diff --git a/disable-ssl-context-in-buildenv.patch b/disable-ssl-context-in-buildenv.patch new file mode 100644 index 0000000..918c0bc --- /dev/null +++ b/disable-ssl-context-in-buildenv.patch @@ -0,0 +1,30 @@ +Index: pip-24.2/src/pip/_vendor/requests/adapters.py +=================================================================== +--- pip-24.2.orig/src/pip/_vendor/requests/adapters.py ++++ pip-24.2/src/pip/_vendor/requests/adapters.py +@@ -81,7 +81,7 @@ try: + _preloaded_ssl_context.load_verify_locations( + extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH) + ) +-except ImportError: ++except (ImportError, FileNotFoundError): + # Bypass default SSLContext creation when Python + # interpreter isn't built with the ssl module. + _preloaded_ssl_context = None +Index: pip-24.2/src/pip/_internal/cli/index_command.py +=================================================================== +--- pip-24.2.orig/src/pip/_internal/cli/index_command.py ++++ pip-24.2/src/pip/_internal/cli/index_command.py +@@ -43,7 +43,11 @@ def _create_truststore_ssl_context() -> + return None + + ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +- ctx.load_verify_locations(certifi.where()) ++ try: ++ ctx.load_verify_locations(certifi.where()) ++ except FileNotFoundError: ++ logger.warning("Disabling truststore because of missing certificates") ++ return None + return ctx + + diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch index f3fa1fd..5fe265b 100644 --- a/distutils-reproducible-compile.patch +++ b/distutils-reproducible-compile.patch @@ -2,11 +2,11 @@ src/pip/_vendor/distlib/wheel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py +Index: pip-24.1.1/src/pip/_vendor/distlib/wheel.py =================================================================== ---- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py -+++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py -@@ -567,7 +567,7 @@ class Wheel(object): +--- pip-24.1.1.orig/src/pip/_vendor/distlib/wheel.py ++++ pip-24.1.1/src/pip/_vendor/distlib/wheel.py +@@ -578,7 +578,7 @@ class Wheel(object): maker.source_dir = workdir maker.target_dir = None try: diff --git a/pip-24.0-gh.tar.gz b/pip-24.0-gh.tar.gz deleted file mode 100644 index 3d05d7b..0000000 --- a/pip-24.0-gh.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ad0dfe75fb28092a8cbe18523391695ceb0c0d65a5c9a969349fcb13b12b84c7 -size 9398156 diff --git a/pip-24.2-gh.tar.gz b/pip-24.2-gh.tar.gz new file mode 100644 index 0000000..9429a52 --- /dev/null +++ b/pip-24.2-gh.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e527f2366551b8483fa3a8ac2954aa79f2461e6600d917f3b6ae741d708cb982 +size 9189637 diff --git a/pip-shipped-requests-cabundle.patch b/pip-shipped-requests-cabundle.patch index c90e180..56a3f24 100644 --- a/pip-shipped-requests-cabundle.patch +++ b/pip-shipped-requests-cabundle.patch @@ -3,26 +3,32 @@ tests/unit/test_options.py | 5 + 2 files changed, 13 insertions(+), 97 deletions(-) ---- a/src/pip/_vendor/certifi/core.py -+++ b/src/pip/_vendor/certifi/core.py -@@ -3,106 +3,17 @@ certifi.py +Index: pip-24.1.1/src/pip/_vendor/certifi/core.py +=================================================================== +--- pip-24.1.1.orig/src/pip/_vendor/certifi/core.py ++++ pip-24.1.1/src/pip/_vendor/certifi/core.py +@@ -3,112 +3,15 @@ certifi.py ~~~~~~~~~~ This module returns the installation location of cacert.pem or its contents. +Patched by openSUSE: return the system bundle """ -import sys +-import atexit +-def exit_cacert_ctx() -> None: +- _CACERT_CTX.__exit__(None, None, None) # type: ignore[union-attr] +def read_text(_module=None, _path=None, encoding="ascii"): + with open(where(), "r", encoding=encoding) as data: + return data.read() --if sys.version_info >= (3, 11): - -- from importlib.resources import as_file, files +def where() -> str: + return "/etc/ssl/ca-bundle.pem" +-if sys.version_info >= (3, 11): +- +- from importlib.resources import as_file, files +- - _CACERT_CTX = None - _CACERT_PATH = None - @@ -47,6 +53,7 @@ - # we will also store that at the global level as well. - _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem")) - _CACERT_PATH = str(_CACERT_CTX.