From fb2c1ba5d25d91ba4baeff1bc4aaae2aeb9e60e1 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 5 Nov 2019 14:39:23 -0500 Subject: [PATCH] import python-wheel-0.31.1-2.module+el8.1.0+3724+3c097090 --- .gitignore | 2 +- .python-wheel.metadata | 2 +- ...wheel-signing-and-verifying-features.patch | 135 ++++++++++-------- SPECS/python-wheel.spec | 134 +++++++++++++---- 4 files changed, 183 insertions(+), 90 deletions(-) diff --git a/.gitignore b/.gitignore index b1f6038..6927ceb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/wheel-0.30.0.tar.gz +SOURCES/wheel-0.31.1.tar.gz diff --git a/.python-wheel.metadata b/.python-wheel.metadata index b92c196..4cde6d1 100644 --- a/.python-wheel.metadata +++ b/.python-wheel.metadata @@ -1 +1 @@ -bf1b7cf2c46378b7300ad9d4e2b86e462cdd7f73 SOURCES/wheel-0.30.0.tar.gz +9adb566f0f481cf14f4d5d5083f93c036b9aeba1 SOURCES/wheel-0.31.1.tar.gz diff --git a/SOURCES/removed-wheel-signing-and-verifying-features.patch b/SOURCES/removed-wheel-signing-and-verifying-features.patch index 30b161c..b45dab4 100644 --- a/SOURCES/removed-wheel-signing-and-verifying-features.patch +++ b/SOURCES/removed-wheel-signing-and-verifying-features.patch @@ -1,4 +1,4 @@ -From 067c844fab1e9774c0f820f9b399e8cab1b29d87 Mon Sep 17 00:00:00 2001 +From c9309207bda86222908004b0ccf28c2a5a613f6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Gr=C3=B6nholm?= Date: Sat, 26 May 2018 20:02:20 +0300 Subject: [PATCH] Removed wheel signing and verifying features @@ -7,14 +7,6 @@ This was discussed on the distutils-sig mailing list: https://mail.python.org/mm3/archives/list/distutils-sig@python.org/thread/MU2T6FRFNLRDEWSBJDRAFGDIFWCC6OIS/ Fixes #196. - -Backporter's note: -I didn't pull in the changes to the `wheel/metadata.py` file as they -seem unrelated to the signing/verifying. It looks like it's just -housekeeping after removing metadata.json generation -(https://github.com/pypa/wheel/issues/195). Since the metadata.json -generation is still present in this version, including the changes to -metadata.py would break that functionality and the test suite would fail. --- setup.py | 3 - tests/test_keys.py | 93 ---------- @@ -22,14 +14,15 @@ metadata.py would break that functionality and the test suite would fail. tests/test_tool.py | 27 --- tox.ini | 5 +- wheel/bdist_wheel.py | 5 - - wheel/install.py | 30 +--- + wheel/install.py | 29 +-- + wheel/metadata.py | 3 - wheel/signatures/__init__.py | 110 ------------ wheel/signatures/djbec.py | 323 ---------------------------------- wheel/signatures/ed25519py.py | 50 ------ wheel/signatures/keys.py | 101 ----------- - wheel/tool/__init__.py | 135 +------------- - wheel/util.py | 39 ---- - 13 files changed, 10 insertions(+), 960 deletions(-) + wheel/tool/__init__.py | 143 +-------------- + wheel/util.py | 41 ----- + 14 files changed, 10 insertions(+), 972 deletions(-) delete mode 100644 tests/test_keys.py delete mode 100644 tests/test_signatures.py delete mode 100644 wheel/signatures/__init__.py @@ -38,19 +31,19 @@ metadata.py would break that functionality and the test suite would fail. delete mode 100644 wheel/signatures/keys.py diff --git a/setup.py b/setup.py -index 973f873..35d76cc 100644 +index 10716db..61064cd 100644 --- a/setup.py +++ b/setup.py -@@ -38,9 +38,6 @@ setup(name='wheel', - license='MIT', +@@ -39,9 +39,6 @@ setup(name='wheel', packages=find_packages(), + python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*", extras_require={ - 'signatures': ['keyring', 'keyrings.alt'], - 'signatures:sys_platform!