Accepting request 841036 from home:bnavigator:branches:devel:languages:python

Update to 20.2.3

With the increased use of %pyproject_wheel we need an up to date pip

Needs new package python-csv23 for testing

OBS-URL: https://build.opensuse.org/request/show/841036
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pip?expand=0&rev=82

20.0.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:00bdc118df4552f654a5ccf0bd3ff1a7d101ee7d7ac899fe9a752363b3f2f070
-size 6445047

_service

@@ -1,15 +0,0 @@
-<services>
-  <service name="tar_scm" mode="disabled">
-    <param name="url">https://github.com/pypa/pip</param>
-    <param name="scm">git</param>
-    <param name="exclude">.git*</param>
-    <param name="changesgenerate">enable</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="revision">082bc0411e9d17b3c80efed9237c61d7446515f5</param>
-  </service>
-  <service name="recompress" mode="disabled">
-    <param name="compression">xz</param>
-    <param name="file">*.tar</param>
-  </service>
-  <service name="set_version" mode="disabled"/>
-</services>

_servicedata

@@ -1,4 +0,0 @@
-<servicedata>
-<service name="tar_scm">
-                <param name="url">https://github.com/pypa/pip</param>
-              <param name="changesrevision">082bc0411e9d17b3c80efed9237c61d7446515f5</param></service></servicedata>

pip-20.2.3-gh.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57125defc81049b227fd81679664221d2d9b2bc5d3b855660a93bf87ecdc3509
+size 8719284

