rpms
/
python3.12-pip
15
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS python3.12-pip-23.2.1-4.el8

This commit is contained in:
eabdullin 2024-04-01 08:00:38 +00:00
commit 0c6bdcc82e
8 changed files with 802 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
SOURCES/pip-23.2.1-man.tar.gz
SOURCES/pip-23.2.1.tar.gz

2
.python3.12-pip.metadata Normal file
View File

@ -0,0 +1,2 @@
e78411dc8b3a57af0c84b2b9a13365d2a87ffc36 SOURCES/pip-23.2.1-man.tar.gz
f90fd7e09cdb6f87b7498942fd41157363868a3f SOURCES/pip-23.2.1.tar.gz

78
SOURCES/cve-2007-4559-tarfile.patch Normal file
View File

@ -0,0 +1,78 @@
Minimal patch for pip
diff -rU3 pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py pip-22.3.1/src/pip/_internal/utils/unpacking.py
--- pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py 2022-11-05 16:25:43.000000000 +0100
+++ pip-22.3.1/src/pip/_internal/utils/unpacking.py 2023-08-08 13:17:47.705613554 +0200
@@ -184,6 +184,13 @@
"outside target directory ({})"
)
raise InstallationError(message.format(filename, path, location))
+
+ # Call the `data` filter for its side effect (raising exception)
+ try:
+ tarfile.data_filter(member.replace(name=fn), location)
+ except tarfile.LinkOutsideDestinationError:
+ pass
+
if member.isdir():
ensure_dir(path)
elif member.issym():
Test from https://github.com/pypa/pip/pull/12214
diff -rU3 pip-22.3.1-orig/tests/unit/test_utils_unpacking.py pip-22.3.1/tests/unit/test_utils_unpacking.py
--- pip-22.3.1-orig/tests/unit/test_utils_unpacking.py 2022-11-05 16:25:43.000000000 +0100
+++ pip-22.3.1/tests/unit/test_utils_unpacking.py 2023-08-08 13:17:35.151540108 +0200
@@ -171,6 +171,23 @@
test_tar = self.make_tar_file("test_tar.tar", files)
untar_file(test_tar, self.tempdir)
+ def test_unpack_tar_filter(self) -> None:
+ """
+ Test that the tarfile.data_filter is used to disallow dangerous
+ behaviour (PEP-721)
+ """
+ test_tar = os.path.join(self.tempdir, "test_tar_filter.tar")
+ with tarfile.open(test_tar, "w") as mytar:
+ file_tarinfo = tarfile.TarInfo("bad-link")
+ file_tarinfo.type = tarfile.SYMTYPE
+ file_tarinfo.linkname = "../../../../pwn"
+ mytar.addfile(file_tarinfo, io.BytesIO(b""))
+ with pytest.raises(InstallationError) as e:
+ untar_file(test_tar, self.tempdir)
+
+ assert "is outside the destination" in str(e.value)
+
+
def test_unpack_tar_unicode(tmpdir: Path) -> None:
test_tar = tmpdir / "test.tar"
Patch for vendored distlib from https://github.com/pypa/distlib/pull/201
diff --git a/distlib/util.py b/distlib/util.py
index e0622e4..4349d0b 100644
--- a/src/pip/_vendor/distlib/util.py
+++ b/src/pip/_vendor/distlib/util.py
@@ -1249,6 +1249,19 @@ def check_path(path):
for tarinfo in archive.getmembers():
if not isinstance(tarinfo.name, text_type):
tarinfo.name = tarinfo.name.decode('utf-8')
+
+ # Limit extraction of dangerous items, if this Python
+ # allows it easily. If not, just trust the input.
+ # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
+ def extraction_filter(member, path):
+ """Run tarfile.tar_fillter, but raise the expected ValueError"""
+ # This is only called if the current Python has tarfile filters
+ try:
+ return tarfile.tar_filter(member, path)
+ except tarfile.FilterError as exc:
+ raise ValueError(str(exc))
+ archive.extraction_filter = extraction_filter
+
archive.extractall(dest_dir)
finally:

