Update to 20.1~b1

Don't install pip wheel via path to prevent PEP 610 treatment, see:
https://discuss.python.org/t/pep-610-usage-guidelines-for-linux-distributions/4012
This commit is contained in:
Tomas Hrnciar 2020-04-26 23:10:08 +02:00 committed by churchyard
parent e858da1425
commit 55406531cf
6 changed files with 90 additions and 216 deletions

View File

@ -1,149 +0,0 @@
From 98aa09cf88d8851bb2be6ad39be1cbca7d181916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Thu, 19 Mar 2020 17:57:53 +0100
Subject: [PATCH 1/2] Prevent infinite recursion with pip wheel with $TMPDIR in
$PWD
During a build of extension module within `pip wheel` the source directory is
recursively copied in a temporary directory.
See https://github.com/pypa/pip/issues/7555
When the temporary directory is inside the source directory
(for example by setting `TMPDIR=$PWD/tmp`) this caused an infinite recursion
that ended in:
[Errno 36] File name too long
We prevent that buy never copying the target to the target in _copy_source_tree.
Fixes https://github.com/pypa/pip/issues/7872
---
news/7872.bugfix | 1 +
src/pip/_internal/operations/prepare.py | 22 +++++++++++++++++-----
tests/data/src/extension/extension.c | 0
tests/data/src/extension/setup.py | 4 ++++
tests/functional/test_wheel.py | 11 +++++++++++
5 files changed, 33 insertions(+), 5 deletions(-)
create mode 100644 news/7872.bugfix
create mode 100644 tests/data/src/extension/extension.c
create mode 100644 tests/data/src/extension/setup.py
diff --git a/news/7872.bugfix b/news/7872.bugfix
new file mode 100644
index 0000000000..3550d573b8
--- /dev/null
+++ b/news/7872.bugfix
@@ -0,0 +1 @@
+Prevent an infinite recursion with ``pip wheel`` when ``$TMPDIR`` is within the source directory.
diff --git a/src/pip/_internal/operations/prepare.py b/src/pip/_internal/operations/prepare.py
index 9f87148c03..1fcbb775ec 100644
--- a/src/pip/_internal/operations/prepare.py
+++ b/src/pip/_internal/operations/prepare.py
@@ -156,13 +156,25 @@ def _copy2_ignoring_special_files(src, dest):
def _copy_source_tree(source, target):
# type: (str, str) -> None
+ target_abspath = os.path.abspath(target)
+ target_basename = os.path.basename(target_abspath)
+ target_dirname = os.path.dirname(target_abspath)
+
def ignore(d, names):
# type: (str, List[str]) -> List[str]
- # Pulling in those directories can potentially be very slow,
- # exclude the following directories if they appear in the top
- # level dir (and only it).
- # See discussion at https://github.com/pypa/pip/pull/6770
- return ['.tox', '.nox'] if d == source else []
+ skipped = [] # type: List[str]
+ if d == source:
+ # Pulling in those directories can potentially be very slow,
+ # exclude the following directories if they appear in the top
+ # level dir (and only it).
+ # See discussion at https://github.com/pypa/pip/pull/6770
+ skipped += ['.tox', '.nox']
+ if os.path.abspath(d) == target_dirname:
