From 000f490c2d25ee1478c2f33121e8b8185d0b3d21 Mon Sep 17 00:00:00 2001 From: Karolina Surma Date: Tue, 11 May 2021 16:58:03 +0200 Subject: [PATCH] Update to 21.1.1 Changes: - dropped emit-a-warning-when-running-with-root-privileges.patch (fixed in upstream) - rebased dummy-certifi.patch, remove-existing-dist-only-if-path-conflicts.patch, nowarn-pip._internal.main.patch Related: rhbz#1932713 --- dummy-certifi.patch | 33 ++++----- ...ng-when-running-with-root-privileges.patch | 51 ------------- nowarn-pip._internal.main.patch | 32 +++++---- python-pip.rpmlintrc | 4 -- python-pip.spec | 40 ++++------- ...existing-dist-only-if-path-conflicts.patch | 72 ++++++++++--------- sources | 2 +- 7 files changed, 85 insertions(+), 149 deletions(-) delete mode 100644 emit-a-warning-when-running-with-root-privileges.patch diff --git a/dummy-certifi.patch b/dummy-certifi.patch index 992aed4..459eada 100644 --- a/dummy-certifi.patch +++ b/dummy-certifi.patch @@ -1,25 +1,26 @@ -From cf96ff346639d1b9f5efa3fd0976694e04df3f5f Mon Sep 17 00:00:00 2001 -From: Tomas Hrnciar -Date: Sun, 26 Apr 2020 21:38:44 +0200 +From 2c58d7301dd5a47570f782fe2fce7fbb1918f60c Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 10 May 2021 16:38:50 +0200 Subject: [PATCH] Dummy certifi patch +Co-Authored-By: Tomas Hrnciar --- src/pip/_vendor/certifi/core.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py -index 8987449..d174ced 100644 +index b8140cf..f1a0b01 100644 --- a/src/pip/_vendor/certifi/core.py +++ b/src/pip/_vendor/certifi/core.py -@@ -9,6 +9,7 @@ This module returns the installation location of cacert.pem or its contents. - import os - +@@ -14,6 +14,7 @@ class _PipPatchedCertificate(Exception): + + try: + raise ImportError # force fallback - from importlib.resources import path as get_path, read_text - - _CACERT_CTX = None -@@ -51,9 +52,7 @@ except ImportError: + # Return a certificate file on disk for a standalone pip zipapp running in + # an isolated build environment to use. Passing --cert to the standalone + # pip does not work since requests calls where() unconditionally on import. +@@ -67,9 +68,7 @@ except ImportError: # If we don't have importlib.resources, then we will just do the old logic # of assuming we're on the filesystem and munge the path directly. def where(): @@ -27,9 +28,9 @@ index 8987449..d174ced 100644 - - return os.path.join(f, "cacert.pem") + return '/etc/pki/tls/certs/ca-bundle.crt' - - - def contents(): --- -2.25.4 + + + def contents(): +-- +2.30.2 diff --git a/emit-a-warning-when-running-with-root-privileges.patch b/emit-a-warning-when-running-with-root-privileges.patch deleted file mode 100644 index 7c6a390..0000000 --- a/emit-a-warning-when-running-with-root-privileges.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 74bb5d26e232493de43adfa1f4b42b66fd701294 Mon Sep 17 00:00:00 2001 -From: Tomas Hrnciar -Date: Sun, 26 Apr 2020 13:52:24 +0200 -Subject: [PATCH] Downstream only patch - -Emit a warning to the user if pip install is run with root privileges -Issue upstream: https://github.com/pypa/pip/issues/4288 ---- - src/pip/_internal/commands/install.py | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py -index 70bda2e2..1e750ae1 100644 ---- a/src/pip/_internal/commands/install.py -+++ b/src/pip/_internal/commands/install.py -@@ -13,6 +13,8 @@ import operator - import os - import shutil - import site -+import sys -+from os import path - from optparse import SUPPRESS_HELP - - from pip._vendor import pkg_resources -@@ -241,6 +243,23 @@ class InstallCommand(RequirementCommand): - raise CommandError("Can not combine '--user' and '--target'") - - cmdoptions.check_install_build_global(options) -+ -+ def is_venv(): -+ return (hasattr(sys, 'real_prefix') or -+ (hasattr(sys, 'base_prefix') and -+ sys.base_prefix != sys.prefix)) -+ -+ # Check whether we have root privileges and aren't in venv/virtualenv -+ if os.getuid() == 0 and not is_venv() and not options.root_path: -+ command = path.basename(sys.argv[0]) -+ if command == "__main__.py": -+ command = path.basename(sys.executable) + " -m pip" -+ logger.warning( -+ "Running pip install with root privileges is " -+ "generally not a good idea. Try `%s install --user` instead." -+ % command -+ ) -+ - upgrade_strategy = "to-satisfy-only" - if options.upgrade: - upgrade_strategy = options.upgrade_strategy --- -2.23.0 - diff --git a/nowarn-pip._internal.main.patch b/nowarn-pip._internal.main.patch index 7027cf5..23b615b 100644 --- a/nowarn-pip._internal.main.patch +++ b/nowarn-pip._internal.main.patch @@ -1,10 +1,12 @@ -From 7c36cb21910b415e0eb171d0f6c4dbf72382fdaf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= -Date: Tue, 10 Mar 2020 11:03:22 +0100 +From 8519679166122b7482a70f6c10d303520e5f83c9 Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 10 May 2021 16:48:49 +0200 Subject: [PATCH] Don't warn the user about pip._internal.main() entrypoint In Fedora, we use that in ensurepip and users cannot do anything about it, this warning is juts moot. Also, the warning breaks CPython test suite. + +Co-Authored-By: =?UTF-8?q?Miro=20Hron=C4=8Dok?= --- src/pip/_internal/__init__.py | 2 +- src/pip/_internal/utils/entrypoints.py | 19 ++++++++++--------- @@ -12,29 +14,29 @@ this warning is juts moot. Also, the warning breaks CPython test suite. 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/pip/_internal/__init__.py b/src/pip/_internal/__init__.py -index 3aa8a46..0ec017b 100755 +index 41071cd..c7b4e65 100755 --- a/src/pip/_internal/__init__.py +++ b/src/pip/_internal/__init__.py -@@ -15,4 +15,4 @@ def main(args=None): +@@ -12,4 +12,4 @@ def main(args=None): """ from pip._internal.utils.entrypoints import _wrapper - + - return _wrapper(args) + return _wrapper(args, _nowarn=True) diff --git a/src/pip/_internal/utils/entrypoints.py b/src/pip/_internal/utils/entrypoints.py -index befd01c..d6f3632 100644 +index 879bf21..584e8b5 100644 --- a/src/pip/_internal/utils/entrypoints.py +++ b/src/pip/_internal/utils/entrypoints.py -@@ -7,7 +7,7 @@ if MYPY_CHECK_RUNNING: - from typing import List, Optional - - +@@ -4,7 +4,7 @@ from typing import List, Optional + from pip._internal.cli.main import main + + -def _wrapper(args=None): +def _wrapper(args=None, _nowarn=False): # type: (Optional[List[str]]) -> int """Central wrapper for all old entrypoints. - -@@ -20,12 +20,13 @@ def _wrapper(args=None): + +@@ -17,12 +17,13 @@ def _wrapper(args=None): directing them to an appropriate place for help, we now define all of our old entrypoints as wrappers for the current one. """ @@ -67,6 +69,6 @@ index e416315..7f57f67 100644 - assert "old script wrapper" in result2.stderr + if entrypoint[0] != "fake_pip = pip._internal:main": + assert "old script wrapper" in result2.stderr --- -2.24.1 +-- +2.30.2 diff --git a/python-pip.rpmlintrc b/python-pip.rpmlintrc index 39079e3..3a17d79 100644 --- a/python-pip.rpmlintrc +++ b/python-pip.rpmlintrc @@ -1,12 +1,8 @@ # This is just temporary, when upstream merges PRs it can be removed -# https://github.com/pypa/pip/pull/7959 # https://github.com/ActiveState/appdirs/pull/144 # https://github.com/psf/requests/pull/5410 -# https://github.com/chardet/chardet/pull/192 -addFilter(r'(non-executable-script|wrong-script-interpreter) .+/pip/_internal/__init__.py\b') addFilter(r'(non-executable-script|wrong-script-interpreter) .+/pip/_vendor/appdirs.py\b') addFilter(r'(non-executable-script|wrong-script-interpreter) .+/pip/_vendor/requests/certs.py\b') -addFilter(r'(non-executable-script|wrong-script-interpreter) .