pip-shipped-requests-cabundle.patch

@@ -1,10 +1,69 @@
---- a/src/pip/_vendor/certifi/core.py
-+++ b/src/pip/_vendor/certifi/core.py
-@@ -10,6 +10,4 @@ import os
+Index: pip-20.2.3/src/pip/_vendor/certifi/core.py
+===================================================================
+--- pip-20.2.3.orig/src/pip/_vendor/certifi/core.py
++++ pip-20.2.3/src/pip/_vendor/certifi/core.py
+@@ -5,56 +5,18 @@ certifi.py
+ ~~~~~~~~~~
  
+ This module returns the installation location of cacert.pem or its contents.
+-"""
+-import os
  
- def where():
--    f = os.path.dirname(__file__)
+-try:
+-    from importlib.resources import path as get_path, read_text
++Patched by openSUSE: return the system bundle
++"""
+ 
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
++def read_text(_module=None, _path=None, encoding="ascii"):
++    with open(where(), "r", encoding=encoding) as data:
++        return data.read()
+ 
+-    def where():
+-        # This is slightly terrible, but we want to delay extracting the file
+-        # in cases where we're inside of a zipimport situation until someone
+-        # actually calls where(), but we don't want to re-extract the file
+-        # on every call of where(), so we'll do it once then store it in a
+-        # global variable.
+-        global _CACERT_CTX
+-        global _CACERT_PATH
+-        if _CACERT_PATH is None:
+-            # This is slightly janky, the importlib.resources API wants you to
+-            # manage the cleanup of this file, so it doesn't actually return a
+-            # path, it returns a context manager that will give you the path
+-            # when you enter it and will do any cleanup when you leave it. In
+-            # the common case of not needing a temporary file, it will just
+-            # return the file system location and the __exit__() is a no-op.
+-            #
+-            # We also have to hold onto the actual context manager, because
+-            # it will do the cleanup whenever it gets garbage collected, so
+-            # we will also store that at the global level as well.
+-            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
+-            _CACERT_PATH = str(_CACERT_CTX.__enter__())
 -
--    return os.path.join(f, 'cacert.pem')
-+    return '/etc/ssl/ca-bundle.pem'
+-        return _CACERT_PATH
+-
+-
+-except ImportError:
+-    # This fallback will work for Python versions prior to 3.7 that lack the
+-    # importlib.resources module but relies on the existing `where` function
+-    # so won't address issues with environments like PyOxidizer that don't set
+-    # __file__ on modules.
+-    def read_text(_module, _path, encoding="ascii"):
+-        with open(where(), "r", encoding=encoding) as data:
+-            return data.read()
+-
+-    # If we don't have importlib.resources, then we will just do the old logic
+-    # of assuming we're on the filesystem and munge the path directly.
+-    def where():
+-        f = os.path.dirname(__file__)
+ 
+-        return os.path.join(f, "cacert.pem")
++def where():
++    return "/etc/ssl/ca-bundle.pem"
+ 
+ 
+ def contents():
+-    return read_text("certifi", "cacert.pem", encoding="ascii")
++    return read_text(encoding="ascii")

python-pip.changes

@@ -1,3 +1,255 @@
+-------------------------------------------------------------------
+Sun Oct 11 13:08:15 UTC 2020 - Benjamin Greiner <code@bnavigator.de>
+
+- Update to 20.2.3
+  Deprecations and Removals
+  * Deprecate support for Python 3.5 (#8181)
+  Features
+  * Make the setup.py install deprecation warning less 
+    noisy. We warn only when setup.py install succeeded and 
+    setup.py bdist_wheel failed, as situations where both 
+    fails are most probably irrelevant to this deprecation. 
+    (#8752)
+- 20.2.2 
+  Bug Fixes
+  * Only attempt to use the keyring once and if it fails, don’t try 
+    again. This prevents spamming users with several keyring unlock 
+    prompts when they cannot unlock or don’t want to do so. (#8090)
+  * Fix regression that distributions in system site-packages are 
+    not correctly found when a virtual environment is configured 
+    with system-site-packages on. (#8695)
+  * Disable caching for range requests, which causes corrupted 
+    wheels when pip tries to obtain metadata using the feature 
+    fast-deps. (#8701, #8716)
+  * Always use UTF-8 to read pyvenv.cfg to match the built-in venv.    
+    (#8717)
+  * 2020 Resolver: Correctly handle marker evaluation in 
+    constraints and exclude them if their markers do not match the 
+    current environment. (#8724)
+- 20.2.1
+  Features
+  * Ignore require-virtualenv in pip list (#8603)
