- update to 24.1.1:

* Actually use system trust stores when the truststore feature is enabled. * Report informative messages about invalid requirements. * Eagerly import the self version check logic to avoid crashes while upgrading or downgrading pip at the same time. * Accommodate for mismatches between different sources of truth for extra names, for packages generated by setuptools. * Accommodate for development versions of CPython ending in + in the version string. * requests provides optional character detection support on some APIs when processing ambiguous bytes. This isn't relevant for pip to function and we're able to remove it due to recent upstream changes. * Drop support for EOL Python 3.7. * Remove support for legacy versions and dependency specifiers. * Packages with non standard-compliant versions or dependency specifiers are now ignored by the resolver. Already installed packages with non standard-compliant versions or dependency specifiers must be uninstalled before upgrading them. * Improve performance of resolution of large dependency trees, with more caching. * Further improve resolution performance of large dependency trees, by caching hash calculations. * Reduce startup time of commands (e.g. show, freeze) that do not access the network by 15-30%. * Reword and improve presentation of uninstallation errors. * Add a 'raw' progress_bar type for simple and parsable download progress reports * pip list no longer performs the pip version check unless OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pip?expand=0&rev=122
2024-06-30 18:46:56 +00:00 · 2024-06-30 18:46:56 +00:00 · 87ecd8d9d6
commit 87ecd8d9d6
9 changed files with 2737 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+<multibuild>
+  <package>test</package>
+</multibuild>
--- a/distutils-reproducible-compile.patch
+++ b/distutils-reproducible-compile.patch
@ -0,0 +1,17 @@
+---
+ src/pip/_vendor/distlib/wheel.py |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: pip-24.1.1/src/pip/_vendor/distlib/wheel.py
+===================================================================
+--- pip-24.1.1.orig/src/pip/_vendor/distlib/wheel.py
+++ pip-24.1.1/src/pip/_vendor/distlib/wheel.py
+@@ -578,7 +578,7 @@ class Wheel(object):
+             maker.source_dir = workdir
+             maker.target_dir = None
+             try:
+-                for zinfo in zf.infolist():
+                for zinfo in sorted(zf.infolist()):
+                     arcname = zinfo.filename
+                     if isinstance(arcname, text_type):
+                         u_arcname = arcname
--- a/pip-24.0-gh.tar.gz
+++ b/pip-24.0-gh.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ad0dfe75fb28092a8cbe18523391695ceb0c0d65a5c9a969349fcb13b12b84c7
+size 9398156
--- a/pip-24.1.1-gh.tar.gz
+++ b/pip-24.1.1-gh.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5fc497cd1651c39af0207b88eab91b6905ca9cecbae11ad99503b317f8b06def
+size 9190972
--- a/pip-shipped-requests-cabundle.patch
+++ b/pip-shipped-requests-cabundle.patch
@ -0,0 +1,158 @@
+---
+ src/pip/_vendor/certifi/core.py |  105 +++-------------------------------------
+ tests/unit/test_options.py      |    5 +
+ 2 files changed, 13 insertions(+), 97 deletions(-)
+
+Index: pip-24.1.1/src/pip/_vendor/certifi/core.py
+===================================================================
+--- pip-24.1.1.orig/src/pip/_vendor/certifi/core.py
+++ pip-24.1.1/src/pip/_vendor/certifi/core.py
+@@ -3,112 +3,15 @@ certifi.py
+ ~~~~~~~~~~
+ 
+ This module returns the installation location of cacert.pem or its contents.
+Patched by openSUSE: return the system bundle
+ """
+-import sys
+-import atexit
+ 
+-def exit_cacert_ctx() -> None:
+-    _CACERT_CTX.__exit__(None, None, None)  # type: ignore[union-attr]
+def read_text(_module=None, _path=None, encoding="ascii"):
+    with open(where(), "r", encoding=encoding) as data:
+        return data.read()
+ 
+def where() -> str:
+    return "/etc/ssl/ca-bundle.pem"
+ 
+-if sys.version_info >= (3, 11):
+-
+-    from importlib.resources import as_file, files
+-
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
+-
+-    def where() -> str:
+-        # This is slightly terrible, but we want to delay extracting the file
+-        # in cases where we're inside of a zipimport situation until someone
+-        # actually calls where(), but we don't want to re-extract the file
+-        # on every call of where(), so we'll do it once then store it in a
+-        # global variable.
+-        global _CACERT_CTX
+-        global _CACERT_PATH
+-        if _CACERT_PATH is None:
+-            # This is slightly janky, the importlib.resources API wants you to
+-            # manage the cleanup of this file, so it doesn't actually return a
+-            # path, it returns a context manager that will give you the path
+-            # when you enter it and will do any cleanup when you leave it. In
+-            # the common case of not needing a temporary file, it will just
+-            # return the file system location and the __exit__() is a no-op.