="win32"': ['pyxdg'], - 'faster-signatures': ['ed25519ll'], - 'tool': [], - 'test': ['jsonschema', 'pytest >= 3.0.0', 'pytest-cov'] + 'test': ['pytest >= 3.0.0', 'pytest-cov'] }, + include_package_data=True, diff --git a/tests/test_keys.py b/tests/test_keys.py deleted file mode 100644 index 5c120ef..0000000 @@ -257,7 +250,7 @@ index db3ac95..a19009c 100644 [testenv:flake8] basepython = python2.7 diff --git a/wheel/bdist_wheel.py b/wheel/bdist_wheel.py -index 7fbeb4b..f0b5be6 100644 +index 119e555..bb6257f 100644 --- a/wheel/bdist_wheel.py +++ b/wheel/bdist_wheel.py @@ -7,7 +7,6 @@ A wheel is a built archive format. @@ -265,10 +258,10 @@ index 7fbeb4b..f0b5be6 100644 import hashlib import os -import subprocess - import warnings import shutil - import json -@@ -265,10 +264,6 @@ class bdist_wheel(Command): + import sys + import re +@@ -263,10 +262,6 @@ class bdist_wheel(Command): os.makedirs(self.dist_dir) wheel_name = archive_wheelfile(pseudoinstall_root, archive_root) @@ -280,26 +273,24 @@ index 7fbeb4b..f0b5be6 100644 getattr(self.distribution, 'dist_files', []).append( ('bdist_wheel', get_python_version(), wheel_name)) diff --git a/wheel/install.py b/wheel/install.py -index 5a88a75..40f2507 100644 +index 87f2e49..758198e 100644 --- a/wheel/install.py +++ b/wheel/install.py -@@ -12,14 +12,11 @@ import sys +@@ -14,12 +14,10 @@ import sys import warnings import zipfile -from . import signatures - from .decorator import reify from .paths import get_install_paths from .pep425tags import get_supported from .pkginfo import read_pkg_info_bytes -from .util import ( -- urlsafe_b64encode, from_json, urlsafe_b64decode, native, binary, HashingFile, -- open_for_csv) +- urlsafe_b64encode, from_json, urlsafe_b64decode, native, binary, HashingFile, open_for_csv) +from .util import urlsafe_b64decode, native, binary, HashingFile, open_for_csv try: _big_number = sys.maxsize -@@ -380,38 +377,25 @@ class WheelFile(object): +@@ -397,38 +395,25 @@ class WheelFile(object): writer.writerow((self.record_name, '', '')) def verify(self, zipfile=None): @@ -335,15 +326,36 @@ index 5a88a75..40f2507 100644 - if sig: - headers, payload = signatures.verify(sig) - if payload['hash'] != "sha256=" + native(record_digest): -- msg = "RECORD.sig claimed RECORD hash {0} != computed hash {1}." +- msg = "RECORD.jws claimed RECORD hash {} != computed hash {}." - raise BadWheelFile(msg.format(payload['hash'], - native(record_digest))) - - reader = csv.reader((native(r) for r in record.splitlines())) + reader = csv.reader((native(r, 'utf-8') for r in record.splitlines())) - for row in reader: filename = row[0] hash = row[1] +diff --git a/wheel/metadata.py b/wheel/metadata.py +index 6aa495b..6e59f9a 100644 +--- a/wheel/metadata.py ++++ b/wheel/metadata.py +@@ -5,7 +5,6 @@ Tools for converting old- to new-style metadata. + import os.path + import re + import textwrap +-from collections import namedtuple + + import pkg_resources + +@@ -15,8 +14,6 @@ from .pkginfo import read_pkg_info + # in METADATA/PKG-INFO. Support its syntax with the extra at the end only. + EXTRA_RE = re.compile("""^(?P.