__enter__()) +- atexit.register(exit_cacert_ctx) - - return _CACERT_PATH - @@ -82,6 +89,7 @@ - # we will also store that at the global level as well. - _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem") - _CACERT_PATH = str(_CACERT_CTX.__enter__()) +- atexit.register(exit_cacert_ctx) - - return _CACERT_PATH - @@ -113,15 +121,17 @@ - # of assuming we're on the filesystem and munge the path directly. - def where() -> str: - f = os.path.dirname(__file__) - +- - return os.path.join(f, "cacert.pem") - - def contents() -> str: - return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii") +def contents() -> str: + return read_text(encoding="ascii") ---- a/tests/unit/test_options.py -+++ b/tests/unit/test_options.py +Index: pip-24.1.1/tests/unit/test_options.py +=================================================================== +--- pip-24.1.1.orig/tests/unit/test_options.py ++++ pip-24.1.1/tests/unit/test_options.py @@ -1,4 +1,5 @@ import os +import os.path @@ -136,7 +146,7 @@ from tests.lib.options_helpers import AddFakeCommandMixin -@@ -618,6 +620,9 @@ class TestOptionsConfigFiles: +@@ -617,6 +619,9 @@ class TestOptionsConfigFiles: else: assert expect == cmd._determine_file(options, need_value=False) diff --git a/python-pip.changes b/python-pip.changes index 2c3858b..596c62f 100644 --- a/python-pip.changes +++ b/python-pip.changes @@ -1,3 +1,162 @@ +------------------------------------------------------------------- +Mon Aug 12 16:49:06 UTC 2024 - Dirk Müller + +- update to 24.2: + * Deprecate pip install --editable falling back to setup.py + develop when using a setuptools version that does not support + PEP 660 (setuptools v63 and older). + * Check unsupported packages for the current platform. (#11054) + * Check unsupported packages for the current platform. + * Use system certificates and certifi certificates to verify + HTTPS connections on Python 3.10+. Python 3.9 and earlier + only use certifi. To revert to previous behaviour, pass the + flag --use-deprecated=legacy-certs. (#11647) + * Use system certificates and certifi certificates to verify + HTTPS connections on Python 3.10+. Python 3.9 and earlier + only use certifi. + * To revert to previous behaviour, pass the flag --use- + deprecated=legacy-certs. + * Improve discovery performance of installed packages when the + importlib.metadata backend is used to load distribution + metadata (used by default under Python 3.11+). (#12656) + * Improve discovery performance of installed packages when the + importlib.metadata backend is used to load distribution + metadata (used by default under Python 3.11+). + * Improve performance when the same requirement string appears + many times during resolution, by consistently caching the + parsed requirement string. (#12663) + * Improve performance when the same requirement string appears + many times during resolution, by consistently caching the + parsed requirement string. + * Minor performance improvement of finding applicable package + candidates by not repeatedly calculating their versions + (#12664) + * Minor performance improvement of finding applicable package + candidates by not repeatedly calculating their versions + * Disable pip's self version check when invoking a pip + subprocess to install PEP 517 build requirements. (#12683) + * Disable pip's self version check when invoking a pip + subprocess to install PEP 517 build requirements. + * Improve dependency resolution performance by caching platform + compatibility tags during wheel cache lookup. (#12712) + * Improve dependency resolution performance by caching platform + compatibility tags during wheel cache lookup. + * wheel is no longer explicitly listed as a build dependency of + pip. setuptools injects this dependency in the + get_requires_for_build_wheel() hook and no longer needs it on + newer versions. (#12728) + * wheel is no longer explicitly listed as a build dependency of + pip. setuptools injects this dependency