+ # Prevent an infinite recursion if the target is in source.
+ # This can happen when TMPDIR is set to ${PWD}/...
+ # and we copy PWD to TMPDIR.
+ skipped += [target_basename]
+ return skipped
kwargs = dict(ignore=ignore, symlinks=True) # type: CopytreeKwargs
diff --git a/tests/data/src/extension/extension.c b/tests/data/src/extension/extension.c
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/data/src/extension/setup.py b/tests/data/src/extension/setup.py
new file mode 100644
index 0000000000..b26302b053
--- /dev/null
+++ b/tests/data/src/extension/setup.py
@@ -0,0 +1,4 @@
+from setuptools import Extension, setup
+
+module = Extension('extension', sources=['extension.c'])
+setup(name='extension', version='0.0.1', ext_modules = [module])
diff --git a/tests/functional/test_wheel.py b/tests/functional/test_wheel.py
index ce79dbee5e..f293233b9d 100644
--- a/tests/functional/test_wheel.py
+++ b/tests/functional/test_wheel.py
@@ -289,6 +289,17 @@ def test_pip_wheel_with_user_set_in_config(script, data, common_wheels):
assert "Successfully built withpyproject" in result.stdout, result.stdout
+def test_pip_wheel_ext_module_with_tmpdir_inside(script, data, common_wheels):
+ tmpdir = data.src / 'extension/tmp'
+ tmpdir.mkdir()
+ script.environ['TMPDIR'] = str(tmpdir)
+ result = script.pip(
+ 'wheel', data.src / 'extension',
+ '--no-index', '-f', common_wheels
+ )
+ assert "Successfully built extension" in result.stdout, result.stdout
+
+
@pytest.mark.network
def test_pep517_wheels_are_not_confused_with_other_files(script, tmpdir, data):
"""Check correct wheels are copied. (#6196)
From eb070d23721c5a0bff59ed5a252291efd3f5a7c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Thu, 19 Mar 2020 23:21:56 +0100
Subject: [PATCH 2/2] Avoid a test dependency on a C compiler, skip the test on
Windows
---
tests/functional/test_wheel.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/functional/test_wheel.py b/tests/functional/test_wheel.py
index f293233b9d..545c50ac9a 100644
--- a/tests/functional/test_wheel.py
+++ b/tests/functional/test_wheel.py
@@ -1,6 +1,7 @@
"""'pip wheel' tests"""
import os
import re
+import sys
from os.path import exists
import pytest
@@ -289,10 +290,17 @@ def test_pip_wheel_with_user_set_in_config(script, data, common_wheels):
assert "Successfully built withpyproject" in result.stdout, result.stdout
+@pytest.mark.skipif(sys.platform.startswith('win'),
+ reason='The empty extension module does not work on Win')
def test_pip_wheel_ext_module_with_tmpdir_inside(script, data, common_wheels):
tmpdir = data.src / 'extension/tmp'
tmpdir.mkdir()
script.environ['TMPDIR'] = str(tmpdir)
+
+ # To avoid a test dependency on a C compiler, we set the env vars to "noop"
+ # The .c source is empty anyway
+ script.environ['CC'] = script.environ['LDSHARED'] = str('true')
+
result = script.pip(
'wheel', data.src / 'extension',
'--no-index', '-f', common_wheels