+  Bug Fixes
+  * Correctly find already-installed distributions with dot (.) in 
+    the name and uninstall them when needed. (#8645)
+  * Trace a better error message on installation failure due to 
+    invalid .data files in wheels. (#8654)
+  * Fix SVN version detection for alternative SVN distributions. 
+    (#8665)
+  * New resolver: Correctly include the base package when specified 
+    with extras in --no-deps mode. (#8677)
+  * Use UTF-8 to handle ZIP archive entries on Python 2 according 
+    to PEP 427, so non-ASCII paths can be resolved as expected. 
+    (#8684)
+  Improved Documentation
+  * Add details on old resolver deprecation and removal to
+    migration documentation. (#8371)
+  * Fix feature flag name in docs. (#8660)
+- 20.2 (2020-07-29)
+  Deprecations and Removals
+  * Deprecate setup.py-based builds that do not generate an .egg-
+    info directory. (#6998, #8617)
+  * Disallow passing install-location-related arguments in --
+    install-options. (#7309)
+  * Add deprecation warning for invalid requirements format 
+    “base>=1.0[extra]” (#8288)
+  * Deprecate legacy setup.py install when building a wheel failed 
+    for source distributions without pyproject.toml (#8368)
+  * Deprecate -b/--build/--build-dir/--build-directory. Its current 
+    behaviour is confusing and breaks in case different versions of 
+    the same distribution need to be built during the resolution 
+    process. Using the TMPDIR/TEMP/TMP environment variable, 
+    possibly combined with --no-clean covers known use cases. 
+    (#8372)
+  * Remove undocumented and deprecated option --always-unzip 
+    (#8408)
+  Features
+  * Log debugging information about pip, in pip install --verbose. 
+    (#3166)
+  * Refine error messages to avoid showing Python tracebacks when 
+    an HTTP error occurs. (#5380)
+  * Install wheel files directly instead of extracting them to a 
+    temp directory. (#6030)
+  * Add a beta version of pip’s next-generation dependency 
+    resolver.
+  * Move pip’s new resolver into beta, remove the --unstable-
+    feature=resolver flag, and enable the --use-feature=2020-
+    resolver flag. The new resolver is significantly stricter and 
+    more consistent when it receives incompatible instructions, and 
+    reduces support for certain kinds of Constraints Files, so some 
+    workarounds and workflows may break. More details about how to 
+    test and migrate, and how to report issues, at Changes to the 
+    pip dependency resolver in 20.2 (2020) . Maintainers are 
+    preparing to release pip 20.3, with the new resolver on by 
+    default, in October. (#6536)
+  * Introduce a new ResolutionImpossible error, raised when pip 
+    encounters un-satisfiable dependency conflicts (#8546, #8377)
+  * Add a subcommand debug to pip config to list available 
+    configuration sources and the key-value pairs defined in them. 
+    (#6741)
+  * Warn if index pages have unexpected content-type (#6754)
+  * Allow specifying --prefer-binary option in a requirements file (#7693)
+  * Generate PEP 376 REQUESTED metadata for user supplied 
+    requirements installed by pip. (#7811)
+  * Warn if package url is a vcs or an archive url with invalid 
+    scheme (#8128)
+  * Parallelize network operations in pip list. (#8504)
+  * Allow the new resolver to obtain dependency information through 
+    wheels lazily downloaded using HTTP range requests. To enable 
+    this feature, invoke pip with --use-feature=fast-deps. (#8588)
+  * Support --use-feature in requirements files (#8601)
+  * Bug Fixes
+  * Use canonical package names while looking up already installed 
+    packages. (#5021)
+  * Fix normalizing path on Windows when installing package on 
+    another logical disk. (#7625)
+  * The VCS commands run by pip as subprocesses don’t merge stdout 
+    and stderr anymore, improving the output parsing by subsequent 
+    commands. (#7968)
+  * Correctly treat non-ASCII entry point declarations in wheels so 
+    they can be installed on Windows. (#8342)
+  * Update author email in config and tests to reflect 
+    decommissioning of pypa-dev list. (#8454)
+  * Headers provided by wheels in .data directories are now 
+    correctly installed into the user-provided locations, such as 
+    --prefix, instead of the virtual environment pip is running in. 
+    (#8521)
+  Vendored Libraries
+  * Vendored htmlib5 no longer imports deprecated 
+    xml.etree.cElementTree on Python 3.
+  * Upgrade appdirs to 1.4.4
+  * Upgrade certifi to 2020.6.20
+  * Upgrade distlib to 0.3.1
+  * Upgrade html5lib to 1.1