+-            #
+-            # We also have to hold onto the actual context manager, because
+-            # it will do the cleanup whenever it gets garbage collected, so
+-            # we will also store that at the global level as well.
+-            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
+-            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
+-
+-        return _CACERT_PATH
+-
+-    def contents() -> str:
+-        return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
+-
+-elif sys.version_info >= (3, 7):
+-
+-    from importlib.resources import path as get_path, read_text
+-
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
+-
+-    def where() -> str:
+-        # This is slightly terrible, but we want to delay extracting the
+-        # file in cases where we're inside of a zipimport situation until
+-        # someone actually calls where(), but we don't want to re-extract
+-        # the file on every call of where(), so we'll do it once then store
+-        # it in a global variable.
+-        global _CACERT_CTX
+-        global _CACERT_PATH
+-        if _CACERT_PATH is None:
+-            # This is slightly janky, the importlib.resources API wants you
+-            # to manage the cleanup of this file, so it doesn't actually
+-            # return a path, it returns a context manager that will give
+-            # you the path when you enter it and will do any cleanup when
+-            # you leave it. In the common case of not needing a temporary
+-            # file, it will just return the file system location and the
+-            # __exit__() is a no-op.
+-            #
+-            # We also have to hold onto the actual context manager, because
+-            # it will do the cleanup whenever it gets garbage collected, so
+-            # we will also store that at the global level as well.
+-            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
+-            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
+-
+-        return _CACERT_PATH
+-
+-    def contents() -> str:
+-        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+-
+-else:
+-    import os
+-    import types
+-    from typing import Union
+-
+-    Package = Union[types.ModuleType, str]
+-    Resource = Union[str, "os.PathLike"]
+-
+-    # This fallback will work for Python versions prior to 3.7 that lack the
+-    # importlib.resources module but relies on the existing `where` function
+-    # so won't address issues with environments like PyOxidizer that don't set
+-    # __file__ on modules.
+-    def read_text(
+-        package: Package,
+-        resource: Resource,
+-        encoding: str = 'utf-8',
+-        errors: str = 'strict'
+-    ) -> str:
+-        with open(where(), encoding=encoding) as data:
+-            return data.read()
+-
+-    # If we don't have importlib.resources, then we will just do the old logic
+-    # of assuming we're on the filesystem and munge the path directly.
+-    def where() -> str:
+-        f = os.path.dirname(__file__)
+-
+-        return os.path.join(f, "cacert.pem")
+-
+-    def contents() -> str:
+-        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+def contents() -> str:
+    return read_text(encoding="ascii")
+Index: pip-24.1.1/tests/unit/test_options.py
+===================================================================
+--- pip-24.1.1.orig/tests/unit/test_options.py
+++ pip-24.1.1/tests/unit/test_options.py
+@@ -1,4 +1,5 @@
+ import os
+import os.path
+ from contextlib import contextmanager
+ from optparse import Values
+ from tempfile import NamedTemporaryFile
+@@ -11,6 +12,7 @@ from pip._internal.cli.main import main
+ from pip._internal.commands import create_command
+ from pip._internal.commands.configuration import ConfigurationCommand
+ from pip._internal.exceptions import PipError
+from pip._vendor.certifi import where
+ from tests.lib.options_helpers import AddFakeCommandMixin
+ 
+ 
+@@ -617,6 +619,9 @@ class TestOptionsConfigFiles:
+         else:
+             assert expect == cmd._determine_file(options, need_value=False)
+ 
+    def test_certificates(self):
+        assert os.path.exists(where())
+
+ 
+ class TestOptionsExpandUser(AddFakeCommandMixin):
+     def test_cache_dir(self) -> None:
--- a/python-pip.changes
+++ b/python-pip.changes
--- a/python-pip.spec
+++ b/python-pip.spec
@ -0,0 +1,184 @@
+#
+# spec file for package python-pip
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global flavor @BUILD_FLAVOR@%{nil}
+%if "%{flavor}" == "test"
+%define psuffix -test
+%bcond_without test
+%else
+%define psuffix %{nil}
+%bcond_with test
+%endif
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
+
+# in order to avoid rewriting for subpackage generator
+%define mypython python
+%{?sle15_python_module_pythons}
+Name:           python-pip%{psuffix}
+Version:        24.1.1
+Release:        0
+Summary:        A Python package management system
+License:        MIT
+URL:            https://pip.pypa.io
+# The PyPI archive lacks the tests
+Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
+# PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package
+Patch0:         pip-shipped-requests-cabundle.patch
+# PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
+# To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
+Patch1:         distutils-reproducible-compile.patch
+BuildRequires:  %{python_module base >= 3.7}
+BuildRequires:  %{python_module setuptools >= 40.8.0}
+# The rpm python-wheel build is bootstrap friendly since 0.42
+BuildRequires:  %{python_module wheel}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros >= 20210929
+Requires:       ca-certificates
+Requires:       coreutils
+Recommends:     ca-certificates-mozilla
+BuildArch:      noarch
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+%endif
+%if %{with test}
+# Test requirements:
+BuildRequires:  %{python_module pip = %{version}}
+BuildRequires:  %{python_module PyYAML}
+BuildRequires:  %{python_module Werkzeug}
+BuildRequires:  %{python_module cryptography}
+BuildRequires:  %{python_module freezegun}
+BuildRequires:  %{python_module installer}
+BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest-xdist}
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module scripttest}
+BuildRequires:  %{python_module setuptools-wheel}
+BuildRequires:  %{python_module virtualenv >= 1.10}
+BuildRequires:  ca-certificates-mozilla
+BuildRequires:  git-core
+%endif
+%python_subpackages
+
+%description
+Pip is a replacement for easy_install. It uses mostly the same techniques for
+finding packages, so packages that were made easy_installable should be
+pip-installable as well.