in the + get_requires_for_build_wheel() hook and no longer needs it on + newer versions. + * Ignore --require-virtualenv for pip check and pip freeze + (#12842) + * Ignore --require-virtualenv for pip check and pip freeze + * Improve package download and install performance. Increase + chunk sizes when downloading (256 kB, up from 10 kB) and + reading files (1 MB, up from 8 kB). This reduces the + frequency of updates to pip's progress bar. (#12810) + * Improve package download and install performance. + * Increase chunk sizes when downloading (256 kB, up from 10 kB) + and reading files (1 MB, up from 8 kB). This reduces the + frequency of updates to pip's progress bar. + * Improve pip install performance. Files are now extracted in + 1MB blocks, or in one block matching the file size for + smaller files. A decompressor is no longer instantiated when + extracting 0 bytes files, it is not necessary because there + is no data to decompress. (#12803) + * Improve pip install performance. + * Files are now extracted in 1MB blocks, or in one block + matching the file size for smaller files. A decompressor is + no longer instantiated when extracting 0 bytes files, it is + not necessary because there is no data to decompress. + * Set no_color to global rich.Console instance. + * Fix resolution to respect --python-version when checking + Requires-Python. + * Perform hash comparisons in a case-insensitive manner. + * Avoid dlopen failure for glibc detection in musl builds + * Avoid keyring logging crashes when pip is run in verbose + mode. + * Fix finding hardlink targets in tar files with an ignored + top-level directory. + * Improve pip install performance by only creating required + parent directories once, instead of before extracting every + file in the wheel. + * Improve pip install performance by calculating installed + packages printout in linear time instead of quadratic time. + * Remove vendored tenacity. + * Update the preload list for the DEBUNDLED case, to replace + pep517 that has been renamed to pyproject_hooks. + * Use tomllib from the stdlib if available, rather than tomli + * Upgrade certifi to 2024.7.4 + * Upgrade platformdirs to 4.2.2 + * Upgrade pygments to 2.18.0 + * Upgrade setuptools to 70.3.0 + * Upgrade typing_extensions to 4.12.2 + * Correct —-ignore-conflicts (including an em dash) to + --ignore-conflicts. + * Fix finding hardlink targets in tar files with an ignored + top-level directory. +- add disable-ssl-context-in-buildenv.patch: treat missing + ca-certificates as "ssl not available" for buildenvs + +------------------------------------------------------------------- +Sun Jun 30 18:45:16 UTC 2024 - Dirk Müller + +- update to 24.1.1: + * Actually use system trust stores when the truststore feature + is enabled. + * Report informative messages about invalid requirements. + * Eagerly import the self version check logic to avoid crashes + while upgrading or downgrading pip at the same time. + * Accommodate for mismatches between different sources of truth + for extra names, for packages generated by setuptools. + * Accommodate for development versions of CPython ending in + + in the version string. + * requests provides optional character detection support on + some APIs when processing ambiguous bytes. This isn't + relevant for pip to function and we're able to remove it due + to recent upstream changes. + * Drop support for EOL Python 3.7. + * Remove support for legacy versions and dependency specifiers. + * Packages with non standard-compliant versions or dependency + specifiers are now ignored by the resolver. Already installed + packages with non standard-compliant versions or dependency + specifiers must be uninstalled before upgrading them. + * Improve performance of resolution of large dependency trees, + with more caching. + * Further improve resolution performance of large dependency + trees, by caching hash calculations. + * Reduce startup time of commands (e.g. show, freeze) that do + not access the network by 15-30%. + * Reword and improve presentation