rpms/python-pip
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import python-pip-21.2.3-3.el9

Browse Source
This commit is contained in:
CentOS Sources 2021-12-07 13:54:27 -05:00 committed by Stepan Oksanichenko
parent 796daf5ad0
commit c2d9a5c7ba
10 changed files with 135 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/pip-21.0.1.tar.gz
SOURCES/pip-21.2.3.tar.gz

2
.python-pip.metadata
View File

@ -1 +1 @@
ccdc77442a6d5f943cdce39a94459334370e7b8c SOURCES/pip-21.0.1.tar.gz
c899dfeece28336424046e097bc48783a5d4264b SOURCES/pip-21.2.3.tar.gz

111
SOURCES/9760.patch
View File

@ -1,111 +0,0 @@
From 960c01adce491de00ef7a8d02a32fea31b15a1dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Fri, 2 Apr 2021 02:39:11 +0200
Subject: [PATCH] Update urllib3 to 1.26.4 to fix CVE-2021-28363
---
news/CVE-2021-28363.vendor.rst | 1 +
src/pip/_vendor/urllib3/_version.py | 2 +-
src/pip/_vendor/urllib3/connection.py | 8 ++++++--
src/pip/_vendor/urllib3/exceptions.py | 12 +++++++++++-
src/pip/_vendor/urllib3/util/retry.py | 1 +
src/pip/_vendor/vendor.txt | 2 +-
6 files changed, 21 insertions(+), 5 deletions(-)
create mode 100644 news/CVE-2021-28363.vendor.rst
diff --git a/news/CVE-2021-28363.vendor.rst b/news/CVE-2021-28363.vendor.rst
new file mode 100644
index 00000000000..29700ab7469
--- /dev/null
+++ b/news/CVE-2021-28363.vendor.rst
@@ -0,0 +1 @@
+Update urllib3 to 1.26.4 to fix CVE-2021-28363
diff --git a/src/pip/_vendor/urllib3/_version.py b/src/pip/_vendor/urllib3/_version.py
index 2dba29e3fbe..97c983300b0 100644
--- a/src/pip/_vendor/urllib3/_version.py
+++ b/src/pip/_vendor/urllib3/_version.py
@@ -1,2 +1,2 @@
# This file is protected via CODEOWNERS
-__version__ = "1.26.2"
+__version__ = "1.26.4"
diff --git a/src/pip/_vendor/urllib3/connection.py b/src/pip/_vendor/urllib3/connection.py
index 660d679c361..45580b7e1ea 100644
--- a/src/pip/_vendor/urllib3/connection.py
+++ b/src/pip/_vendor/urllib3/connection.py
@@ -67,7 +67,7 @@ class BrokenPipeError(Exception):
# When it comes time to update this value as a part of regular maintenance
# (ie test_recent_date is failing) update it to ~6 months before the current date.
-RECENT_DATE = datetime.date(2019, 1, 1)
+RECENT_DATE = datetime.date(2020, 7, 1)
_CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]")
@@ -215,7 +215,7 @@ def putrequest(self, method, url, *args, **kwargs):
def putheader(self, header, *values):
""""""
- if SKIP_HEADER not in values:
+ if not any(isinstance(v, str) and v == SKIP_HEADER for v in values):
_HTTPConnection.putheader(self, header, *values)
elif six.ensure_str(header.lower()) not in SKIPPABLE_HEADERS:
raise ValueError(
@@ -490,6 +490,10 @@ def _connect_tls_proxy(self, hostname, conn):
self.ca_cert_dir,
self.ca_cert_data,
)
+ # By default urllib3's SSLContext disables `check_hostname` and uses
+ # a custom check. For proxies we're good with relying on the default
+ # verification.
+ ssl_context.check_hostname = True
# If no cert was provided, use only the default options for server
# certificate validation
diff --git a/src/pip/_vendor/urllib3/exceptions.py b/src/pip/_vendor/urllib3/exceptions.py
index d69958d5dfc..cba6f3f560f 100644
--- a/src/pip/_vendor/urllib3/exceptions.py
+++ b/src/pip/_vendor/urllib3/exceptions.py
@@ -289,7 +289,17 @@ class ProxySchemeUnknown(AssertionError, URLSchemeUnknown):
# TODO(t-8ch): Stop inheriting from AssertionError in v2.0.
def __init__(self, scheme):
- message = "Not supported proxy scheme %s" % scheme
+ # 'localhost' is here because our URL parser parses
+ # localhost:8080 -> scheme=localhost, remove if we fix this.
+ if scheme == "localhost":
+ scheme = None
+ if scheme is None:
+ message = "Proxy URL had no scheme, should start with http:// or https://"
+ else:
+ message = (
+ "Proxy URL had unsupported scheme %s, should use http:// or https://"
+ % scheme
+ )
super(ProxySchemeUnknown, self).__init__(message)
diff --git a/src/pip/_vendor/urllib3/util/retry.py b/src/pip/_vendor/urllib3/util/retry.py
index ee51f922f84..d25a41b42ea 100644
--- a/src/pip/_vendor/urllib3/util/retry.py
+++ b/src/pip/_vendor/urllib3/util/retry.py
@@ -253,6 +253,7 @@ def __init__(
"Using 'method_whitelist' with Retry is deprecated and "
"will be removed in v2.0. Use 'allowed_methods' instead",
DeprecationWarning,
+ stacklevel=2,
)
allowed_methods = method_whitelist
if allowed_methods is _Default:
diff --git a/src/pip/_vendor/vendor.txt b/src/pip/_vendor/vendor.txt
index 51a5508479e..868baba6f01 100644
--- a/src/pip/_vendor/vendor.txt
+++ b/src/pip/_vendor/vendor.txt
@@ -13,7 +13,7 @@ requests==2.25.1
certifi==2020.12.05
chardet==4.0.0
idna==2.10
- urllib3==1.26.2
+ urllib3==1.26.4
resolvelib==0.5.4
retrying==1.3.3
setuptools==44.0.0