+
+%package wheel
+Summary:        The pip wheel for custom tests and install requirements
+Requires:       %mypython(abi) = %python_version
+
+%description wheel
+This packages provides the pip wheel as separate file for cases where
+the wheel needs to be used directly in test or install setups
+
+%prep
+# Unbundling is not advised by upstream. See src/pip/_vendor/README.rst
+# Exception: Use our own cabundle. Adapted patch from python-certifi package
+%autosetup -p1 -n pip-%{version}
+
+rm src/pip/_vendor/certifi/cacert.pem
+
+%if %{with test}
+mkdir -p tests/data/common_wheels
+%python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
+%endif
+# remove shebangs verbosely (if only sed would offer a verbose mode...)
+for f in $(find src -name \*.py -exec grep -l '^#!%{_bindir}/env' {} \;); do
+    sed -i 's|^#!%{_bindir}/env .*$||g' $f
+done
+
+# Remove windows executable binaries
+# bsc#1212015
+rm -v src/pip/_vendor/distlib/*.exe
+
+%build
+%if !%{with test}
+%{python_expand # bootstrap with built-in pip
+$python -m venv build/env
+build/env/bin/python -m ensurepip
+export PYTHONPATH=build/env/lib/python%{$python_bin_suffix}/site-packages
+%{$python_pyproject_wheel}
+}
+%endif
+
+%install
+%if !%{with test}
+%{python_expand # use pip bootstrapped above
+export PYTHONPATH=build/env/lib/python%{$python_bin_suffix}/site-packages
+%{$python_pyproject_install}
+install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
+%fdupes %{buildroot}%{$python_sitelib}
+}
+
+%{python_expand # Fix shebang path for "pip3.XX" binaries
+sed -i "1s|#\!.*python.*|#\!/usr/bin/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
+}
+
+%python_clone -a %{buildroot}%{_bindir}/pip
+%python_clone -a %{buildroot}%{_bindir}/pip3
+%python_expand %fdupes %{buildroot}%{_bindir}
+%endif
+
+%if %{with test}
+%check
+%pytest -m "not network" tests/unit
+%endif
+
+%pre
+# Since /usr/bin/pip became ghosted to be used with update-alternatives, we have to get rid
+# of the old binary resulting from the non-update-alternatives-ified package:
+[ -h %{_bindir}/pip ] || rm -f %{_bindir}/pip
+[ -h %{_bindir}/pip3 ] || rm -f %{_bindir}/pip3
+# If libalternatives is used: Removing old update-alternatives entries.
+%python_libalternatives_reset_alternative pip
+
+%post
+# keep the alternative groups separate. Users could decide to let pip and pip3 point to
+# different flavors
+%python_install_alternative pip
+%python_install_alternative pip3
+
+%postun
+%python_uninstall_alternative pip
+%python_uninstall_alternative pip3
+
+%if !%{with test}
+%files %{python_files}
+%license LICENSE.txt
+%doc AUTHORS.txt NEWS.rst README.rst
+%python_alternative %{_bindir}/pip
+%python_alternative %{_bindir}/pip3
+%{_bindir}/pip%{python_bin_suffix}
+%{python_sitelib}/pip-%{version}.dist-info
+%{python_sitelib}/pip
+
+%files %{python_files wheel}
+%dir %{python_sitelib}/../wheels
+%{python_sitelib}/../wheels/*
+%endif
+
+%changelog