View File

@ -1,12 +1,27 @@
From 09bf87d33141a5c06a1d410839d162262baa16c4 Mon Sep 17 00:00:00 2001
From: Tomas Hrnciar <thrnciar@redhat.com>
Date: Sun, 26 Apr 2020 21:38:44 +0200
Subject: [PATCH] Dummy certifi patch
---
src/pip/_vendor/certifi/core.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
index 7271acf..9f0dc20 100644
index 56b52a3c..e99043f0 100644
--- a/src/pip/_vendor/certifi/core.py
+++ b/src/pip/_vendor/certifi/core.py
@@ -10,6 +10,4 @@ import os
@@ -21,9 +21,7 @@ except ImportError:
def where():
- f = os.path.dirname(__file__)
-
- return os.path.join(f, 'cacert.pem')
- return os.path.join(f, "cacert.pem")
+ return '/etc/pki/tls/certs/ca-bundle.crt'
def contents():
--
2.23.0

View File

@ -1,6 +1,6 @@
From aab24967a03bda3b0999d80562a6064c27d1e0e0 Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Tue, 12 Nov 2019 17:15:08 +0100
From 74bb5d26e232493de43adfa1f4b42b66fd701294 Mon Sep 17 00:00:00 2001
From: Tomas Hrnciar <thrnciar@redhat.com>
Date: Sun, 26 Apr 2020 13:52:24 +0200
Subject: [PATCH] Downstream only patch
Emit a warning to the user if pip install is run with root privileges
@ -10,7 +10,7 @@ Issue upstream: https://github.com/pypa/pip/issues/4288
1 file changed, 19 insertions(+)
diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py
index 02a187c..8037ffb 100644
index 70bda2e2..1e750ae1 100644
--- a/src/pip/_internal/commands/install.py
+++ b/src/pip/_internal/commands/install.py
@@ -13,6 +13,8 @@ import operator
@ -22,9 +22,9 @@ index 02a187c..8037ffb 100644
from optparse import SUPPRESS_HELP
from pip._vendor import pkg_resources
@@ -242,6 +244,23 @@ class InstallCommand(RequirementCommand):
def run(self, options, args):
# type: (Values, List[Any]) -> int
@@ -241,6 +243,23 @@ class InstallCommand(RequirementCommand):
raise CommandError("Can not combine '--user' and '--target'")
cmdoptions.check_install_build_global(options)
+
+ def is_venv():
@ -47,5 +47,5 @@ index 02a187c..8037ffb 100644
if options.upgrade:
upgrade_strategy = options.upgrade_strategy
--
2.20.1
2.23.0

View File

@ -3,7 +3,10 @@
%bcond_without doc
%global srcname pip
%global python_wheelname %{srcname}-%{version}-py2.py3-none-any.whl
%global base_version 20.1
%global prerel b1
%global upstream_version %{base_version}%{?prerel}
%global python_wheelname %{srcname}-%{upstream_version}-py2.py3-none-any.whl
%global python_wheeldir %{_datadir}/python-wheels
%if %{with doc}
@ -15,8 +18,8 @@
Name: python-%{srcname}
# When updating, update the bundled libraries versions bellow!
# You can use vendor_meta.sh in the dist git repo
Version: 20.0.2
Release: 4%{?dist}
Version: %{base_version}%{?prerel:~%{prerel}}
Release: 1%{?dist}
Summary: A tool for installing and managing Python packages
# We bundle a lot of libraries with pip, which itself is under MIT license.
@ -48,7 +51,7 @@ Summary: A tool for installing and managing Python packages
License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
URL: https://pip.pypa.io/
Source0: https://github.com/pypa/pip/archive/%{version}/%{srcname}-%{version}.tar.gz