+/pip/_vendor/chardet/cli/chardetect.py\b') # REQUESTED dist-info file is not meant to have any content # Discussion: https://src.fedoraproject.org/rpms/python-pip/pull-request/69#comment-52525 diff --git a/python-pip.spec b/python-pip.spec index 967f35c..4e8669e 100644 --- a/python-pip.spec +++ b/python-pip.spec @@ -13,7 +13,7 @@ %endif %global srcname pip -%global base_version 21.0.1 +%global base_version 21.1.1 %global upstream_version %{base_version}%{?prerel} %global python_wheelname %{srcname}-%{upstream_version}-py3-none-any.whl %global python_wheeldir %{_datadir}/python-wheels @@ -22,7 +22,7 @@ Name: python-%{srcname} Version: %{base_version}%{?prerel:~%{prerel}} -Release: 6%{?dist} +Release: 1%{?dist} Summary: A tool for installing and managing Python packages # We bundle a lot of libraries with pip, which itself is under MIT license. @@ -33,7 +33,6 @@ Summary: A tool for installing and managing Python packages # chardet: LGPLv2 # colorama: BSD # CacheControl: ASL 2.0 -# contextlib2: Python # distlib: Python # distro: ASL 2.0 # html5lib: MIT @@ -46,9 +45,9 @@ Summary: A tool for installing and managing Python packages # pyparsing: MIT # requests: ASL 2.0 # resolvelib: ISC -# retrying: ASL 2.0 # setuptools: MIT # six: MIT +# tenacity: ASL 2.0 # toml: MIT # urllib3: MIT # webencodings: BSD @@ -68,12 +67,6 @@ BuildRequires: python-setuptools-wheel BuildRequires: python-wheel-wheel %endif -# Downstream only patch -# Emit a warning to the user if pip install is run with root privileges -# Upstream discussion: -# https://discuss.python.org/t/playing-nice-with-external-package-managers/1968/20 -Patch1: emit-a-warning-when-running-with-root-privileges.patch - # Prevent removing of the system packages installed under /usr/lib # when pip install -U is executed. # https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24 @@ -93,17 +86,6 @@ Patch5: nowarn-pip._internal.main.patch # Upstream issue: https://github.com/pypa/packaging/issues/368 Patch6: no-version-warning.patch -# Update vendored urrlib3 to 1.26.4 to fix CVE-2021-28363 -# Security patch backported from pip 21.1 -Patch7: https://github.com/pypa/pip/pull/9760.patch - -# Don't split git references on unicode separators, -# which could be maliciously used to install a different revision on the -# repository. -# Security patch backported from pip 21.1.1 -# Upstream PR: https://github.com/pypa/pip/pull/9827 -Patch8: don-t-split-git-references-on-unicode-separators.patch - # Downstream only patch # Users might have local installations of pip from using # `pip install --user --upgrade pip` on older/newer versions. @@ -144,21 +126,20 @@ Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.6 Provides: bundled(python%{1}dist(certifi)) = 2020.12.5 Provides: bundled(python%{1}dist(chardet)) = 4 Provides: bundled(python%{1}dist(colorama)) = 0.4.4 -Provides: bundled(python%{1}dist(contextlib2)) = 0.6^post1 Provides: bundled(python%{1}dist(distlib)) = 0.3.1 Provides: bundled(python%{1}dist(distro)) = 1.5 Provides: bundled(python%{1}dist(html5lib)) = 1.1 -Provides: bundled(python%{1}dist(idna)) = 2.10 +Provides: bundled(python%{1}dist(idna)) = 3.1 Provides: bundled(python%{1}dist(msgpack)) = 1.0.2 Provides: bundled(python%{1}dist(packaging)) = 20.9 -Provides: bundled(python%{1}dist(pep517)) = 0.9.1 +Provides: bundled(python%{1}dist(pep517)) = 0.10 Provides: bundled(python%{1}dist(progress)) = 1.5 Provides: bundled(python%{1}dist(pyparsing)) = 2.4.7 Provides: bundled(python%{1}dist(requests)) = 2.25.1 -Provides: bundled(python%{1}dist(resolvelib)) = 0.5.4 -Provides: bundled(python%{1}dist(retrying)) = 1.3.3 +Provides: bundled(python%{1}dist(resolvelib)) = 0.7 Provides: bundled(python%{1}dist(setuptools)) = 44 Provides: bundled(python%{1}dist(six)) = 1.15 +Provides: bundled(python%{1}dist(tenacity)) = 7 