- Update to 22.3.1: (bsc#1205478)

* Deprecations and Removals
    + Deprecate installation with setup.py install when no-binary is enabled
      for source distributions without pyproject.toml. (#11452)
    + Deprecate installation with setup.py install when the wheel package is
      absent for source distributions without pyproject.toml. (#8559)
    + Drop --use-deprecated=out-of-tree-build. (#11001)
  * Features
    + Use the data-dist-info-metadata attribute from PEP 658 to resolve
      distribution metadata without downloading the dist yet. (#11111)
    + Add --dry-run option to pip install, to let it print what it would
     install but not actually make changes in the target environment. (#11096)
    + Add pip inspect command to obtain the list of installed distributions
     and other information about the Python environment, in JSON. (#11245)
    + Add option to install and uninstall commands to opt-out from
      running-as-root warning. (#10556)
    + Add a user interface for supplying config settings to build backends.
      (#11059)
    + Explains why specified version cannot be retrieved when Requires-Python
      is not satisfied. (#9615)
    + Validate build dependencies when using --no-build-isolation. (#9794)
  * Bug Fixes
    + Fix entry point generation of pip.X, pipX.Y, and easy_install-X.Y to
      correctly account for multi-digit Python version segments. (#11547)
    + Fix --no-index when --index-url or --extra-index-url is specified
      inside a requirements file. (#11276)
    + Ignore distributions with invalid Name in metadata instead of crashing,
      when using the importlib.metadata backend. (#11352)
    + Raise RequirementsFileParseError when parsing malformed requirements
      options that can’t be sucessfully parsed by shlex. (#11491)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pip?expand=0&rev=101

distutils-reproducible-compile.patch

@@ -2,9 +2,11 @@
  src/pip/_vendor/distlib/wheel.py |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
---- a/src/pip/_vendor/distlib/wheel.py
+Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
-+++ b/src/pip/_vendor/distlib/wheel.py
+===================================================================
-@@ -538,7 +538,7 @@ class Wheel(object):
+--- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
++++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
+@@ -567,7 +567,7 @@ class Wheel(object):
              maker.source_dir = workdir
              maker.target_dir = None
              try:

pip-22.0.4-gh.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a9828528aa21cf87093e9332f94ea65931a51c443216f5d3a8f14451ef4f2bbf
-size 9325766

pip-shipped-requests-cabundle.patch

@@ -3,41 +3,32 @@
  tests/unit/test_options.py      |    5 ++
  2 files changed, 13 insertions(+), 62 deletions(-)
 