33
SOURCES/don-t-split-git-references-on-unicode-separators.patch
View File

@ -1,33 +0,0 @@
From ca24e4bfa60cec8341ccf40000a41bc9592713df Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Mon, 17 May 2021 11:34:30 +0200
Subject: [PATCH] Don't split git references on unicode separators
---
src/pip/_internal/vcs/git.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py
index cc22cd7..308e857 100644
--- a/src/pip/_internal/vcs/git.py
+++ b/src/pip/_internal/vcs/git.py
@@ -147,9 +147,15 @@ class Git(VersionControl):
on_returncode='ignore',
)
refs = {}
- for line in output.strip().splitlines():
+ # NOTE: We do not use splitlines here since that would split on other
+ # unicode separators, which can be maliciously used to install a
+ # different revision.
+ for line in output.strip().split("\n"):
+ line = line.rstrip("\r")
+ if not line:
+ continue
try:
- sha, ref = line.split()
+ sha, ref = line.split(" ", maxsplit=2)
except ValueError:
# Include the offending line to simplify troubleshooting if
# this error ever occurs.
--
2.31.1

33
SOURCES/dummy-certifi.patch
View File

@ -1,25 +1,26 @@
From cf96ff346639d1b9f5efa3fd0976694e04df3f5f Mon Sep 17 00:00:00 2001
From: Tomas Hrnciar <thrnciar@redhat.com>
Date: Sun, 26 Apr 2020 21:38:44 +0200
From 2c58d7301dd5a47570f782fe2fce7fbb1918f60c Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Mon, 10 May 2021 16:38:50 +0200
Subject: [PATCH] Dummy certifi patch
Co-Authored-By: Tomas Hrnciar <thrnciar@redhat.com>
---
src/pip/_vendor/certifi/core.py | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
index 8987449..d174ced 100644
index b8140cf..f1a0b01 100644
--- a/src/pip/_vendor/certifi/core.py
+++ b/src/pip/_vendor/certifi/core.py
@@ -9,6 +9,7 @@ This module returns the installation location of cacert.pem or its contents.
import os
@@ -14,6 +14,7 @@ class _PipPatchedCertificate(Exception):
try:
+ raise ImportError # force fallback
from importlib.resources import path as get_path, read_text
_CACERT_CTX = None
@@ -51,9 +52,7 @@ except ImportError:
# Return a certificate file on disk for a standalone pip zipapp running in
# an isolated build environment to use. Passing --cert to the standalone
# pip does not work since requests calls where() unconditionally on import.
@@ -67,9 +68,7 @@ except ImportError:
# If we don't have importlib.resources, then we will just do the old logic
# of assuming we're on the filesystem and munge the path directly.
def where():
@ -27,9 +28,9 @@ index 8987449..d174ced 100644
-
- return os.path.join(f, "cacert.pem")
+ return '/etc/pki/tls/certs/ca-bundle.crt'
def contents():