*?)(;\s*(?P.*?)(extra == '(?P.*?)')?)$""") + +-MayRequiresKey = namedtuple('MayRequiresKey', ('condition', 'extra')) +- + + def requires_to_requires_dist(requirement): + """Compose the version predicates for requirement in PEP 345 fashion.""" diff --git a/wheel/signatures/__init__.py b/wheel/signatures/__init__.py deleted file mode 100644 index e7a5331..0000000 @@ -462,16 +474,16 @@ index e7a5331..0000000 - raise RuntimeError("No error from bad wheel.signatures payload.") diff --git a/wheel/signatures/djbec.py b/wheel/signatures/djbec.py deleted file mode 100644 -index 87f72d4..0000000 +index e9b3115..0000000 --- a/wheel/signatures/djbec.py +++ /dev/null @@ -1,323 +0,0 @@ -# Ed25519 digital signatures --# Based on http://ed25519.cr.yp.to/python/ed25519.py --# See also http://ed25519.cr.yp.to/software.html +-# Based on https://ed25519.cr.yp.to/python/ed25519.py +-# See also https://ed25519.cr.yp.to/software.html -# Adapted by Ron Garret -# Sped up considerably using coordinate transforms found on: --# http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html +-# https://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html -# Specifically add-2008-hwcd-4 and dbl-2008-hwcd - -import hashlib @@ -502,7 +514,7 @@ index 87f72d4..0000000 - -b = 256 -q = 2 ** 255 - 19 --l = 2 ** 252 + 27742317777372353535851937790883648493 +-l = 2 ** 252 + 27742317777372353535851937790883648493 # noqa: E741 - - -def H(m): @@ -527,7 +539,7 @@ index 87f72d4..0000000 - - -d = -121665 * inv(121666) --I = expmod(2, (q - 1) // 4, q) +-I = expmod(2, (q - 1) // 4, q) # noqa: E741 - - -def xrecover(y): @@ -564,7 +576,7 @@ index 87f72d4..0000000 -# return Q - -# Faster (!) version based on: --# http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html +-# https://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - -def xpt_add(pt1, pt2): - (X1, Y1, Z1, T1) = pt1 @@ -704,7 +716,7 @@ index 87f72d4..0000000 -########################################################## -# -# Curve25519 reference implementation by Matthew Dempsky, from: --# http://cr.yp.to/highspeed/naclcrypto-20090310.pdf +-# https://cr.yp.to/highspeed/naclcrypto-20090310.pdf - -# P = 2 ** 255 - 19 -P = q @@ -953,11 +965,11 @@ index eb5d4ac..0000000 - """Remember verifying key vk as being valid for signing in scope.""" - self.data['signers'].append({'scope': scope, 'vk': vk}) diff --git a/wheel/tool/__init__.py b/wheel/tool/__init__.py -index d6b9893..7e4f55a 100644 +index 36292dc..9cbdc08 100644 --- a/wheel/tool/__init__.py +++ b/wheel/tool/__init__.py -@@ -3,16 +3,13 @@ Wheel command-line utility. - """ +@@ -5,16 +5,13 @@ Wheel command-line utility. + from __future__ import print_function import argparse -import hashlib @@ -975,7 +987,7 @@ index d6b9893..7e4f55a 100644 def require_pkgresources(name): -@@ -26,111 +23,6 @@ class WheelError(Exception): +@@ -28,119 +25,6 @@ class WheelError(Exception): pass @@ -992,8 +1004,14 @@ index d6b9893..7e4f55a 100644 - return keys.WheelKeys, keyring - - +-def warn_signatures(): +- print('WARNING: The wheel signing and signature verification commands have been deprecated ' +- 'and will be removed before the v1.0.0 release.', file=sys.stderr) +- +- -def