+  * Upgrade idna to 2.10
+  * Upgrade packaging to 20.4
+  * Upgrade requests to 2.24.0
+  * Upgrade six to 1.15.0
+  * Upgrade toml to 0.10.1
+  * Upgrade urllib3 to 1.25.9
+  Improved Documentation
+  * Add --no-input option to pip docs (#7688)
+  * List of options supported in requirements file are extracted 
+    from source of truth, instead of being maintained manually. 
+    (#7908)
+  * Fix pip config docstring so that the subcommands render 
+    correctly in the docs (#8072)
+  * replace links to the old pypa-dev mailing list with https://
+    mail.python.org/mailman3/lists/distutils-sig.python.org/ 
+    (#8353)
+  * Fix example for defining multiple values for options which 
+    support them (#8373)
+  * Add documentation for the ResolutionImpossible error that helps 
+    the user fix dependency conflicts (#8459)
+  * Add feature flags to docs (#8512)
+  * Document how to install package extras from git branch and 
+    source distributions. (#8576)
+- 20.2b1
+  Bug Fixes
+  * Correctly treat wheels containing non-ASCII file contents so 
+    they can be installed on Windows. (#5712)
+  * Prompt the user for password if the keyring backend doesn’t 
+    return one (#7998)
+  Improved Documentation
+  * Add GitHub issue template for reporting when the dependency 
+    resolver fails (#8207)
+- 20.1.1
+  Deprecations and Removals
+  * Revert building of local directories in place, restoring the 
+    pre-20.1 behaviour of copying to a temporary directory. (#7555)
+  * Drop parallelization from pip list --outdated. (#8167)
+  Bug Fixes
+  * Fix metadata permission issues when umask has the executable 
+    bit set. (#8164)
+  * Avoid unnecessary message about the wheel package not being 
+    installed when a wheel would not have been built. Additionally, 
+    clarify the message. (#8178)
+- 20.1
+  Process
+  * Document that pip 21.0 will drop support for Python 2.7.
+  Features
+  * Add pip cache dir to show the cache directory. (#7350)
+  Bug Fixes
+  * Abort pip cache commands early when cache is disabled. (#8124)
+  * Correctly set permissions on metadata files during wheel 
+    installation, to permit non-privileged users to read from 
+    system site-packages. (#8139)
+- 20.1b1
+  Deprecations and Removals
+  * Remove emails from AUTHORS.txt to prevent usage for spamming, 
+    and only populate names in AUTHORS.txt at time of release 
+    (#5979)
+  * Remove deprecated --skip-requirements-regex option. (#7297)
+  * Building of local directories is now done in place, instead of 
+    a temporary location containing a copy of the directory tree. 
+    (#7555)
+  * Remove unused tests/scripts/test_all_pip.py test script and the 
+    tests/scripts folder. (#7680)
+  Features
+  * pip now implements PEP 610, so pip freeze has better fidelity   
+    in presence of distributions installed from Direct URL 
+    requirements. (#609)
+  * Add pip cache command for inspecting/managing pip’s wheel 
+    cache. (#6391)
+  * Raise error if --user and --target are used together in pip 
+    install (#7249)
+  * Significantly improve performance when --find-links points to a 
+    very large HTML page. (#7729)
+  * Indicate when wheel building is skipped, due to lack of the 
+    wheel package. (#7768)
+  * Change default behaviour to always cache responses from 
+    trusted-host source. (#7847)
+  * An alpha version of a new resolver is available via --unstable-
+    feature=resolver. (#988)
+  Bug Fixes
+  * Correctly freeze a VCS editable package when it is nested 
+    inside another VCS repository. (#3988)
+  * Correctly handle %2F in URL parameters to avoid accidentally 
+    unescape them into /. (#6446)
+  * Reject VCS URLs with an empty revision. (#7402)
+  * Warn when an invalid URL is passed with --index-url (#7430)
+  * Use better mechanism for handling temporary files, when 
+    recording metadata about installed files (RECORD) and the 
+    installer (INSTALLER). (#7699)
+  * Correctly detect global site-packages availability of virtual 
+    environments created by PyPA’s virtualenv>=20.0. (#7718)
+  * Remove current directory from sys.path when invoked as 
+    python -m pip <command> (#7731)
+  * Stop failing uninstallation, when trying to remove non-
+    existent files. (#7856)
+  * Prevent an infinite recursion with pip wheel when $TMPDIR is 
+    within the source directory. (#7872)
+  * Significantly speedup pip list --outdated by parallelizing 
+    index interaction. (#7962)
+  * Improve Windows compatibility when detecting writability in 
+    folder. (#8013)
+  Vendored Libraries
+  * Update semi-supported debundling script to reflect that   