Source0: https://github.com/pypa/pip/archive/%{upstream_version}/%{srcname}-%{upstream_version}.tar.gz
BuildArch: noarch
@ -88,11 +91,6 @@ Patch4: dummy-certifi.patch
# this warning is juts moot. Also, the warning breaks CPython test suite.
Patch5: nowarn-pip._internal.main.patch
# Allow setting $TMPDIR to $PWD/... during pip wheel
# This is needed to have proper debugsource packages with pyproject-rpm-macros
# https://bugzilla.redhat.com/show_bug.cgi?id=1806625
Patch6: https://github.com/pypa/pip/pull/7873.patch
# Downstream only patch
# Users might have local installations of pip from using
# `pip install --user --upgrade pip` on older/newer versions.
@ -241,7 +239,7 @@ Requires: ca-certificates
A Python wheel of pip to use with venv.
%prep
%setup -q -n %{srcname}-%{version}
%setup -q -n %{srcname}-%{upstream_version}
%if %{with doc}
pushd docs/html
@ -257,7 +255,6 @@ popd
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
# this goes together with patch4
rm src/pip/_vendor/certifi/*.pem
@ -265,6 +262,11 @@ rm src/pip/_vendor/certifi/*.pem
# tests expect wheels in here
ln -s %{python_wheeldir} tests/data/common_wheels
# Upstream uses a Python 2/3 compatibility library for csv with Python 3 semantics in tests
# We only target Python 3 and csv23 is not (yet) packaged
# As of 20.1b1, this workaround was sufficient to get around the missing dependency
sed -i -e 's/csv23/csv/g' tests/lib/wheel.py
%build
%py3_build_wheel
@ -279,15 +281,18 @@ rm -rf docs/build/html/{.doctrees,.buildinfo}
%install
# The following is similar to %%py3_install_wheel, but we don't have
# /usr/bin/pip yet, so we install using the wheel directly.
# (This is not standard wheel usage, but the pip wheel supports it -- see
# pip/__main__.py)
%{__python3} dist/%{python_wheelname}/pip install \
-I 'dist/%{python_wheelname}' \
--root %{buildroot} \
--no-deps
--no-deps \
--no-cache-dir \
--no-index \
--ignore-installed \
--find-links dist \
'pip==%{upstream_version}'
%if %{with doc}
pushd docs/build/man
@ -306,7 +311,6 @@ for PIP in %{buildroot}%{_bindir}/pip*; do
patch -p1 --no-backup-if-mismatch $PIP < %{SOURCE10}
done
mkdir -p %{buildroot}%{bashcompdir}
PYTHONPATH=%{buildroot}%{python3_sitelib} \
%{buildroot}%{_bindir}/pip completion --bash \
@ -325,7 +329,7 @@ ln -s ./pip-%{python3_version} %{buildroot}%{_bindir}/pip-3
# Make sure the INSTALLER is not pip, otherwise Patch2 won't work
# %%pyproject macros do this for all packages
echo rpm > %{buildroot}%{python3_sitelib}/pip-%{version}.dist-info/INSTALLER
echo rpm > %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/INSTALLER
mkdir -p %{buildroot}%{python_wheeldir}
install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir}
@ -385,6 +389,9 @@ ln -sf %{buildroot}%{_bindir}/pip3 _bin/pip
%{python_wheeldir}/%{python_wheelname}
%changelog
* Mon Apr 27 2020 Tomas Hrnciar <thrnciar@redhat.com> - 20.1~b1-1
- Update to 20.1~b1
* Wed Apr 15 2020 Miro Hrončok <mhroncok@redhat.com> - 20.0.2-4
- Only recommend setuptools, don't require them

