Accepting request 1193638 from devel:languages:python

- update to 24.2:
  * Deprecate pip install --editable falling back to setup.py
    develop when using a setuptools version that does not support
    PEP 660 (setuptools v63 and older).
  * Check unsupported packages for the current platform. (#11054)
  * Check unsupported packages for the current platform.
  * Use system certificates and certifi certificates to verify
    HTTPS connections on Python 3.10+. Python 3.9 and earlier
    only use certifi. To revert to previous behaviour, pass the
    flag --use-deprecated=legacy-certs. (#11647)
  * Use system certificates and certifi certificates to verify
    HTTPS connections on Python 3.10+. Python 3.9 and earlier
    only use certifi.
  * To revert to previous behaviour, pass the flag --use-
    deprecated=legacy-certs.
  * Improve discovery performance of installed packages when the
    importlib.metadata backend is used to load distribution
    metadata (used by default under Python 3.11+). (#12656)
  * Improve discovery performance of installed packages when the
    importlib.metadata backend is used to load distribution
    metadata (used by default under Python 3.11+).
  * Improve performance when the same requirement string appears
    many times during resolution, by consistently caching the
    parsed requirement string. (#12663)
  * Improve performance when the same requirement string appears
    many times during resolution, by consistently caching the
    parsed requirement string.
  * Minor performance improvement of finding applicable package
    candidates by not repeatedly calculating their versions
    (#12664)

OBS-URL: https://build.opensuse.org/request/show/1193638
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pip?expand=0&rev=67

disable-ssl-context-in-buildenv.patch

@@ -0,0 +1,30 @@
+Index: pip-24.2/src/pip/_vendor/requests/adapters.py
+===================================================================
+--- pip-24.2.orig/src/pip/_vendor/requests/adapters.py
++++ pip-24.2/src/pip/_vendor/requests/adapters.py
+@@ -81,7 +81,7 @@ try:
+     _preloaded_ssl_context.load_verify_locations(
+         extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
+     )
+-except ImportError:
++except (ImportError, FileNotFoundError):
+     # Bypass default SSLContext creation when Python
+     # interpreter isn't built with the ssl module.
+     _preloaded_ssl_context = None
+Index: pip-24.2/src/pip/_internal/cli/index_command.py
+===================================================================
+--- pip-24.2.orig/src/pip/_internal/cli/index_command.py
++++ pip-24.2/src/pip/_internal/cli/index_command.py
+@@ -43,7 +43,11 @@ def _create_truststore_ssl_context() ->
+         return None
+ 
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+-    ctx.load_verify_locations(certifi.where())
++    try:
++        ctx.load_verify_locations(certifi.where())
++    except FileNotFoundError:
++        logger.warning("Disabling truststore because of missing certificates")
++        return None
+     return ctx
+ 
+ 

distutils-reproducible-compile.patch

@@ -2,11 +2,11 @@
  src/pip/_vendor/distlib/wheel.py |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
+Index: pip-24.1.1/src/pip/_vendor/distlib/wheel.py
 ===================================================================
---- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
-+++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
-@@ -567,7 +567,7 @@ class Wheel(object):
+--- pip-24.1.1.orig/src/pip/_vendor/distlib/wheel.py
++++ pip-24.1.1/src/pip/_vendor/distlib/wheel.py
+@@ -578,7 +578,7 @@ class Wheel(object):
              maker.source_dir = workdir
              maker.target_dir = None
              try:

pip-24.0-gh.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ad0dfe75fb28092a8cbe18523391695ceb0c0d65a5c9a969349fcb13b12b84c7
-size 9398156

pip-shipped-requests-cabundle.patch

@@ -3,26 +3,32 @@
  tests/unit/test_options.py      |    5 +
  2 files changed, 13 insertions(+), 97 deletions(-)
 
