diff --git a/bad-metadata-fix.patch b/bad-metadata-fix.patch deleted file mode 100644 index 740dc71..0000000 --- a/bad-metadata-fix.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 6817fbfb1fd389ad61009f0199db5670b146c8d3 Mon Sep 17 00:00:00 2001 -From: Tzu-ping Chung -Date: Sat, 6 Aug 2022 06:18:59 +0800 -Subject: [PATCH] Skip dist if metadata does not have a valid name - ---- - news/11352.bugfix.rst | 2 ++ - src/pip/_internal/metadata/importlib/_compat.py | 14 +++++++++++++- - src/pip/_internal/metadata/importlib/_envs.py | 14 +++++++++++--- - 3 files changed, 26 insertions(+), 4 deletions(-) - create mode 100644 news/11352.bugfix.rst - -diff --git a/news/11352.bugfix.rst b/news/11352.bugfix.rst -new file mode 100644 -index 00000000000..78016c912ef ---- /dev/null -+++ b/news/11352.bugfix.rst -@@ -0,0 +1,2 @@ -+Ignore distributions with invalid ``Name`` in metadata instead of crashing, when -+using the ``importlib.metadata`` backend. -diff --git a/src/pip/_internal/metadata/importlib/_compat.py b/src/pip/_internal/metadata/importlib/_compat.py -index e0879807ab9..593bff23ede 100644 ---- a/src/pip/_internal/metadata/importlib/_compat.py -+++ b/src/pip/_internal/metadata/importlib/_compat.py -@@ -2,6 +2,15 @@ - from typing import Any, Optional, Protocol, cast - - -+class BadMetadata(ValueError): -+ def __init__(self, dist: importlib.metadata.Distribution, *, reason: str) -> None: -+ self.dist = dist -+ self.reason = reason -+ -+ def __str__(self) -> str: -+ return f"Bad metadata in {self.dist} ({self.reason})" -+ -+ - class BasePath(Protocol): - """A protocol that various path objects conform. - -@@ -40,4 +49,7 @@ def get_dist_name(dist: importlib.metadata.Distribution) -> str: - The ``name`` attribute is only available in Python 3.10 or later. We are - targeting exactly that, but Mypy does not know this. - """ -- return cast(Any, dist).name -+ name = cast(Any, dist).name -+ if not isinstance(name, str): -+ raise BadMetadata(dist, reason="invalid metadata entry 'name'") -+ return name -diff --git a/src/pip/_internal/metadata/importlib/_envs.py b/src/pip/_internal/metadata/importlib/_envs.py -index d5fcfdbfef2..cbec59e2c6d 100644 ---- a/src/pip/_internal/metadata/importlib/_envs.py -+++ b/src/pip/_internal/metadata/importlib/_envs.py -@@ -1,5 +1,6 @@ - import functools - import importlib.metadata -+import logging - import os - import pathlib - import sys -@@ -14,9 +15,11 @@ - from pip._internal.utils.deprecation import deprecated - from pip._internal.utils.filetypes import WHEEL_EXTENSION - --from ._compat import BasePath, get_dist_name, get_info_location -+from ._compat import BadMetadata, BasePath, get_dist_name, get_info_location - from ._dists import Distribution - -+logger = logging.getLogger(__name__) -+ - - def _looks_like_wheel(location: str) -> bool: - if not location.endswith(WHEEL_EXTENSION): -@@ -56,11 +59,16 @@ def _find_impl(self, location: str) -> Iterator[FoundResult]: - # To know exactly where we find a distribution, we have to feed in the - # paths one by one, instead of dumping the list to importlib.metadata. - for dist in importlib.metadata.distributions(path=[location]): -- normalized_name = canonicalize_name(get_dist_name(dist)) -+ info_location = get_info_location(dist) -+ try: -+ raw_name = get_dist_name(dist) -+ except BadMetadata as e: -+ logger.warning("Skipping %s due to %s", info_location, e.reason) -+ continue -+ normalized_name = canonicalize_name(raw_name) - if normalized_name in self._found_names: - continue - self._found_names.add(normalized_name) -- info_location = get_info_location(dist) - yield dist, info_location - - def find(self, location: str) -> Iterator[BaseDistribution]: diff --git a/dummy-certifi.patch b/dummy-certifi.patch index a691cad..8896ce8 100644 --- a/dummy-certifi.patch +++ b/dummy-certifi.patch @@ -1,36 +1,128 @@ -From cacd6d2fa9a27b29415a4ce25d76406fe69fc398 Mon Sep 17 00:00:00 2001 +From 09c983fdeabe3fa0b90b73f32ddf84a61e498e09 Mon Sep 17 00:00:00 2001 From: Karolina Surma -Date: Mon, 10 May 2021 16:38:50 +0200 +Date: Tue, 15 Nov 2022 09:22:46 +0100 Subject: [PATCH] Dummy certifi patch -Co-Authored-By: Tomas Hrnciar --- - src/pip/_vendor/certifi/core.py | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) + src/pip/_vendor/certifi/core.py | 105 ++------------------------------ + 1 file changed, 6 insertions(+), 99 deletions(-) diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py -index f34045b..a2ada08 100644 +index c3e5466..eb297f7 100644 --- a/src/pip/_vendor/certifi/core.py +++ b/src/pip/_vendor/certifi/core.py -@@ -14,6 +14,7 @@ class _PipPatchedCertificate(Exception): +@@ -4,105 +4,12 @@ certifi.py + This module returns the installation location of cacert.pem or its contents. + """ +-import sys - try: -+ raise ImportError # force fallback - # Return a certificate file on disk for a standalone pip zipapp running in - # an isolated build environment to use. Passing --cert to the standalone - # pip does not work since requests calls where() unconditionally on import. -@@ -75,9 +76,7 @@ except ImportError: - # If we don't have importlib.resources, then we will just do the old logic - # of assuming we're on the filesystem and munge the path directly. - def where() -> str: ++# The RPM-packaged certifi always uses the system certificates ++def where() -> str: ++ return '/etc/pki/tls/certs/ca-bundle.crt' + +-if sys.version_info >= (3, 11): ++def contents() -> str: ++ with open(where(), encoding='utf=8') as data: ++ return data.read() + +- from importlib.resources import as_file, files +- +- _CACERT_CTX = None +- _CACERT_PATH = None +- +- def where() -> str: +- # This is slightly terrible, but we want to delay extracting the file +- # in cases where we're inside of a zipimport situation until someone +- # actually calls where(), but we don't want to re-extract the file +- # on every call of where(), so we'll do it once then store it in a +- # global variable. +- global _CACERT_CTX +- global _CACERT_PATH +- if _CACERT_PATH is None: +- # This is slightly janky, the importlib.resources API wants you to +- # manage the cleanup of this file, so it doesn't actually return a +- # path, it returns a context manager that will give you the path +- # when you enter it and will do any cleanup when you leave it. In +- # the common case of not needing a temporary file, it will just +- # return the file system location and the __exit__() is a no-op. +- # +- # We also have to hold onto the actual context manager, because +- # it will do the cleanup whenever it gets garbage collected, so +- # we will also store that at the global level as well. +- _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem")) +- _CACERT_PATH = str(_CACERT_CTX.