keygen(get_keyring=get_keyring): - """Generate a public/private key pair.""" +- warn_signatures() - WheelKeys, keyring = get_keyring() - - ed25519ll = signatures.get_ed25519ll() @@ -1005,14 +1023,14 @@ index d6b9893..7e4f55a 100644 - sk = native(urlsafe_b64encode(keypair.sk)) - kr = keyring.get_keyring() - kr.set_password("wheel", vk, sk) -- sys.stdout.write("Created Ed25519 keypair with vk={0}\n".format(vk)) -- sys.stdout.write("in {0!r}\n".format(kr)) +- print("Created Ed25519 keypair with vk={}".format(vk)) +- print("in {!r}".format(kr)) - - sk2 = kr.get_password('wheel', vk) - if sk2 != sk: - raise WheelError("Keyring is broken. Could not retrieve secret key.") - -- sys.stdout.write("Trusting {0} to sign and verify all packages.\n".format(vk)) +- print("Trusting {} to sign and verify all packages.".format(vk)) - wk.add_signer('+', vk) - wk.trust('+', vk) - wk.save() @@ -1020,6 +1038,7 @@ index d6b9893..7e4f55a 100644 - -def sign(wheelfile, replace=False, get_keyring=get_keyring): - """Sign a wheel""" +- warn_signatures() - WheelKeys, keyring = get_keyring() - - ed25519ll = signatures.get_ed25519ll() @@ -1029,7 +1048,7 @@ index d6b9893..7e4f55a 100644 - - name = wf.parsed_filename.group('name') - sign_with = wk.signers(name)[0] -- sys.stdout.write("Signing {0} with {1}\n".format(name, sign_with[1])) +- print("Signing {} with {}".format(name, sign_with[1])) - - vk = sign_with[1] - kr = keyring.get_keyring() @@ -1056,6 +1075,7 @@ index d6b9893..7e4f55a 100644 - ordinary archive, with the compressed files and the directory in the same - order, and without any non-zip content after the truncation point. - """ +- warn_signatures() - vzf = VerifyingZipFile(wheelfile, "a") - info = vzf.infolist() - if not (len(info) and info[-1].filename.endswith('/RECORD.jws')): @@ -1071,6 +1091,7 @@ index d6b9893..7e4f55a 100644 - Wheel's own unpack/install commands verify the manifest against the - signature and file contents. - """ +- warn_signatures() - wf = WheelFile(wheelfile) - sig_name = wf.distinfo_name + '/RECORD.jws' - try: @@ -1079,15 +1100,14 @@ index d6b9893..7e4f55a 100644 - raise WheelError('The wheel is not signed (RECORD.jws not found at end of the archive).') - - verified = signatures.verify(sig) -- sys.stderr.write("Signatures are internally consistent.\n") -- sys.stdout.write(json.dumps(verified, indent=2)) -- sys.stdout.write('\n') +- print("Signatures are internally consistent.", file=sys.stderr) +- print(json.dumps(verified, indent=2)) - - def unpack(wheelfile, dest='.'): """Unpack a wheel. -@@ -278,29 +170,6 @@ def parser(): +@@ -288,29 +172,6 @@ def parser(): p = argparse.ArgumentParser() s = p.add_subparsers(help="commands") @@ -1118,18 +1138,19 @@ index d6b9893..7e4f55a 100644 unpack(args.wheelfile, args.dest) unpack_parser = s.add_parser('unpack', help='Unpack wheel') diff --git a/wheel/util.py b/wheel/util.py -index c58d108..8f16c00 100644 +index 71802bf..a4f990a 100644 --- a/wheel/util.py +++ b/wheel/util.py -@@ -3,7 +3,6 @@ +@@ -1,17 +1,12 @@ +-"""Utility functions.""" +- import base64 import hashlib import json -import os import sys - from collections import OrderedDict -@@ -11,8 +10,6 @@ __all__ = ['urlsafe_b64encode', 'urlsafe_b64decode', 'utf8', + __all__ = ['urlsafe_b64encode', 'urlsafe_b64decode', 'utf8', 