---- a/src/pip/_vendor/certifi/core.py
-+++ b/src/pip/_vendor/certifi/core.py
-@@ -3,106 +3,17 @@ certifi.py
+Index: pip-24.1.1/src/pip/_vendor/certifi/core.py
+===================================================================
+--- pip-24.1.1.orig/src/pip/_vendor/certifi/core.py
++++ pip-24.1.1/src/pip/_vendor/certifi/core.py
+@@ -3,112 +3,15 @@ certifi.py
  ~~~~~~~~~~
  
  This module returns the installation location of cacert.pem or its contents.
 +Patched by openSUSE: return the system bundle
  """
 -import sys
+-import atexit
  
+-def exit_cacert_ctx() -> None:
+-    _CACERT_CTX.__exit__(None, None, None)  # type: ignore[union-attr]
 +def read_text(_module=None, _path=None, encoding="ascii"):
 +    with open(where(), "r", encoding=encoding) as data:
 +        return data.read()
  
--if sys.version_info >= (3, 11):
- 
--    from importlib.resources import as_file, files
 +def where() -> str:
 +    return "/etc/ssl/ca-bundle.pem"
  
+-if sys.version_info >= (3, 11):
+-
+-    from importlib.resources import as_file, files
+-
 -    _CACERT_CTX = None
 -    _CACERT_PATH = None
 -
@@ -47,6 +53,7 @@
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
@@ -82,6 +89,7 @@
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
@@ -113,15 +121,17 @@
 -    # of assuming we're on the filesystem and munge the path directly.
 -    def where() -> str:
 -        f = os.path.dirname(__file__)
- 
+-
 -        return os.path.join(f, "cacert.pem")
 -
 -    def contents() -> str:
 -        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
 +def contents() -> str:
 +    return read_text(encoding="ascii")
---- a/tests/unit/test_options.py
-+++ b/tests/unit/test_options.py
+Index: pip-24.1.1/tests/unit/test_options.py
+===================================================================
+--- pip-24.1.1.orig/tests/unit/test_options.py
++++ pip-24.1.1/tests/unit/test_options.py
 @@ -1,4 +1,5 @@
  import os
 +import os.path
@@ -136,7 +146,7 @@
  from tests.lib.options_helpers import AddFakeCommandMixin
  
  
-@@ -618,6 +620,9 @@ class TestOptionsConfigFiles:
+@@ -617,6 +619,9 @@ class TestOptionsConfigFiles:
          else:
              assert expect == cmd._determine_file(options, need_value=False)
  

python-pip.changes

@@ -1,3 +1,162 @@
+-------------------------------------------------------------------
+Mon Aug 12 16:49:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.2:
+  * Deprecate pip install --editable falling back to setup.py
+    develop when using a setuptools version that does not support
+    PEP 660 (setuptools v63 and older).
+  * Check unsupported packages for the current platform. (#11054)
+  * Check unsupported packages for the current platform.
+  * Use system certificates and certifi certificates to verify
+    HTTPS connections on Python 3.10+. Python 3.9 and earlier
+    only use certifi. To revert to previous behaviour, pass the
+    flag --use-deprecated=legacy-certs. (#11647)
+  * Use system certificates and certifi certificates to verify
+    HTTPS connections on Python 3.10+. Python 3.9 and earlier
+    only use certifi.
+  * To revert to previous behaviour, pass the flag --use-
+    deprecated=legacy-certs.
+  * Improve discovery performance of installed packages when the
+    importlib.metadata backend is used to load distribution
+    metadata (used by default under Python 3.11+). (#12656)
+  * Improve discovery performance of installed packages when the
+    importlib.metadata backend is used to load distribution
+    metadata (used by default under Python 3.11+).
+  * Improve performance when the same requirement string appears
+    many times during resolution, by consistently caching the
+    parsed requirement string. (#12663)
+  * Improve performance when the same requirement string appears
+    many times during resolution, by consistently caching the
+    parsed requirement string.
+  * Minor performance improvement of finding applicable package
+    candidates by not repeatedly calculating their versions
+    (#12664)
+  * Minor performance improvement of finding applicable package
+    candidates by not repeatedly calculating their versions
+  * Disable pip's self version check when invoking a pip
+    subprocess to install PEP 517 build requirements. (#12683)
+  * Disable pip's self version check when invoking a pip
+    subprocess to install PEP 517 build requirements.