Provides: bundled(python%{1}dist(toml)) = 0.10.2 Provides: bundled(python%{1}dist(urllib3)) = 1.26.4 Provides: bundled(python%{1}dist(webencodings)) = 0.5.1 @@ -239,6 +220,8 @@ Summary: A documentation for a tool for installing and managing Python pa BuildRequires: python%{python3_pkgversion}-sphinx BuildRequires: python%{python3_pkgversion}-sphinx-inline-tabs +BuildRequires: python%{python3_pkgversion}-sphinx-copybutton +BuildRequires: python%{python3_pkgversion}-myst-parser %description doc A documentation for a tool for installing and managing Python packages @@ -268,7 +251,7 @@ rm src/pip/_vendor/certifi/*.pem sed -i '/html_theme = "furo"/d' docs/html/conf.py # towncrier extension for Sphinx is not yet available in Fedora -sed -i "/'sphinxcontrib.towncrier',/d" docs/html/conf.py +sed -i '/"sphinxcontrib.towncrier",/d' docs/html/conf.py # tests expect wheels in here ln -s %{python_wheeldir} tests/data/common_wheels @@ -410,6 +393,9 @@ pytest_k='not completion and %{python_wheeldir}/%{python_wheelname} %changelog +* Mon Sep 13 2021 Karolina Surma - 21.1.1-1 +- Update to 21.1.1 + * Tue Aug 10 2021 Mohan Boddu - 21.0.1-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/remove-existing-dist-only-if-path-conflicts.patch b/remove-existing-dist-only-if-path-conflicts.patch index 3913557..91985cb 100644 --- a/remove-existing-dist-only-if-path-conflicts.patch +++ b/remove-existing-dist-only-if-path-conflicts.patch @@ -1,6 +1,6 @@ -From f83eacf40f1506418e74d747906b8f108401f91d Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Tue, 26 Jan 2021 09:05:07 +0100 +From d8df1b9010bc69bfdb606cb51aa3a8a5c6ae6d4c Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 10 May 2021 18:16:20 +0200 Subject: [PATCH] Prevent removing of the system packages installed under /usr/lib @@ -11,6 +11,7 @@ Resolves: rhbz#1550368 Co-Authored-By: Michal Cyprian Co-Authored-By: Victor Stinner Co-Authored-By: Petr Viktorin +Co-Authored-By: Lumir Balhar --- src/pip/_internal/req/req_install.py | 3 ++- src/pip/_internal/resolution/legacy/resolver.py | 5 ++++- @@ -19,10 +20,10 @@ Co-Authored-By: Petr Viktorin 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py -index 6d0aa30..0a5f8ed 100644 +index 55c17ac..9f6ba44 100644 --- a/src/pip/_internal/req/req_install.py +++ b/src/pip/_internal/req/req_install.py -@@ -39,6 +39,7 @@ from pip._internal.utils.misc import ( +@@ -43,6 +43,7 @@ from pip._internal.utils.misc import ( ask_path_exists, backup_dir, display_path, @@ -30,7 +31,7 @@ index 6d0aa30..0a5f8ed 100644 dist_in_site_packages, dist_in_usersite, get_distribution, -@@ -445,7 +446,7 @@ class InstallRequirement: +@@ -440,7 +441,7 @@ class InstallRequirement: "lack sys.path precedence to {} in {}".format( existing_dist.project_name, existing_dist.location) ) @@ -40,18 +41,18 @@ index 6d0aa30..0a5f8ed 100644 else: if self.editable: diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py -index 665dba1..a219e63 100644 +index 17de7f0..3dd872d 100644 --- a/src/pip/_internal/resolution/legacy/resolver.py +++ b/src/pip/_internal/resolution/legacy/resolver.py -@@ -34,6 +34,7 @@ from pip._internal.resolution.base import BaseResolver +@@ -42,6 +42,7 @@ from pip._internal.resolution.base import BaseResolver, InstallRequirementProvid from pip._internal.utils.compatibility_tags import get_supported from pip._internal.utils.logging import indent_log from pip._internal.utils.misc import dist_in_usersite, normalize_version_info +from pip._internal.utils.misc import dist_in_install_path from pip._internal.utils.packaging import check_requires_python, get_requires_python - from pip._internal.utils.typing import MYPY_CHECK_RUNNING - -@@ -204,7 +205,9 @@ class Resolver(BaseResolver): + + logger = logging.getLogger(__name__) +@@ -199,7 +200,9 @@ class