+    appdirs is vendored.
+  * Add ResolveLib as a vendored dependency.
+  * Upgrade certifi to 2020.04.05.1
+  * Upgrade contextlib2 to 0.6.0.post1
+  * Upgrade distro to 1.5.0.
+  * Upgrade idna to 2.9.
+  * Upgrade msgpack to 1.0.0.
+  * Upgrade packaging to 20.3.
+  * Upgrade pep517 to 0.8.2.
+  * Upgrade pyparsing to 2.4.7.
+  * Remove pytoml as a vendored dependency.
+  * Upgrade requests to 2.23.0.
+  * Add toml as a vendored dependency.
+  * Upgrade urllib3 to 1.25.8.
+  Improved Documentation
+  * Emphasize that VCS URLs using git, git+git and git+http are 
+    insecure due to lack of authentication and encryption (#1983)
+  * Clarify the usage of --no-binary command. (#3191)
+  * Clarify the usage of freeze command in the example of Using pip in your program (#7008)
+  * Add a “Copyright” page. (#7767)
+  * Added example of defining multiple values for options which 
+    support them (#7803)
+- Test on test flavor without installing package 
+- Update pip-shipped-requests-cabundle.patch for newer certifi
+
 -------------------------------------------------------------------
 Thu Mar 19 09:42:10 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
 

python-pip.spec

@@ -26,15 +26,19 @@
 %bcond_with test
 %endif
 Name:           python-pip%{psuffix}
-Version:        20.0.2
+Version:        20.2.3
 Release:        0
 Summary:        A Python package management system
 License:        MIT
 URL:            http://www.pip-installer.org
-Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz
-Source1:        setuptools-45.1.0-py3-none-any.whl
+# The PyPI archive lacks the tests
+Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
+# Wheel used for testing, no need to update regularly beyond the minimum version specified in 
+# tools/requirements/tests-common_wheels.txt
+Source1:        https://files.pythonhosted.org/packages/py3/s/setuptools/setuptools-45.1.0-py3-none-any.whl
+# PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package
 Patch0:         pip-shipped-requests-cabundle.patch
-BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module setuptools >= 40.8.0}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       ca-certificates
@@ -50,14 +54,15 @@ BuildArch:      noarch
 BuildRequires:  %{python_module PyYAML}
 BuildRequires:  %{python_module Werkzeug}
 BuildRequires:  %{python_module cryptography}
+BuildRequires:  %{python_module csv23}
 BuildRequires:  %{python_module docutils}
 BuildRequires:  %{python_module freezegun}
 BuildRequires:  %{python_module mock}
-BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pytest}
-BuildRequires:  %{python_module scripttest >= 1.3}
+BuildRequires:  %{python_module scripttest}
 BuildRequires:  %{python_module virtualenv >= 1.10}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  ca-certificates
 BuildRequires:  git
 BuildRequires:  subversion
@@ -71,7 +76,11 @@ pip-installable as well.
 
 %prep
 %setup -q -n pip-%{version}
+# Unbundling is not advised by upstream. See src/pip/_vendor/README.rst
+# Exception: Use our own cabundle. Adapted patch from python-certifi package
 %patch0 -p1
+rm src/pip/_vendor/certifi/cacert.pem
+
 %if %{with test}
 mkdir -p tests/data/common_wheels
 cp %{SOURCE1} tests/data/common_wheels/
@@ -80,13 +89,12 @@ cp %{SOURCE1} tests/data/common_wheels/
 for f in $(find src -name \*.py -exec grep -l '^#!%{_bindir}/env' {} \;); do
     sed -i 's|^#!%{_bindir}/env .*$||g' $f
 done
-rm src/pip/_vendor/certifi/cacert.pem
 
 %build
 %python_build
 
-%install
 %if ! %{with test}
+%install
 %python_install
 %prepare_alternative pip
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
@@ -94,8 +102,19 @@ rm src/pip/_vendor/certifi/cacert.pem
 
 %if %{with test}
 %check
-export PYTHONPATH=build/lib
-%pytest -k 'not network and not (test_build_env_allow_only_one_install or test_build_env_requirements_check or test_build_env_overlay_prefix_has_priority or test_build_env_isolation or test_should_cache_git_sha)' tests/unit
+export PYTHONPATH=$(pwd)/build/lib
+# no network on OBS
+donttest="test_network or test_remote_reqs_parse"
+# incompatible virtualenv version
+donttest+=" or test_build_env_allow_only_one_install"
+donttest+=" or test_build_env_isolation"
+donttest+=" or test_build_env_requirements_check"
+donttest+=" or test_build_env_overlay_prefix_has_priority"
+donttest+=" or test_should_cache_git_sha"
+# incompatible virtualenv version and no coverage wheel in common_wheels
+donttest+=" or test_from_link_vcs_with_source_dir_obtains_commit_id"
+donttest+=" or test_from_link_vcs_without_source_dir"
+%pytest -k "not ($donttest)" tests/unit
 %endif
 
 %pre