--
2.25.4
def contents():
--
2.30.2

51
SOURCES/emit-a-warning-when-running-with-root-privileges.patch
View File

@ -1,51 +0,0 @@
From 74bb5d26e232493de43adfa1f4b42b66fd701294 Mon Sep 17 00:00:00 2001
From: Tomas Hrnciar <thrnciar@redhat.com>
Date: Sun, 26 Apr 2020 13:52:24 +0200
Subject: [PATCH] Downstream only patch
Emit a warning to the user if pip install is run with root privileges
Issue upstream: https://github.com/pypa/pip/issues/4288
---
src/pip/_internal/commands/install.py | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py
index 70bda2e2..1e750ae1 100644
--- a/src/pip/_internal/commands/install.py
+++ b/src/pip/_internal/commands/install.py
@@ -13,6 +13,8 @@ import operator
import os
import shutil
import site
+import sys
+from os import path
from optparse import SUPPRESS_HELP
from pip._vendor import pkg_resources
@@ -241,6 +243,23 @@ class InstallCommand(RequirementCommand):
raise CommandError("Can not combine '--user' and '--target'")
cmdoptions.check_install_build_global(options)
+
+ def is_venv():
+ return (hasattr(sys, 'real_prefix') or
+ (hasattr(sys, 'base_prefix') and
+ sys.base_prefix != sys.prefix))
+
+ # Check whether we have root privileges and aren't in venv/virtualenv
+ if os.getuid() == 0 and not is_venv() and not options.root_path:
+ command = path.basename(sys.argv[0])
+ if command == "__main__.py":
+ command = path.basename(sys.executable) + " -m pip"
+ logger.warning(
+ "Running pip install with root privileges is "
+ "generally not a good idea. Try `%s install --user` instead."
+ % command
+ )
+
upgrade_strategy = "to-satisfy-only"
if options.upgrade:
upgrade_strategy = options.upgrade_strategy
--
2.23.0

13
SOURCES/no-version-warning.patch
View File

@ -1,7 +1,8 @@
diff -rU3 pip-20.3-orig/src/pip/_vendor/packaging/version.py pip-20.3/src/pip/_vendor/packaging/version.py
--- pip-20.3-orig/src/pip/_vendor/packaging/version.py 2020-11-30 12:58:32.000000000 +0100
+++ pip-20.3/src/pip/_vendor/packaging/version.py 2020-12-16 21:25:15.818221608 +0100
@@ -124,11 +124,6 @@
diff --git a/src/pip/_vendor/packaging/version.py b/src/pip/_vendor/packaging/version.py
index de9a09a..154e94d 100644
--- a/src/pip/_vendor/packaging/version.py
+++ b/src/pip/_vendor/packaging/version.py
@@ -108,11 +108,6 @@ class LegacyVersion(_BaseVersion):
self._version = str(version)
self._key = _legacy_cmpkey(self._version)
@ -11,5 +12,5 @@ diff -rU3 pip-20.3-orig/src/pip/_vendor/packaging/version.py pip-20.3/src/pip/_v
- DeprecationWarning,
- )
def __str__(self):
# type: () -> str
def __str__(self) -> str:
return self._version