__enter__()) +- +- return _CACERT_PATH +- +- def contents() -> str: +- return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii") +- +-elif sys.version_info >= (3, 7): +- +- from importlib.resources import path as get_path, read_text +- +- _CACERT_CTX = None +- _CACERT_PATH = None +- +- def where() -> str: +- # This is slightly terrible, but we want to delay extracting the +- # file in cases where we're inside of a zipimport situation until +- # someone actually calls where(), but we don't want to re-extract +- # the file on every call of where(), so we'll do it once then store +- # it in a global variable. +- global _CACERT_CTX +- global _CACERT_PATH +- if _CACERT_PATH is None: +- # This is slightly janky, the importlib.resources API wants you +- # to manage the cleanup of this file, so it doesn't actually +- # return a path, it returns a context manager that will give +- # you the path when you enter it and will do any cleanup when +- # you leave it. In the common case of not needing a temporary +- # file, it will just return the file system location and the +- # __exit__() is a no-op. +- # +- # We also have to hold onto the actual context manager, because +- # it will do the cleanup whenever it gets garbage collected, so +- # we will also store that at the global level as well. +- _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem") +- _CACERT_PATH = str(_CACERT_CTX.__enter__()) +- +- return _CACERT_PATH +- +- def contents() -> str: +- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii") +- +-else: +- import os +- import types +- from typing import Union +- +- Package = Union[types.ModuleType, str] +- Resource = Union[str, "os.PathLike"] +- +- # This fallback will work for Python versions prior to 3.7 that lack the +- # importlib.resources module but relies on the existing `where` function +- # so won't address issues with environments like PyOxidizer that don't set +- # __file__ on modules. +- def read_text( +- package: Package, +- resource: Resource, +- encoding: str = 'utf-8', +- errors: str = 'strict' +- ) -> str: +- with open(where(), encoding=encoding) as data: +- return data.read() +- +- # If we don't have importlib.resources, then we will just do the old logic +- # of assuming we're on the filesystem and munge the path directly. +- def where() -> str: - f = os.path.dirname(__file__) - - return os.path.join(f, "cacert.pem") -+ return '/etc/pki/tls/certs/ca-bundle.crt' - - - def contents() -> str: +- +- def contents() -> str: +- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii") -- -2.35.3 +2.37.3 diff --git a/python-pip.spec b/python-pip.spec index 1817621..dfdcfa4 100644 --- a/python-pip.spec +++ b/python-pip.spec @@ -13,7 +13,7 @@ %endif %global srcname pip -%global base_version 22.2.2 +%global base_version 22.3.1 %global upstream_version %{base_version}%{?prerel} %global python_wheel_name %{srcname}-%{upstream_version}-py3-none-any.whl @@ -21,7 +21,7 @@ Name: python-%{srcname} Version: %{base_version}%{?prerel:~%{prerel}} -Release: 2%{?dist} +Release: 1%{?dist} Summary: A tool for installing and managing Python packages # We bundle a lot of libraries with pip, which itself is under MIT license. @@ -77,6 +77,7 @@ Patch: remove-existing-dist-only-if-path-conflicts.patch # Use the system level root certificate instead of the one bundled in certifi # https://bugzilla.redhat.com/show_bug.cgi?id=1655253 +# The same patch is a part of the RPM-packaged python-certifi Patch: dummy-certifi.patch # Don't warn the user about pip._internal.main() entrypoint @@ -89,11 +90,6 @@ Patch: nowarn-pip._internal.main.patch # Upstream issue: https://github.com/pypa/packaging/issues/368 Patch: no-version-warning.patch -# Ignore distributions with invalid name in metadata instead of crashing, when -# using the importlib.metadata backend. -# Resolved upstream: https://github.com/pypa/pip/pull/11353 -Patch: bad-metadata-fix.patch - # Downstream only patch # Users might have local installations of pip from using # `pip install --user --upgrade pip` on older/newer versions. @@ -130,27 +126,27 @@ Packages" or "Pip Installs Python". # %%{_rpmconfigdir}/pythonbundles.py --namespace 'python%%{1}dist' src/pip/_vendor/vendor.txt %global bundled() %{expand: Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.11 -Provides: bundled(python%{1}dist(certifi)) = 2022.6.15 +Provides: bundled(python%{1}dist(certifi)) = 2022.9.24 Provides: bundled(python%{1}dist(chardet)) = 5 Provides: bundled(python%{1}dist(colorama)) = 0.4.5 -Provides: bundled(python%{1}dist(distlib)) = 0.3.5 +Provides: bundled(python%{1}dist(distlib)) = 0.3.6 Provides: bundled(python%{1}dist(distro)) = 1.7 -Provides: bundled(python%{1}dist(idna)) = 3.3 +Provides: bundled(python%{1}dist(idna)) = 3.4 Provides: bundled(python%{1}dist(msgpack)) = 1.0.4 Provides: bundled(python%{1}dist(packaging)) = 21.3 -Provides: bundled(python%{1}dist(pep517)) = 0.12 +Provides: bundled(python%{1}dist(pep517)) = 0.13 Provides: bundled(python%{1}dist(platformdirs)) = 2.5.2 -Provides: bundled(python%{1}dist(pygments)) = 2.12 +Provides: bundled(python%{1}dist(pygments)) = 2.13 Provides: bundled(python%{1}dist(pyparsing)) = 3.0.9 Provides: bundled(python%{1}dist(requests)) = 2.28.1 Provides: bundled(python%{1}dist(resolvelib)) = 0.8.1 Provides: bundled(python%{1}dist(rich)) = 12.5.1 Provides: bundled(python%{1}dist(setuptools)) = 44 Provides: bundled(python%{1}dist(six)) = 1.16 -Provides: bundled(python%{1}dist(tenacity)) = 8.0.1 +Provides: bundled(python%{1}dist(tenacity)) = 8.1 Provides: bundled(python%{1}dist(tomli)) = 2.0.1 -Provides: bundled(python%{1}dist(typing-extensions)) = 4.3 -Provides: bundled(python%{1}dist(urllib3)) = 1.26.10 +Provides: bundled(python%{1}dist(typing-extensions)) = 4.4 +Provides: bundled(python%{1}dist(urllib3)) = 1.26.12 Provides: bundled(python%{1}dist(webencodings)) = 0.5.1 } @@ -351,26 +347,14 @@ install -p dist/%{python_wheel_name} -t %{buildroot}%{python_wheel_dir} # Upstream tests # bash completion tests only work from installed package -# needs unaltered sys.path and we cannot do that in %%check -# test_pep517_and_build_options -# test_config_file_venv_option -# Incompatible with the latest virtualenv -# test_from_link_vcs_with_source_dir_obtains_commit_id -# test_from_link_vcs_without_source_dir -# test_should_cache_git_sha -pytest_k='not completion and - not test_pep517_and_build_options and - not test_config_file_venv_option and - not test_from_link_vcs_with_source_dir_obtains_commit_id and - not test_from_link_vcs_without_source_dir and - not test_should_cache_git_sha' +pytest_k='not completion' # --deselect'ed tests are not compatible with the latest virtualenv # These files contain almost 500 tests so we should enable them back # as soon as pip will be compatible upstream # https://github.com/pypa/pip/pull/8441 %pytest -m 'not network' -k "$(echo $pytest_k)" \ - --deselect tests/functional --deselect tests/lib/test_lib.py --deselect tests/unit/test_build_env.py + --deselect tests/functional --deselect tests/lib/test_lib.py %endif @@ -406,6 +390,10 @@ pytest_k='not completion and %{python_wheel_dir}/%{python_wheel_name} %changelog +* Mon Nov 14 2022 Karolina Surma - 22.3.1-1 +- Update to 22.3.1 +Resolves: rhbz#2135044 + * Mon Sep 05 2022 Python Maint - 22.2.2-2 - Fix crash when an empty dist-info/egg-info is present Resolves: rhbz#2115001 diff --git a/sources b/sources index 026b677..ac6d676 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pip-22.2.2.tar.gz) = bd59e28b55475b77a8f11ea771cbad3b2602ff974e219f9a55288963a9522c9279a5b00fde40fb65cfebefae0e905d3da3c06fe50b402aa5326b25f70a98a015 +SHA512 (pip-22.3.1.tar.gz) = c7865c4ce79b0fea7ba469fe593af3be205b3bdb574a6ae019842e0f82a0af406ec905d8c6ff02fbbafe01630c8899a398d071ce74501ca830249160f2f6df98