+  * Improve dependency resolution performance by caching platform
+    compatibility tags during wheel cache lookup. (#12712)
+  * Improve dependency resolution performance by caching platform
+    compatibility tags during wheel cache lookup.
+  * wheel is no longer explicitly listed as a build dependency of
+    pip. setuptools injects this dependency in the
+    get_requires_for_build_wheel() hook and no longer needs it on
+    newer versions. (#12728)
+  * wheel is no longer explicitly listed as a build dependency of
+    pip. setuptools injects this dependency in the
+    get_requires_for_build_wheel() hook and no longer needs it on
+    newer versions.
+  * Ignore --require-virtualenv for pip check and pip freeze
+    (#12842)
+  * Ignore --require-virtualenv for pip check and pip freeze
+  * Improve package download and install performance. Increase
+    chunk sizes when downloading (256 kB, up from 10 kB) and
+    reading files (1 MB, up from 8 kB). This reduces the
+    frequency of updates to pip's progress bar. (#12810)
+  * Improve package download and install performance.
+  * Increase chunk sizes when downloading (256 kB, up from 10 kB)
+    and reading files (1 MB, up from 8 kB). This reduces the
+    frequency of updates to pip's progress bar.
+  * Improve pip install performance. Files are now extracted in
+    1MB blocks, or in one block matching the file size for
+    smaller files. A decompressor is no longer instantiated when
+    extracting 0 bytes files, it is not necessary because there
+    is no data to decompress. (#12803)
+  * Improve pip install performance.
+  * Files are now extracted in 1MB blocks, or in one block
+    matching the file size for smaller files. A decompressor is
+    no longer instantiated when extracting 0 bytes files, it is
+    not necessary because there is no data to decompress.
+  * Set no_color to global rich.Console instance.
+  * Fix resolution to respect --python-version when checking
+    Requires-Python.
+  * Perform hash comparisons in a case-insensitive manner.
+  * Avoid dlopen failure for glibc detection in musl builds
+  * Avoid keyring logging crashes when pip is run in verbose
+    mode.
+  * Fix finding hardlink targets in tar files with an ignored
+    top-level directory.
+  * Improve pip install performance by only creating required
+    parent directories once, instead of before extracting every
+    file in the wheel.
+  * Improve pip install performance by calculating installed
+    packages printout in linear time instead of quadratic time.
+  * Remove vendored tenacity.
+  * Update the preload list for the DEBUNDLED case, to replace
+    pep517 that has been renamed to pyproject_hooks.
+  * Use tomllib from the stdlib if available, rather than tomli
+  * Upgrade certifi to 2024.7.4
+  * Upgrade platformdirs to 4.2.2
+  * Upgrade pygments to 2.18.0
+  * Upgrade setuptools to 70.3.0
+  * Upgrade typing_extensions to 4.12.2
+  * Correct —-ignore-conflicts (including an em dash) to
+    --ignore-conflicts.
+  * Fix finding hardlink targets in tar files with an ignored
+    top-level directory.
+- add disable-ssl-context-in-buildenv.patch: treat missing
+  ca-certificates as "ssl not available" for buildenvs
+
+-------------------------------------------------------------------
+Sun Jun 30 18:45:16 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.1.1:
+  * Actually use system trust stores when the truststore feature
+    is enabled.
+  * Report informative messages about invalid requirements.
+  * Eagerly import the self version check logic to avoid crashes
+    while upgrading or downgrading pip at the same time.
+  * Accommodate for mismatches between different sources of truth
+    for extra names, for packages generated by setuptools.
+  * Accommodate for development versions of CPython ending in +
+    in the version string.
+  * requests provides optional character detection support on
+    some APIs when processing ambiguous bytes. This isn't
+    relevant for pip to function and we're able to remove it due
+    to recent upstream changes.
+  * Drop support for EOL Python 3.7.
+  * Remove support for legacy versions and dependency specifiers.
+  * Packages with non standard-compliant versions or dependency
+    specifiers are now ignored by the resolver. Already installed
+    packages with non standard-compliant versions or dependency