'to_json', 'from_json', 'matches_requirement'] @@ -1138,15 +1159,15 @@ index c58d108..8f16c00 100644 if sys.version_info[0] < 3: text_type = unicode # noqa: F821 -@@ -118,42 +115,6 @@ class OrderedDefaultDict(OrderedDict): - return default +@@ -98,42 +93,6 @@ class HashingFile(object): + self.fd.close() -if sys.platform == 'win32': - import ctypes.wintypes - # CSIDL_APPDATA for reference - not used here for compatibility with - # dirspec, which uses LOCAL_APPDATA and COMMON_APPDATA in that order -- csidl = dict(CSIDL_APPDATA=26, CSIDL_LOCAL_APPDATA=28, CSIDL_COMMON_APPDATA=35) +- csidl = {'CSIDL_APPDATA': 26, 'CSIDL_LOCAL_APPDATA': 28, 'CSIDL_COMMON_APPDATA': 35} - - def get_path(name): - SHGFP_TYPE_CURRENT = 0 diff --git a/SPECS/python-wheel.spec b/SPECS/python-wheel.spec index d92c3e2..a147a3a 100644 --- a/SPECS/python-wheel.spec +++ b/SPECS/python-wheel.spec @@ -1,26 +1,32 @@ -# Note that the only function of bootstrap is that it disables the test suite: -# bcond_with bootstrap = tests enabled -%bcond_without bootstrap - -# Note(hguemar): EL7 has no python3 stack but EPEL does -%if 0%{?rhel} && 0%{?rhel} <= 7 && 0%{!?epel:1} -%define _without_python3 1 -%endif - %if 0%{?_with_python27_module} %undefine _without_python3 %endif +# Note that the function of bootstrap is that it disables the test suite and whl +# bcond_with bootstrap = tests enabled, package with whl created +%bcond_with bootstrap + %bcond_with python36_module -%bcond_without python2 +%bcond_with python2 %bcond_without python3 %global pypi_name wheel +%global python_wheelname %{pypi_name}-%{version}-py2.py3-none-any.whl + +%if %{with python2} +%global python2_wheeldir %{_datadir}/python2-wheels +%global python2_wheelname %python_wheelname +%endif # with python2 + +%if %{with python3} +%global python3_wheeldir %{_datadir}/python3-wheels +%global python3_wheelname %python_wheelname +%endif # with python3 Name: python-%{pypi_name} -Version: 0.30.0 -Release: 15%{?dist} +Version: 0.31.1 +Release: 2%{?dist} Epoch: 1 Summary: Built-package format for Python @@ -30,7 +36,7 @@ Source0: %{url}/archive/%{version}/%{pypi_name}-%{version}.tar.gz BuildArch: noarch # We need to remove wheel's own implementation of crypto due to FIPS concerns. -# See more: https://bugzilla.redhat.com/show_bug.cgi?id=1732325 +# See more: https://bugzilla.redhat.com/show_bug.cgi?id=1731526 # Upstream commit: https://github.com/pypa/wheel/commit/d3f5918ccbb1c79e2fc42b7766626a0aa20dc438 Patch0: removed-wheel-signing-and-verifying-features.patch @@ -56,7 +62,7 @@ BuildRequires: python2-pytest %description -n python2-%{pypi_name} %{_description} Python 2 version. -%endif +%endif # with python2 %if %{with python3} @@ -69,9 +75,9 @@ BuildRequires: python36-rpm-macros BuildRequires: python3-devel %endif BuildRequires: python3-setuptools -%if ! %{with bootstrap} +%if %{without bootstrap} BuildRequires: python3-pytest -%endif +%endif # without bootstrap # For alternatives Requires: python36 Requires(post): python36 @@ -81,6 +87,26 @@ Requires(postun): python36 %description -n python3-%{pypi_name} %{_description} Python 3 version. + +%endif # with python3 + +%if %{without bootstrap} +%if %{with python2} +%package -n python2-%{pypi_name}-wheel +Summary: The Python wheel module packaged as a