View File

@ -1,8 +1,8 @@
From b46ec3663c0535fc40503fe9a78b1b7733281bdf Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Tue, 12 Nov 2019 17:24:20 +0100
Subject: [PATCH] Subject: Prevent removing of the system packages installed
under /usr/lib
From d381c59fdc15949c4dc293bd92bbccb60289a703 Mon Sep 17 00:00:00 2001
From: Tomas Hrnciar <thrnciar@redhat.com>
Date: Sun, 26 Apr 2020 21:19:03 +0200
Subject: [PATCH] Prevent removing of the system packages installed under
/usr/lib
when pip install -U is executed.
@ -11,24 +11,45 @@ Resolves: rhbz#1550368
Co-Authored-By: Michal Cyprian <m.cyprian@gmail.com>
Co-Authored-By: Victor Stinner <vstinner@redhat.com>
---
src/pip/_internal/legacy_resolve.py | 5 ++++-
src/pip/_internal/req/req_install.py | 3 ++-
src/pip/_internal/resolution/legacy/resolver.py | 5 ++++-
src/pip/_internal/utils/misc.py | 11 +++++++++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/pip/_internal/legacy_resolve.py b/src/pip/_internal/legacy_resolve.py
index ca269121..e8d939bf 100644
--- a/src/pip/_internal/legacy_resolve.py
+++ b/src/pip/_internal/legacy_resolve.py
@@ -30,6 +30,7 @@ from pip._internal.exceptions import (
diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
index 3b28209b..d14217e9 100644
--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
@@ -38,6 +38,7 @@ from pip._internal.utils.misc import (
ask_path_exists,
backup_dir,
display_path,
+ dist_in_install_path,
dist_in_site_packages,
dist_in_usersite,
get_installed_version,
@@ -444,7 +445,7 @@ class InstallRequirement(object):
"lack sys.path precedence to {} in {}".format(
existing_dist.project_name, existing_dist.location)
)
- else:
+ elif dist_in_install_path(existing_dist):
self.should_reinstall = True
else:
if self.editable and self.satisfied_by:
diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py
index cdb44d19..52e122c6 100644
--- a/src/pip/_internal/resolution/legacy/resolver.py
+++ b/src/pip/_internal/resolution/legacy/resolver.py
@@ -33,6 +33,7 @@ from pip._internal.resolution.base import BaseResolver
from pip._internal.utils.compatibility_tags import get_supported
from pip._internal.utils.logging import indent_log
from pip._internal.utils.misc import dist_in_usersite, normalize_version_info
+from pip._internal.utils.misc import dist_in_install_path
from pip._internal.utils.packaging import (
check_requires_python,
get_requires_python,
@@ -199,7 +200,9 @@ class Resolver(object):
@@ -203,7 +204,9 @@ class Resolver(BaseResolver):
"""
# Don't uninstall the conflict if doing a user install and the
# conflict is not a user install.
@ -39,29 +60,8 @@ index ca269121..e8d939bf 100644
req.should_reinstall = True
req.satisfied_by = None
diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
index 22ac24b9..8a461b95 100644
--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
@@ -42,6 +42,7 @@ from pip._internal.utils.misc import (
ask_path_exists,
backup_dir,
display_path,
+ dist_in_install_path,
dist_in_site_packages,
dist_in_usersite,
get_installed_version,
@@ -457,7 +458,7 @@ class InstallRequirement(object):
"lack sys.path precedence to %s in %s" %
(existing_dist.project_name, existing_dist.location)
)
- else:
+ elif dist_in_install_path(existing_dist):
self.should_reinstall = True
else:
if self.editable and self.satisfied_by:
diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
index 4a581601..2617ad33 100644
index 09031825..3c064f8f 100644
--- a/src/pip/_internal/utils/misc.py
+++ b/src/pip/_internal/utils/misc.py
@@ -29,6 +29,7 @@ from pip._vendor.six.moves.urllib.parse import unquote as urllib_unquote
@ -72,7 +72,7 @@ index 4a581601..2617ad33 100644
get_major_minor_version,
site_packages,
user_site,
@@ -385,6 +386,16 @@ def dist_in_site_packages(dist):
@@ -400,6 +401,16 @@ def dist_in_site_packages(dist):
return dist_location(dist).startswith(normalize_path(site_packages))
@ -90,5 +90,6 @@ index 4a581601..2617ad33 100644
# type: (Distribution) -> bool
"""
--
2.24.1
2.23.0

View File

@ -1,3 +1,3 @@
SHA512 (pip-20.0.2.tar.gz) = f9965944ca0f319d01db1638ce97cf64772afff1778b3b1271155de73208cfcb3954d89a469c1143c0bf3288a53d4446165a49df994374b16ac6f7ffdae85857
SHA512 (pip-20.1b1.tar.gz) = 61ea2014895500f68fed8168a904ca581d4e0939e8152f439b797b9905f9e2987bb320a3102a0e2357ec7d8fdad9e75bf7079e14e50477304d763496b1719187
SHA512 (d2e63fbfc62af3b7050f619b2f5bb8658985b931.tar.gz) = fc7b11c5cbf6322469ce2eaca2a8d7eb60b17398d316f7465ab5d3d38dabd00ee22a3da7437a28f6312f0115f77f2df0d8bf0abc671e055eef06356c94283409
SHA512 (2018.2.tar.gz) = 4c09c43a70ecb3ca3bc9445b01bf209eb382e41d9c969145696dea38551992ed88fd9b725a1264380f3dbdf8acdaf5ada3ef86b44255cdfbdbe4a01a1630912d