of uninstallation errors. + * Add a 'raw' progress_bar type for simple and parsable + download progress reports + * pip list no longer performs the pip version check unless + --outdated or --uptodate is given. + * Use the data_filter when extracting tarballs, if it's + available. + * Display the Project-URL value under key "Home-page" in pip + show when the Home-Page metadata field is not set. + * The Project-URL key detection is case-insensitive, and + ignores any dashes and underscores. + * Ensure -vv gets passed to any pip install build environment + subprocesses. + * Deduplicate entries in the Requires field of pip show. + * Fix error on checkout for subversion and bazaar with verbose + mode on. + * Fix exception with completions when COMP_CWORD is not set + * Fix intermittent "cannot locate t64.exe" errors when + upgrading pip. + * Remove duplication in invalid wheel error message + * Remove the incorrect pip3.x console entrypoint from the pip + wheel. This console script continues to be generated by pip + when it installs itself. + * Gracefully skip VCS detection in pip freeze when PATH points + to a non-directory path. + * Make the --proxy parameter take precedence over environment + variables. + ------------------------------------------------------------------- Sun Apr 28 19:10:12 UTC 2024 - Dirk Müller diff --git a/python-pip.spec b/python-pip.spec index 7bcd08d..1ebdb73 100644 --- a/python-pip.spec +++ b/python-pip.spec @@ -29,12 +29,11 @@ %else %bcond_with libalternatives %endif - # in order to avoid rewriting for subpackage generator %define mypython python %{?sle15_python_module_pythons} Name: python-pip%{psuffix} -Version: 24.0 +Version: 24.2 Release: 0 Summary: A Python package management system License: MIT @@ -46,6 +45,8 @@ Patch0: pip-shipped-requests-cabundle.patch # PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com # To get reproducible builds, byte_compile() of distutils.util now sorts filenames. Patch1: distutils-reproducible-compile.patch +# PATCH-FIX-OPENSUSE: deal missing ca-certificates as "ssl not available" +Patch2: disable-ssl-context-in-buildenv.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module setuptools >= 40.8.0} # The rpm python-wheel build is bootstrap friendly since 0.42 @@ -64,20 +65,20 @@ Requires(post): update-alternatives Requires(postun): update-alternatives %endif %if %{with test} -# Test requirements: -BuildRequires: %{python_module pip = %{version}} BuildRequires: %{python_module PyYAML} BuildRequires: %{python_module Werkzeug} BuildRequires: %{python_module cryptography} -BuildRequires: %{python_module docutils} BuildRequires: %{python_module freezegun} BuildRequires: %{python_module installer} +# Test requirements: +BuildRequires: %{python_module pip = %{version}} BuildRequires: %{python_module pretend} +BuildRequires: %{python_module pytest-xdist} BuildRequires: %{python_module pytest} BuildRequires: %{python_module scripttest} BuildRequires: %{python_module setuptools-wheel} BuildRequires: %{python_module virtualenv >= 1.10} -BuildRequires: ca-certificates +BuildRequires: ca-certificates-mozilla BuildRequires: git-core %endif %python_subpackages @@ -100,8 +101,6 @@ the wheel needs to be used directly in test or install setups # Exception: Use our own cabundle. Adapted patch from python-certifi package %autosetup -p1 -n pip-%{version} -rm src/pip/_vendor/certifi/cacert.pem - %if %{with test} mkdir -p tests/data/common_wheels %python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/ @@ -114,7 +113,6 @@ done # Remove windows executable binaries # bsc#1212015 rm -v src/pip/_vendor/distlib/*.exe -sed -i '/\.exe/d' setup.py %build %if !%{with test} @@ -136,7 +134,7 @@ install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl } %{python_expand # Fix shebang path for "pip3.XX" binaries -sed -i "1s|#\!.*python.*|#\!/usr/bin/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix} +sed -i "1s|#\!.*python.*|#\!%{_bindir}/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix} } %python_clone -a %{buildroot}%{_bindir}/pip