28
SOURCES/nowarn-pip._internal.main.patch
View File

@ -1,10 +1,12 @@
From 7c36cb21910b415e0eb171d0f6c4dbf72382fdaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Tue, 10 Mar 2020 11:03:22 +0100
From 619782ad2d181fe2933ddf4edc7127fdc13dd0df Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Mon, 10 May 2021 16:48:49 +0200
Subject: [PATCH] Don't warn the user about pip._internal.main() entrypoint
In Fedora, we use that in ensurepip and users cannot do anything about it,
this warning is juts moot. Also, the warning breaks CPython test suite.
Co-Authored-By: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
---
src/pip/_internal/__init__.py | 2 +-
src/pip/_internal/utils/entrypoints.py | 19 ++++++++++---------
@ -12,29 +14,29 @@ this warning is juts moot. Also, the warning breaks CPython test suite.
3 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/src/pip/_internal/__init__.py b/src/pip/_internal/__init__.py
index 3aa8a46..0ec017b 100755
index 6afb5c6..faf25af 100755
--- a/src/pip/_internal/__init__.py
+++ b/src/pip/_internal/__init__.py
@@ -15,4 +15,4 @@ def main(args=None):
@@ -16,4 +16,4 @@ def main(args: (Optional[List[str]]) = None) -> int:
"""
from pip._internal.utils.entrypoints import _wrapper
- return _wrapper(args)
+ return _wrapper(args, _nowarn=True)
diff --git a/src/pip/_internal/utils/entrypoints.py b/src/pip/_internal/utils/entrypoints.py
index befd01c..d6f3632 100644
index 1504a12..07d941b 100644
--- a/src/pip/_internal/utils/entrypoints.py
+++ b/src/pip/_internal/utils/entrypoints.py
@@ -7,7 +7,7 @@ if MYPY_CHECK_RUNNING:
from typing import List, Optional
@@ -4,7 +4,7 @@ from typing import List, Optional
from pip._internal.cli.main import main
-def _wrapper(args=None):
+def _wrapper(args=None, _nowarn=False):
# type: (Optional[List[str]]) -> int
-def _wrapper(args: Optional[List[str]] = None) -> int:
+def _wrapper(args: Optional[List[str]] = None, _nowarn: bool = False) -> int:
"""Central wrapper for all old entrypoints.
@@ -20,12 +20,13 @@ def _wrapper(args=None):
Historically pip has had several entrypoints defined. Because of issues
@@ -16,12 +16,13 @@ def _wrapper(args: Optional[List[str]] = None) -> int:
directing them to an appropriate place for help, we now define all of
our old entrypoints as wrappers for the current one.
"""
@ -68,5 +70,5 @@ index e416315..7f57f67 100644
+ if entrypoint[0] != "fake_pip = pip._internal:main":
+ assert "old script wrapper" in result2.stderr
--
2.24.1
2.32.0