---- a/src/pip/_vendor/certifi/core.py
+Index: pip-22.3.1/src/pip/_vendor/certifi/core.py
-+++ b/src/pip/_vendor/certifi/core.py
+===================================================================
-@@ -5,72 +5,18 @@ certifi.py
+--- pip-22.3.1.orig/src/pip/_vendor/certifi/core.py
++++ pip-22.3.1/src/pip/_vendor/certifi/core.py
+@@ -3,106 +3,17 @@ certifi.py
  ~~~~~~~~~~
  
  This module returns the installation location of cacert.pem or its contents.
--"""
--import os
--
- 
--class _PipPatchedCertificate(Exception):
--    pass
 +Patched by openSUSE: return the system bundle
-+"""
+ """
+-import sys
  
 +def read_text(_module=None, _path=None, encoding="ascii"):
 +    with open(where(), "r", encoding=encoding) as data:
 +        return data.read()
  
--try:
+-if sys.version_info >= (3, 11):
--    # Return a certificate file on disk for a standalone pip zipapp running in
+ 
--    # an isolated build environment to use. Passing --cert to the standalone
+-    from importlib.resources import as_file, files
--    # pip does not work since requests calls where() unconditionally on import.
++def where() -> str:
--    _PIP_STANDALONE_CERT = os.environ.get("_PIP_STANDALONE_CERT")
++    return "/etc/ssl/ca-bundle.pem"
--    if _PIP_STANDALONE_CERT:
+ 
--        def where():
--            return _PIP_STANDALONE_CERT
--        raise _PipPatchedCertificate()
--
--    from importlib.resources import path as get_path, read_text
--
 -    _CACERT_CTX = None
 -    _CACERT_PATH = None
 -
--    def where():
+-    def where() -> str:
 -        # This is slightly terrible, but we want to delay extracting the file
 -        # in cases where we're inside of a zipimport situation until someone
 -        # actually calls where(), but we don't want to re-extract the file
@@ -56,38 +47,85 @@
 -            # We also have to hold onto the actual context manager, because
 -            # it will do the cleanup whenever it gets garbage collected, so
 -            # we will also store that at the global level as well.
+-            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
+-            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-
+-        return _CACERT_PATH
+-
+-    def contents() -> str:
+-        return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
+-
+-elif sys.version_info >= (3, 7):
+-
+-    from importlib.resources import path as get_path, read_text
+-
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
+-
+-    def where() -> str:
+-        # This is slightly terrible, but we want to delay extracting the
+-        # file in cases where we're inside of a zipimport situation until
+-        # someone actually calls where(), but we don't want to re-extract
+-        # the file on every call of where(), so we'll do it once then store
+-        # it in a global variable.
+-        global _CACERT_CTX
+-        global _CACERT_PATH
+-        if _CACERT_PATH is None:
+-            # This is slightly janky, the importlib.resources API wants you
+-            # to manage the cleanup of this file, so it doesn't actually
+-            # return a path, it returns a context manager that will give
+-            # you the path when you enter it and will do any cleanup when
+-            # you leave it. In the common case of not needing a temporary
+-            # file, it will just return the file system location and the
+-            # __exit__() is a no-op.
+-            #
+-            # We also have to hold onto the actual context manager, because
+-            # it will do the cleanup whenever it gets garbage collected, so
+-            # we will also store that at the global level as well.
 -            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
 -
 -        return _CACERT_PATH
 -
--except _PipPatchedCertificate:
+-    def contents() -> str:
--    pass
+-        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+-
+-else:
+-    import os
+-    import types
+-    from typing import Union
+-
+-    Package = Union[types.ModuleType, str]
+-    Resource = Union[str, "os.PathLike"]
 -
--except ImportError:
 -    # This fallback will work for Python versions prior to 3.7 that lack the
 -    # importlib.resources module but relies on the existing `where` function
 -    # so won't address issues with environments like PyOxidizer that don't set
 -    # __file__ on modules.
--    def read_text(_module, _path, encoding="ascii"):
+-    def read_text(
--        with open(where(), "r", encoding=encoding) as data:
+-        package: Package,
+-        resource: Resource,
+-        encoding: str = 'utf-8',
+-        errors: str = 'strict'
+-    ) -> str:
+-        with open(where(), encoding=encoding) as data:
 -            return data.read()
 -
 -    # If we don't have importlib.resources, then we will just do the old logic
 -    # of assuming we're on the filesystem and munge the path directly.
--    def where():
+-    def where() -> str:
 -        f = os.path.dirname(__file__)
  
 -        return os.path.join(f, "cacert.pem")
-+def where():
+-
-+    return "/etc/ssl/ca-bundle.pem"
+-    def contents() -> str:
- 
+-        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
- 
++def contents() -> str:
- def contents():
--    return read_text("certifi", "cacert.pem", encoding="ascii")