wheel + +%description -n python2-%{pypi_name}-wheel +A Python wheel of wheel to use with virtualenv. +%endif + +%if %{with python3} +%package -n python3-%{pypi_name}-wheel +Summary: The Python wheel module packaged as a wheel + +%description -n python3-%{pypi_name}-wheel +A Python wheel of wheel to use with virtualenv. +%endif + %endif @@ -94,10 +120,20 @@ sed -ie '1d' %{pypi_name}/{egg2wheel,wininst2wheel}.py %if %{with python2} export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 %py2_build -%endif + +%if %{without bootstrap} +%py2_build_wheel +%endif # without bootstrap + +%endif # with python2 + %if %{with python3} %py3_build -%endif + +%if %{without bootstrap} +%py3_build_wheel +%endif # without bootstrap +%endif # with python3 %install @@ -115,21 +151,33 @@ mv %{buildroot}%{_bindir}/%{pypi_name}{,-%{python2_version}} ln -s %{pypi_name}-%{python2_version} %{buildroot}%{_bindir}/%{pypi_name}-2 %endif -%if ! %{with bootstrap} +%if %{without bootstrap} +%if %{with python2} +mkdir -p %{buildroot}%{python2_wheeldir} +install -p dist/%{python2_wheelname} -t %{buildroot}%{python2_wheeldir} +%endif + +%if %{with python3} +mkdir -p %{buildroot}%{python3_wheeldir} +install -p dist/%{python3_wheelname} -t %{buildroot}%{python3_wheeldir} +%endif + %check rm setup.cfg # Remove part of the test that uses the "jsonschema" package sed -i '/jsonschema/d' tests/test_bdist_wheel.py +export LC_ALL=C.UTF-8 + %if %{with python2} export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 PYTHONPATH=%{buildroot}%{python2_sitelib} py.test-2 -v --ignore build -%endif +%endif # with python2 %if %{with python3} PYTHONPATH=%{buildroot}%{python3_sitelib} py.test-3 -v --ignore build -%endif -%endif +%endif # with python3 +%endif # without bootstrap %if %{with python3} @@ -166,18 +214,42 @@ fi %{python3_sitelib}/%{pypi_name}* %endif +%if %{without bootstrap} + +%if %{with python2} +%files -n python2-%{pypi_name}-wheel +%license LICENSE.txt +# we own the dir for simplicity +%dir %{python2_wheeldir}/ +%{python2_wheeldir}/%{python2_wheelname} +%endif + +%if %{with python3} +%files -n python3-%{pypi_name}-wheel +%license LICENSE.txt +# we own the dir for simplicity +%dir %{python3_wheeldir}/ +%{python3_wheeldir}/%{python3_wheelname} +%endif + +%endif + %changelog -* Tue Aug 06 2019 Tomas Orsava - 1:0.30.0-15 -- Fixed Patch0, which previously broken the metadata.json file generation -Resolves: rhbz#1732325 rhbz#1732326 - -* Thu Jul 25 2019 Tomas Orsava - 1:0.30.0-14 +* Mon Jul 22 2019 Tomas Orsava - 1:0.31.1-2 - Removed wheel's own implementation of crypto due to FIPS concerns -Resolves: rhbz#1732325 rhbz#1732326 +Resolves: rhbz#1731526 -* Wed Apr 03 2019 Tomas Orsava - 1:0.30.0-13 -- Bumping due to problems with modular RPM upgrade path (#1695587) -- Related: rhbz#1693974 +* Fri Jun 21 2019 Charalampos Stratakis - 1:0.31.1-1 +- Update to 0.31.1 +Resolves: rhbz#1671681 + +* Thu Jun 20 2019 Miro Hrončok - 1:0.30.0-14 +- Create python{2,3}-wheel-wheel packages with the wheel of wheel +Resolves: rhbz#1659550 + +* Thu Apr 25 2019 Tomas Orsava - 1:0.30.0-13 +- Bumping due to problems with modular RPM upgrade path +- Resolves: rhbz#1695587 * Thu Oct 04 2018 Lumír Balhar - 1:0.30.0-12 - Fix alternatives - post and postun sections only with python3