires: cargo >= 1.88
BuildRequires: cargo-packaging
BuildRequires: cmake
BuildRequires: fdupes
%if 0%{?suse_version} > 1600
BuildRequires: c++_compiler
BuildRequires: c_compiler
BuildRequires: clang
BuildRequires: mold
%else
BuildRequires: gcc13
BuildRequires: gcc13-c++
BuildRequires: libstdc++6-devel-gcc13
%endif
BuildRequires: python-rpm-macros
BuildRequires: zstd
Obsoletes: uv < %{version}
Provides: uv = %{version}
Requires: alts
Requires: python3
%package -n uv-fish-completion
Summary: Fish Completion for %{name}
Provides: python-uv-fish-completion = %{version}
Supplements: (uv and fish)
Requires: fish
Requires: uv
BuildArch: noarch
%description -n uv-fish-completion
Fish command-line completion support for %{name}.
%package -n uv-zsh-completion
Summary: Zsh Completion for %{name}
Provides: python-uv-zsh-completion = %{version}
Supplements: (uv and zsh)
Requires: uv
Requires: zsh
BuildArch: noarch
%description -n uv-zsh-completion
Zsh command-line completion support for %{name}.
%package -n uv-bash-completion
Summary: Bash Completion for %{name}
Provides: python-uv-bash-completion = %{version}
Supplements: (uv and bash-completion)
Requires: bash-completion
Requires: uv
BuildArch: noarch
%description -n uv-bash-completion
Bash command-line completion support for %{name}.
%python_subpackages
%description
uv is a Python package installer and resolver, written in Rust. Designed as a
drop-in replacement for common pip and pip-tools workflows.
%prep
%autosetup -p1 -a1 -n uv-%{version}
%ifnarch x86_64
# Reduce memory consumption for non x86 arches
sed -i '/lto = "fat"/d' Cargo.toml
%endif
%build
export LDFLAGS="--no-keep-memory"
export CARGO_AUDITABLE="auditable"
export CARGO_INCREMENTAL=0
export CARGO_FEATURE_VENDORED=1
export RUSTFLAGS="%build_rustflags"
export CARGO_NET_OFFLINE=true
%ifarch %rust_tier1_arches
export CARGO_PROFILE_RELEASE_DEBUG=full
%else
export CARGO_PROFILE_RELEASE_DEBUG=limited
%endif
export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
export CARGO_PROFILE_RELEASE_STRIP=false
%if 0%{?force_gcc_version}
export CC="gcc-%{?force_gcc_version}"
export CXX="g++-%{?force_gcc_version}"
%endif
%pyproject_wheel
%install
export PATH="%{buildroot}%{_bindir}:${PATH}"
mkdir -p %{buildroot}%{_datadir}/bash-completion/completions
mkdir -p %{buildroot}%{_datadir}/fish/vendor_completions.d
mkdir -p %{buildroot}%{_datadir}/zsh/site-functions
export CARGO_AUDITABLE="auditable"
export CARGO_INCREMENTAL=0
export CARGO_FEATURE_VENDORED=1
export RUSTFLAGS="%build_rustflags"
export CARGO_NET_OFFLINE=true
%ifarch %rust_tier1_arches
export CARGO_PROFILE_RELEASE_DEBUG=full
%else
export CARGO_PROFILE_RELEASE_DEBUG=limited
%endif
%if 0%{?force_gcc_version}
export CC="gcc-%{?force_gcc_version}"
export CXX="g++-%{?force_gcc_version}"
%endif
export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
export CARGO_PROFILE_RELEASE_STRIP=false
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
%python_clone -a %{buildroot}%{_bindir}/uv
%python_group_libalternatives uv
%python_clone -a %{buildroot}%{_bindir}/uvx
%python_group_libalternatives uvx
%python_expand uv-%{$python_bin_suffix} --generate-shell-completion bash > %{buildroot}%{_datadir}/bash-completion/completions/uv
%python_expand uv-%{$python_bin_suffix} --generate-shell-completion fish > %{buildroot}%{_datadir}/fish/vendor_completions.d/uv.fish
%python_expand uv-%{$python_bin_suffix} --generate-shell-completion zsh > %{buildroot}%{_datadir}/zsh/site-functions/_uv
%python_expand uv-%{$python_bin_suffix} tool uvx --generate-shell-completion bash > %{buildroot}%{_datadir}/bash-completion/completions/uvx
%python_expand uv-%{$python_bin_suffix} tool uvx --generate-shell-completion fish > %{buildroot}%{_datadir}/fish/vendor_completions.d/uvx.fish
%python_expand uv-%{$python_bin_suffix} tool uvx --generate-shell-completion zsh > %{buildroot}%{_datadir}/zsh/site-functions/_uvx
%pre
%python_libalternatives_reset_alternative uv
%python_libalternatives_reset_alternative uvx
%files %{python_files}
%license LICENSE-*
%doc README.md
%python_alternative %{_bindir}/uv
%python_alternative %{_bindir}/uvx
%{python_sitearch}/uv
%{python_sitearch}/uv-%{version}.dist-info
%files -n uv-bash-completion
%dir %{_datadir}/bash-completion
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/uv
%{_datadir}/bash-completion/completions/uvx
%files -n uv-fish-completion
%dir %{_datadir}/fish
%dir %{_datadir}/fish/vendor_completions.d
%{_datadir}/fish/vendor_completions.d/uv.fish
%{_datadir}/fish/vendor_completions.d/uvx.fish
%files -n uv-zsh-completion
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%{_datadir}/zsh/site-functions/_uv
%{_datadir}/zsh/site-functions/_uvx
%changelog
View Git Blame Copy Permalink