Resolver(BaseResolver): """ # Don't uninstall the conflict if doing a user install and the # conflict is not a user install. @@ -61,36 +62,37 @@ index 665dba1..a219e63 100644 + and dist_in_install_path(req.satisfied_by)): req.should_reinstall = True req.satisfied_by = None - + diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py -index be0729e..bc2912b 100644 +index 6e3f195..bf07c1b 100644 --- a/src/pip/_internal/resolution/resolvelib/factory.py +++ b/src/pip/_internal/resolution/resolvelib/factory.py -@@ -1,5 +1,6 @@ +@@ -1,6 +1,7 @@ + import contextlib import functools import logging +import sys - - from pip._vendor.packaging.utils import canonicalize_name - -@@ -19,7 +20,9 @@ from pip._internal.utils.misc import ( + from typing import ( + TYPE_CHECKING, + Dict, +@@ -46,7 +47,9 @@ from pip._internal.utils.misc import ( dist_in_site_packages, dist_in_usersite, get_installed_distributions, + dist_location, ) -+from pip._internal.locations import distutils_scheme - from pip._internal.utils.typing import MYPY_CHECK_RUNNING ++from pip._internal.locations import get_scheme from pip._internal.utils.virtualenv import running_under_virtualenv - -@@ -362,6 +365,13 @@ class Factory: + + from .base import Candidate, CandidateVersion, Constraint, Requirement +@@ -479,6 +482,13 @@ class Factory: if dist is None: # Not installed, no uninstallation required. return None - + + # Prevent uninstalling packages from /usr + if dist_location(dist) in ( -+ distutils_scheme('', prefix=sys.base_prefix)['purelib'], -+ distutils_scheme('', prefix=sys.base_prefix)['platlib'], ++ get_scheme('', prefix=sys.base_prefix).purelib, ++ get_scheme('', prefix=sys.base_prefix).platlib, + ): + return None + @@ -98,21 +100,21 @@ index be0729e..bc2912b 100644 # be uninstalled, no matter it's in global or user site, because the # user site installation has precedence over global. diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py -index 6dd94e2..7925518 100644 +index 26037db..11b918d 100644 --- a/src/pip/_internal/utils/misc.py +++ b/src/pip/_internal/utils/misc.py -@@ -27,6 +27,7 @@ from pip._vendor.retrying import retry # type: ignore +@@ -40,6 +40,7 @@ from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed from pip import __version__ from pip._internal.exceptions import CommandError from pip._internal.locations import get_major_minor_version, site_packages, user_site -+from pip._internal.locations import distutils_scheme, get_major_minor_version, site_packages, user_site ++from pip._internal.locations import get_scheme from pip._internal.utils.compat import WINDOWS, stdlib_pkgs - from pip._internal.utils.typing import MYPY_CHECK_RUNNING, cast from pip._internal.utils.virtualenv import ( -@@ -398,6 +399,16 @@ def dist_in_site_packages(dist): + running_under_virtualenv, +@@ -379,6 +380,16 @@ def dist_in_site_packages(dist): return dist_location(dist).startswith(normalize_path(site_packages)) - - + + +def dist_in_install_path(dist): + """ + Return True if given Distribution is installed in @@ -120,12 +122,12 @@ index 6dd94e2..7925518 100644 + """ + norm_path = normalize_path(dist_location(dist)) + return norm_path.startswith(normalize_path( -+ distutils_scheme("")['purelib'].split('python')[0])) ++ get_scheme("").purelib.split('python')[0])) + + def dist_is_editable(dist): # type: (Distribution) -> bool """ --- -2.29.2 +-- +2.30.2 diff --git a/sources b/sources index 13d89e7..9a3e5d8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pip-21.0.1.tar.gz) = 2db5397f4ca3a3f56f5add3f827bf1f0a4296019703438d68498266b9d2559b6baa3132061c5ad4c2a08bec6e76a2768763fdca02d86cf32aadd4640afbf3664 +SHA512 (pip-21.1.1.tar.gz) = 05157ed586597f16948afdad43d98cc095803d2d22b1427ac1028ca2a73a26d65e597446808194343ed36f9eb7cb910ac89e73a6a9a90ee868ec822fdbe641c5