 +    return read_text(encoding="ascii")
---- a/tests/unit/test_options.py
+Index: pip-22.3.1/tests/unit/test_options.py
-+++ b/tests/unit/test_options.py
+===================================================================
+--- pip-22.3.1.orig/tests/unit/test_options.py
++++ pip-22.3.1/tests/unit/test_options.py
 @@ -1,4 +1,5 @@
  import os
 +import os.path
@@ -100,9 +138,9 @@
  from pip._internal.exceptions import PipError
 +from pip._vendor.certifi import where
  from tests.lib.options_helpers import AddFakeCommandMixin
- from tests.lib.path import Path
  
-@@ -620,6 +622,9 @@ class TestOptionsConfigFiles:
+ 
+@@ -619,6 +621,9 @@ class TestOptionsConfigFiles:
          else:
              assert expect == cmd._determine_file(options, need_value=False)
  

python-pip.changes

@@ -1,3 +1,53 @@
+-------------------------------------------------------------------
+Thu Dec  8 04:10:03 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 22.3.1: (bsc#1205478)
+  * Deprecations and Removals
+    + Deprecate installation with setup.py install when no-binary is enabled
+      for source distributions without pyproject.toml. (#11452)
+    + Deprecate installation with setup.py install when the wheel package is
+      absent for source distributions without pyproject.toml. (#8559)
+    + Drop --use-deprecated=out-of-tree-build. (#11001)
+  * Features
+    + Use the data-dist-info-metadata attribute from PEP 658 to resolve
+      distribution metadata without downloading the dist yet. (#11111)
+    + Add --dry-run option to pip install, to let it print what it would
+     install but not actually make changes in the target environment. (#11096)
+    + Add pip inspect command to obtain the list of installed distributions
+     and other information about the Python environment, in JSON. (#11245)
+    + Add option to install and uninstall commands to opt-out from
+      running-as-root warning. (#10556)
+    + Add a user interface for supplying config settings to build backends.
+      (#11059)
+    + Explains why specified version cannot be retrieved when Requires-Python
+      is not satisfied. (#9615)
+    + Validate build dependencies when using --no-build-isolation. (#9794)
+  * Bug Fixes
+    + Fix entry point generation of pip.X, pipX.Y, and easy_install-X.Y to
+      correctly account for multi-digit Python version segments. (#11547)
+    + Fix --no-index when --index-url or --extra-index-url is specified
+      inside a requirements file. (#11276)
+    + Ignore distributions with invalid Name in metadata instead of crashing,
+      when using the importlib.metadata backend. (#11352)
+    + Raise RequirementsFileParseError when parsing malformed requirements
+      options that can’t be sucessfully parsed by shlex. (#11491)
+    + Show pip deprecation warnings by default. (#11330)
+    + Send the pip upgrade prompt to stderr. (#11282)
+    + Ensure that things work correctly in environments where
+      setuptools-injected distutils is available by default. (#11298)
+    + pip config now normalizes names by converting underscores into
+      dashes. (#9330)
+    + Fallback to pyproject.toml-based builds if setup.py is present in a
+      project, but setuptools cannot be imported. (#10717)
+    + When checking for conflicts in the build environment, correctly skip
+      requirements containing markers that do not match the current
+      environment. (#10883)
+    + Fix pip install issues using a proxy due to an inconsistency in how
+      Requests is currently handling variable precedence in session. (#9691)
+- Refresh all patches.
+- Stop skipping a lot of tests, no longer required.
+- Add installer to BuildRequires for the test flavor.
+
 -------------------------------------------------------------------
 Wed Aug 10 10:33:35 UTC 2022 - Dirk Müller <dmueller@suse.com>
 

python-pip.spec

@@ -41,7 +41,7 @@
 %endif
 %global skip_python2 1
 Name:           python-pip%{psuffix}
-Version:        22.0.4
+Version:        22.3.1
 Release:        0
 Summary:        A Python package management system
 License:        MIT
@@ -78,6 +78,7 @@ BuildRequires:  %{python_module cryptography}
 BuildRequires:  %{python_module csv23}
 BuildRequires:  %{python_module docutils}
 BuildRequires:  %{python_module freezegun}
+BuildRequires:  %{python_module installer}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module scripttest}
@@ -140,18 +141,9 @@ rm -f %{buildroot}%{_bindir}/pip3-2*
 %if %{with test}
 %check
 export PYTHONPATH=$(pwd)/build/lib
-# no network on OBS
+# Looks broken with 22.3.1
-donttest="test_network or test_remote_reqs_parse"
+donttest="test_pip_self_version_check_calls_underlying_implementation"
-# incompatible virtualenv version
+%pytest -m "not network" -k "not ($donttest)" tests/unit
-donttest+=" or test_build_env_allow_only_one_install"
-donttest+=" or test_build_env_isolation"
-donttest+=" or test_build_env_requirements_check"
-donttest+=" or test_build_env_overlay_prefix_has_priority"
-donttest+=" or test_should_cache_git_sha"
-# incompatible virtualenv version and no coverage wheel in common_wheels
-donttest+=" or test_from_link_vcs_with_source_dir_obtains_commit_id"
-donttest+=" or test_from_link_vcs_without_source_dir"
-%pytest -k "not ($donttest)" tests/unit
 %endif
 
 %pre