75
SOURCES/remove-existing-dist-only-if-path-conflicts.patch
View File

@ -1,6 +1,6 @@
From f83eacf40f1506418e74d747906b8f108401f91d Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Tue, 26 Jan 2021 09:05:07 +0100
From aca0c9df4ef54f70a3fedb07f4faac463f88a331 Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Mon, 10 May 2021 18:16:20 +0200
Subject: [PATCH] Prevent removing of the system packages installed under
/usr/lib
@ -11,6 +11,8 @@ Resolves: rhbz#1550368
Co-Authored-By: Michal Cyprian <m.cyprian@gmail.com>
Co-Authored-By: Victor Stinner <vstinner@redhat.com>
Co-Authored-By: Petr Viktorin <pviktori@redhat.com>
Co-Authored-By: Lumir Balhar <lbalhar@redhat.com>
Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
---
src/pip/_internal/req/req_install.py | 3 ++-
src/pip/_internal/resolution/legacy/resolver.py | 5 ++++-
@ -19,10 +21,10 @@ Co-Authored-By: Petr Viktorin <pviktori@redhat.com>
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
index 6d0aa30..0a5f8ed 100644
index 4c58cdb..3570e17 100644
--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
@@ -39,6 +39,7 @@ from pip._internal.utils.misc import (
@@ -43,6 +43,7 @@ from pip._internal.utils.misc import (
ask_path_exists,
backup_dir,
display_path,
@ -30,7 +32,7 @@ index 6d0aa30..0a5f8ed 100644
dist_in_site_packages,
dist_in_usersite,
get_distribution,
@@ -445,7 +446,7 @@ class InstallRequirement:
@@ -426,7 +427,7 @@ class InstallRequirement:
"lack sys.path precedence to {} in {}".format(
existing_dist.project_name, existing_dist.location)
)
@ -40,18 +42,18 @@ index 6d0aa30..0a5f8ed 100644
else:
if self.editable:
diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py
index 665dba1..a219e63 100644
index 4df8f7e..dda2292 100644
--- a/src/pip/_internal/resolution/legacy/resolver.py
+++ b/src/pip/_internal/resolution/legacy/resolver.py
@@ -34,6 +34,7 @@ from pip._internal.resolution.base import BaseResolver
@@ -42,6 +42,7 @@ from pip._internal.resolution.base import BaseResolver, InstallRequirementProvid
from pip._internal.utils.compatibility_tags import get_supported
from pip._internal.utils.logging import indent_log
from pip._internal.utils.misc import dist_in_usersite, normalize_version_info
+from pip._internal.utils.misc import dist_in_install_path
from pip._internal.utils.packaging import check_requires_python, get_requires_python
from pip._internal.utils.typing import MYPY_CHECK_RUNNING
@@ -204,7 +205,9 @@ class Resolver(BaseResolver):
logger = logging.getLogger(__name__)
@@ -194,7 +195,9 @@ class Resolver(BaseResolver):
"""
# Don't uninstall the conflict if doing a user install and the
# conflict is not a user install.
@ -63,34 +65,41 @@ index 665dba1..a219e63 100644
req.satisfied_by = None
diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py
index be0729e..bc2912b 100644
index e7fd344..555e657 100644
--- a/src/pip/_internal/resolution/resolvelib/factory.py
+++ b/src/pip/_internal/resolution/resolvelib/factory.py
@@ -1,5 +1,6 @@
@@ -1,6 +1,7 @@
import contextlib
import functools
import logging
+import sys
from pip._vendor.packaging.utils import canonicalize_name