+    specifiers must be uninstalled before upgrading them.
+  * Improve performance of resolution of large dependency trees,
+    with more caching.
+  * Further improve resolution performance of large dependency
+    trees, by caching hash calculations.
+  * Reduce startup time of commands (e.g. show, freeze) that do
+    not access the network by 15-30%.
+  * Reword and improve presentation of uninstallation errors.
+  * Add a 'raw' progress_bar type for simple and parsable
+    download progress reports
+  * pip list no longer performs the pip version check unless
+    --outdated or --uptodate is given.
+  * Use the data_filter when extracting tarballs, if it's
+    available.
+  * Display the Project-URL value under key "Home-page" in pip
+    show when the Home-Page metadata field is not set.
+  * The Project-URL key detection is case-insensitive, and
+    ignores any dashes and underscores.
+  * Ensure -vv gets passed to any pip install build environment
+    subprocesses.
+  * Deduplicate entries in the Requires field of pip show.
+  * Fix error on checkout for subversion and bazaar with verbose
+    mode on.
+  * Fix exception with completions when COMP_CWORD is not set
+  * Fix intermittent "cannot locate t64.exe" errors when
+    upgrading pip.
+  * Remove duplication in invalid wheel error message
+  * Remove the incorrect pip3.x console entrypoint from the pip
+    wheel. This console script continues to be generated by pip
+    when it installs itself.
+  * Gracefully skip VCS detection in pip freeze when PATH points
+    to a non-directory path.
+  * Make the --proxy parameter take precedence over environment
+    variables.
+
 -------------------------------------------------------------------
 Sun Apr 28 19:10:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

python-pip.spec

@@ -29,12 +29,11 @@
 %else
 %bcond_with libalternatives
 %endif
-
 # in order to avoid rewriting for subpackage generator
 %define mypython python
 %{?sle15_python_module_pythons}
 Name:           python-pip%{psuffix}
-Version:        24.0
+Version:        24.2
 Release:        0
 Summary:        A Python package management system
 License:        MIT
@@ -46,6 +45,8 @@ Patch0:         pip-shipped-requests-cabundle.patch
 # PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
 # To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
 Patch1:         distutils-reproducible-compile.patch
+# PATCH-FIX-OPENSUSE: deal missing ca-certificates as "ssl not available"
+Patch2:         disable-ssl-context-in-buildenv.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module setuptools >= 40.8.0}
 # The rpm python-wheel build is bootstrap friendly since 0.42
@@ -64,20 +65,20 @@ Requires(post): update-alternatives
 Requires(postun): update-alternatives
 %endif
 %if %{with test}
-# Test requirements:
-BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module PyYAML}
 BuildRequires:  %{python_module Werkzeug}
 BuildRequires:  %{python_module cryptography}
-BuildRequires:  %{python_module docutils}
 BuildRequires:  %{python_module freezegun}
 BuildRequires:  %{python_module installer}
+# Test requirements:
+BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest-xdist}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module scripttest}
 BuildRequires:  %{python_module setuptools-wheel}
 BuildRequires:  %{python_module virtualenv >= 1.10}
-BuildRequires:  ca-certificates
+BuildRequires:  ca-certificates-mozilla
 BuildRequires:  git-core
 %endif
 %python_subpackages
@@ -100,8 +101,6 @@ the wheel needs to be used directly in test or install setups
 # Exception: Use our own cabundle. Adapted patch from python-certifi package
 %autosetup -p1 -n pip-%{version}
 
-rm src/pip/_vendor/certifi/cacert.pem
-
 %if %{with test}
 mkdir -p tests/data/common_wheels
 %python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
@@ -114,7 +113,6 @@ done
 # Remove windows executable binaries
 # bsc#1212015
 rm -v src/pip/_vendor/distlib/*.exe
-sed -i '/\.exe/d' setup.py
 
 %build
 %if !%{with test}
@@ -136,7 +134,7 @@ install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
 }
 
 %{python_expand # Fix shebang path for "pip3.XX" binaries
-sed -i "1s|#\!.*python.*|#\!/usr/bin/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
+sed -i "1s|#\!.*python.*|#\!%{_bindir}/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
 }
 
 %python_clone -a %{buildroot}%{_bindir}/pip