@@ -19,7 +20,9 @@ from pip._internal.utils.misc import (
dist_in_site_packages,
dist_in_usersite,
get_installed_distributions,
+ dist_location,
from typing import (
TYPE_CHECKING,
Dict,
@@ -34,6 +35,7 @@ from pip._internal.exceptions import (
UnsupportedWheel,
)
+from pip._internal.locations import distutils_scheme
from pip._internal.utils.typing import MYPY_CHECK_RUNNING
from pip._internal.index.package_finder import PackageFinder
+from pip._internal.locations import get_scheme
from pip._internal.metadata import BaseDistribution, get_default_environment
from pip._internal.models.link import Link
from pip._internal.models.wheel import Wheel
@@ -46,6 +48,7 @@ from pip._internal.req.req_install import (
from pip._internal.resolution.base import InstallRequirementProvider
from pip._internal.utils.compatibility_tags import get_supported
from pip._internal.utils.hashes import Hashes
+from pip._internal.utils.misc import dist_location
from pip._internal.utils.virtualenv import running_under_virtualenv
@@ -362,6 +365,13 @@ class Factory:
from .base import Candidate, CandidateVersion, Constraint, Requirement
@@ -525,6 +528,13 @@ class Factory:
if dist is None: # Not installed, no uninstallation required.
return None
+ # Prevent uninstalling packages from /usr
+ if dist_location(dist) in (
+ distutils_scheme('', prefix=sys.base_prefix)['purelib'],
+ distutils_scheme('', prefix=sys.base_prefix)['platlib'],
+ if dist_location(dist._dist) in (
+ get_scheme('', prefix=sys.base_prefix).purelib,
+ get_scheme('', prefix=sys.base_prefix).platlib,
+ ):
+ return None
+
@ -98,18 +107,18 @@ index be0729e..bc2912b 100644
# be uninstalled, no matter it's in global or user site, because the
# user site installation has precedence over global.
diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
index 6dd94e2..7925518 100644
index 99ebea3..5901687 100644
--- a/src/pip/_internal/utils/misc.py
+++ b/src/pip/_internal/utils/misc.py
@@ -27,6 +27,7 @@ from pip._vendor.retrying import retry # type: ignore
@@ -40,6 +40,7 @@ from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed
from pip import __version__
from pip._internal.exceptions import CommandError
from pip._internal.locations import get_major_minor_version, site_packages, user_site
+from pip._internal.locations import distutils_scheme, get_major_minor_version, site_packages, user_site
+from pip._internal.locations import get_scheme
from pip._internal.utils.compat import WINDOWS, stdlib_pkgs
from pip._internal.utils.typing import MYPY_CHECK_RUNNING, cast
from pip._internal.utils.virtualenv import (
@@ -398,6 +399,16 @@ def dist_in_site_packages(dist):
running_under_virtualenv,
@@ -382,6 +383,16 @@ def dist_in_site_packages(dist):
return dist_location(dist).startswith(normalize_path(site_packages))
@ -120,12 +129,12 @@ index 6dd94e2..7925518 100644
+ """
+ norm_path = normalize_path(dist_location(dist))
+ return norm_path.startswith(normalize_path(
+ distutils_scheme("")['purelib'].split('python')[0]))
+ get_scheme("").purelib.split('python')[0]))
+
+
def dist_is_editable(dist):
# type: (Distribution) -> bool
"""
--
2.29.2
2.32.0

95
SPECS/python-pip.spec
View File

@ -13,7 +13,7 @@
%endif
%global srcname pip
%global base_version 21.0.1
%global base_version 21.2.3
%global upstream_version %{base_version}%{?prerel}
%global python_wheelname %{srcname}-%{upstream_version}-py3-none-any.whl
%global python_wheeldir %{_datadir}/python-wheels
@ -22,7 +22,7 @@
Name: python-%{srcname}
Version: %{base_version}%{?prerel:~%{prerel}}
Release: 6%{?dist}
Release: 3%{?dist}
Summary: A tool for installing and managing Python packages
# We bundle a lot of libraries with pip, which itself is under MIT license.
@ -33,7 +33,6 @@ Summary: A tool for installing and managing Python packages
# chardet: LGPLv2
# colorama: BSD
# CacheControl: ASL 2.0
# contextlib2: Python
# distlib: Python
# distro: ASL 2.0
# html5lib: MIT
@ -46,10 +45,10 @@ Summary: A tool for installing and managing Python packages
# pyparsing: MIT
# requests: ASL 2.0
# resolvelib: ISC
# retrying: ASL 2.0
# setuptools: MIT
# six: MIT
# toml: MIT
# tenacity: ASL 2.0
# tomli: MIT
# urllib3: MIT
# webencodings: BSD
@ -68,12 +67,6 @@ BuildRequires: python-setuptools-wheel
BuildRequires: python-wheel-wheel
%endif
# Downstream only patch
# Emit a warning to the user if pip install is run with root privileges
# Upstream discussion:
# https://discuss.python.org/t/playing-nice-with-external-package-managers/1968/20
Patch1: emit-a-warning-when-running-with-root-privileges.patch
# Prevent removing of the system packages installed under /usr/lib
# when pip install -U is executed.
# https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24
@ -93,17 +86,6 @@ Patch5: nowarn-pip._internal.main.patch
# Upstream issue: https://github.com/pypa/packaging/issues/368
Patch6: no-version-warning.patch
# Update vendored urrlib3 to 1.26.4 to fix CVE-2021-28363
# Security patch backported from pip 21.1
Patch7: https://github.com/pypa/pip/pull/9760.patch
# Don't split git references on unicode separators,
# which could be maliciously used to install a different revision on the
# repository.
# Security patch backported from pip 21.1.1
# Upstream PR: https://github.com/pypa/pip/pull/9827
Patch8: don-t-split-git-references-on-unicode-separators.patch
# Downstream only patch
# Users might have local installations of pip from using
# `pip install --user --upgrade pip` on older/newer versions.
@ -141,26 +123,25 @@ Packages" or "Pip Installs Python".
%global bundled() %{expand:
Provides: bundled(python%{1}dist(appdirs)) = 1.4.4
Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.6
Provides: bundled(python%{1}dist(certifi)) = 2020.12.5
Provides: bundled(python%{1}dist(certifi)) = 2021.5.30
Provides: bundled(python%{1}dist(chardet)) = 4
Provides: bundled(python%{1}dist(colorama)) = 0.4.4
Provides: bundled(python%{1}dist(contextlib2)) = 0.6^post1
Provides: bundled(python%{1}dist(distlib)) = 0.3.1
Provides: bundled(python%{1}dist(distlib)) = 0.3.2
Provides: bundled(python%{1}dist(distro)) = 1.5
Provides: bundled(python%{1}dist(html5lib)) = 1.1
Provides: bundled(python%{1}dist(idna)) = 2.10
Provides: bundled(python%{1}dist(idna)) = 3.2
Provides: bundled(python%{1}dist(msgpack)) = 1.0.2
Provides: bundled(python%{1}dist(packaging)) = 20.9
Provides: bundled(python%{1}dist(pep517)) = 0.9.1
Provides: bundled(python%{1}dist(packaging)) = 21
Provides: bundled(python%{1}dist(pep517)) = 0.11
Provides: bundled(python%{1}dist(progress)) = 1.5
Provides: bundled(python%{1}dist(pyparsing)) = 2.4.7
Provides: bundled(python%{1}dist(requests)) = 2.25.1
Provides: bundled(python%{1}dist(resolvelib)) = 0.5.4
Provides: bundled(python%{1}dist(retrying)) = 1.3.3
Provides: bundled(python%{1}dist(requests)) = 2.26
Provides: bundled(python%{1}dist(resolvelib)) = 0.7.1
Provides: bundled(python%{1}dist(setuptools)) = 44
Provides: bundled(python%{1}dist(six)) = 1.15
Provides: bundled(python%{1}dist(toml)) = 0.10.2
Provides: bundled(python%{1}dist(urllib3)) = 1.26.4
Provides: bundled(python%{1}dist(six)) = 1.16
Provides: bundled(python%{1}dist(tenacity)) = 8.0.1
Provides: bundled(python%{1}dist(tomli)) = 1.0.3
Provides: bundled(python%{1}dist(urllib3)) = 1.26.6
Provides: bundled(python%{1}dist(webencodings)) = 0.5.1
}
@ -239,6 +220,8 @@ Summary: A documentation for a tool for installing and managing Python pa
BuildRequires: python%{python3_pkgversion}-sphinx
BuildRequires: python%{python3_pkgversion}-sphinx-inline-tabs
BuildRequires: python%{python3_pkgversion}-sphinx-copybutton
BuildRequires: python%{python3_pkgversion}-myst-parser
%description doc
A documentation for a tool for installing and managing Python packages
@ -268,7 +251,7 @@ rm src/pip/_vendor/certifi/*.pem
sed -i '/html_theme = "furo"/d' docs/html/conf.py
# towncrier extension for Sphinx is not yet available in Fedora
sed -i "/'sphinxcontrib.towncrier',/d" docs/html/conf.py
sed -i '/"sphinxcontrib.towncrier",/d' docs/html/conf.py
# tests expect wheels in here
ln -s %{python_wheeldir} tests/data/common_wheels
@ -276,6 +259,9 @@ ln -s %{python_wheeldir} tests/data/common_wheels
# Remove shebang from files in bundled chardet
grep -lr "^#\!/usr/bin/env python" src/pip/_vendor/chardet/ | xargs sed -i "1d"
# Remove windows executable binaries
rm -v src/pip/_vendor/distlib/*.exe
sed -i '/\.exe/d' setup.py
%build
%py3_build_wheel
@ -290,16 +276,20 @@ rm -rf docs/build/html/{.doctrees,.buildinfo}
%install
# The following is similar to %%py3_install_wheel, but we don't have
# The following is similar to %%pyproject_install, but we don't have
# /usr/bin/pip yet, so we install using the wheel directly.
# (This is not standard wheel usage, but the pip wheel supports it -- see
# pip/__main__.py)
%{__python3} dist/%{python_wheelname}/pip install \
%{python3} dist/%{python_wheelname}/pip install \
--root %{buildroot} \
--no-deps \
--no-cache-dir \
--no-index \
--disable-pip-version-check \
--progress-bar off \
--verbose \
--ignore-installed \
--no-warn-script-location \
--no-index \
--no-cache-dir \
--find-links dist \
'pip==%{upstream_version}'
@ -355,8 +345,6 @@ install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir}
# needs unaltered sys.path and we cannot do that in %%check
# test_pep517_and_build_options
# test_config_file_venv_option
# TODO investigate failures
# test_uninstall_non_local_distutils
# Incompatible with the latest virtualenv
# test_from_link_vcs_with_source_dir_obtains_commit_id
# test_from_link_vcs_without_source_dir
@ -364,7 +352,6 @@ install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir}
pytest_k='not completion and
not test_pep517_and_build_options and
not test_config_file_venv_option and
not test_uninstall_non_local_distutils and
not test_from_link_vcs_with_source_dir_obtains_commit_id and
not test_from_link_vcs_without_source_dir and
not test_should_cache_git_sha'
@ -379,8 +366,8 @@ pytest_k='not completion and
%files -n python%{python3_pkgversion}-%{srcname}
%license LICENSE.txt
%doc README.rst
%license %{python3_sitelib}/pip-%{upstream_version}.dist-info/LICENSE.txt
%if %{with doc}
%{_mandir}/man1/pip.*
%{_mandir}/man1/pip-*.*
@ -410,6 +397,28 @@ pytest_k='not completion and
%{python_wheeldir}/%{python_wheelname}
%changelog
* Wed Oct 06 2021 Charalampos Stratakis <cstratak@redhat.com> - 21.2.3-3
- Remove bundled windows executables
- Resolves: rhbz#2006795
* Mon Sep 13 2021 Miro Hrončok <mhroncok@redhat.com> - 21.2.3-2
- Fix broken uninstallation by a bogus downstream patch
* Mon Sep 13 2021 Miro Hrončok <mhroncok@redhat.com> - 21.2.3-1
- Update to 21.2.3
- Resolves: rhbz#1985635
* Mon Sep 13 2021 Lumír Balhar <lbalhar@redhat.com> - 21.1.3-1
- Update to 21.1.3
Resolves: rhbz#1976449
* Mon Sep 13 2021 Karolina Surma <ksurma@redhat.com> - 21.1.2-1
- Update to 21.1.2
Resolves: rhbz#1963433
* Mon Sep 13 2021 Karolina Surma <ksurma@redhat.com> - 21.1.1-1
- Update to 21.1.1
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 21.0.1-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688