128
SOURCES/dummy-certifi.patch Normal file
View File

@ -0,0 +1,128 @@
From 09c983fdeabe3fa0b90b73f32ddf84a61e498e09 Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Tue, 15 Nov 2022 09:22:46 +0100
Subject: [PATCH] Dummy certifi patch
---
src/pip/_vendor/certifi/core.py | 105 ++------------------------------
1 file changed, 6 insertions(+), 99 deletions(-)
diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
index c3e5466..eb297f7 100644
--- a/src/pip/_vendor/certifi/core.py
+++ b/src/pip/_vendor/certifi/core.py
@@ -4,105 +4,12 @@ certifi.py
This module returns the installation location of cacert.pem or its contents.
"""
-import sys
+# The RPM-packaged certifi always uses the system certificates
+def where() -> str:
+ return '/etc/pki/tls/certs/ca-bundle.crt'
-if sys.version_info >= (3, 11):
+def contents() -> str:
+ with open(where(), encoding='utf=8') as data:
+ return data.read()
- from importlib.resources import as_file, files
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the file
- # in cases where we're inside of a zipimport situation until someone
- # actually calls where(), but we don't want to re-extract the file
- # on every call of where(), so we'll do it once then store it in a
- # global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you to
- # manage the cleanup of this file, so it doesn't actually return a
- # path, it returns a context manager that will give you the path
- # when you enter it and will do any cleanup when you leave it. In
- # the common case of not needing a temporary file, it will just
- # return the file system location and the __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
-
-elif sys.version_info >= (3, 7):
-
- from importlib.resources import path as get_path, read_text
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the
- # file in cases where we're inside of a zipimport situation until
- # someone actually calls where(), but we don't want to re-extract
- # the file on every call of where(), so we'll do it once then store
- # it in a global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you
- # to manage the cleanup of this file, so it doesn't actually
- # return a path, it returns a context manager that will give
- # you the path when you enter it and will do any cleanup when
- # you leave it. In the common case of not needing a temporary
- # file, it will just return the file system location and the
- # __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
-
-else:
- import os
- import types
- from typing import Union
-
- Package = Union[types.ModuleType, str]
- Resource = Union[str, "os.PathLike"]
-
- # This fallback will work for Python versions prior to 3.7 that lack the
- # importlib.resources module but relies on the existing `where` function
- # so won't address issues with environments like PyOxidizer that don't set
- # __file__ on modules.
- def read_text(
- package: Package,
- resource: Resource,
- encoding: str = 'utf-8',
- errors: str = 'strict'
- ) -> str:
- with open(where(), encoding=encoding) as data:
- return data.read()
-
- # If we don't have importlib.resources, then we will just do the old logic
- # of assuming we're on the filesystem and munge the path directly.
- def where() -> str:
- f = os.path.dirname(__file__)
-
- return os.path.join(f, "cacert.pem")
-
- def contents() -> str:
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
--
2.37.3

16
SOURCES/no-version-warning.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/src/pip/_vendor/packaging/version.py b/src/pip/_vendor/packaging/version.py
index de9a09a..154e94d 100644
--- a/src/pip/_vendor/packaging/version.py
+++ b/src/pip/_vendor/packaging/version.py
@@ -108,11 +108,6 @@ class LegacyVersion(_BaseVersion):
self._version = str(version)
self._key = _legacy_cmpkey(self._version)
- warnings.warn(
- "Creating a LegacyVersion has been deprecated and will be "
- "removed in the next major release",
- DeprecationWarning,
- )
def __str__(self) -> str:
return self._version

76
SOURCES/nowarn-pip._internal.main.patch Normal file
View File

@ -0,0 +1,76 @@
From 8dd3793d1bab226cec9c5c49b01718a9634bc403 Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Mon, 10 May 2021 16:48:49 +0200
Subject: [PATCH] Don't warn the user about pip._internal.main() entrypoint
In Fedora, we use that in ensurepip and users cannot do anything about it,
this warning is juts moot. Also, the warning breaks CPython test suite.
Co-Authored-By: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
---
src/pip/_internal/__init__.py | 2 +-
src/pip/_internal/utils/entrypoints.py | 19 ++++++++++---------
tests/functional/test_cli.py | 3 ++-
3 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/src/pip/_internal/__init__.py b/src/pip/_internal/__init__.py
index 6afb5c6..faf25af 100755
--- a/src/pip/_internal/__init__.py
+++ b/src/pip/_internal/__init__.py
@@ -16,4 +16,4 @@ def main(args: (Optional[List[str]]) = None) -> int:
"""
from pip._internal.utils.entrypoints import _wrapper
- return _wrapper(args)
+ return _wrapper(args, _nowarn=True)
diff --git a/src/pip/_internal/utils/entrypoints.py b/src/pip/_internal/utils/entrypoints.py
index f292c64..2e29a5e 100644
--- a/src/pip/_internal/utils/entrypoints.py
+++ b/src/pip/_internal/utils/entrypoints.py
@@ -20,7 +20,7 @@ if WINDOWS:
]
-def _wrapper(args: Optional[List[str]] = None) -> int:
+def _wrapper(args: Optional[List[str]] = None, _nowarn: bool = False) -> int:
"""Central wrapper for all old entrypoints.
Historically pip has had several entrypoints defined. Because of issues
@@ -32,14 +32,15 @@ def _wrapper(args: Optional[List[str]] = None) -> int:
directing them to an appropriate place for help, we now define all of
our old entrypoints as wrappers for the current one.
"""
- sys.stderr.write(
- "WARNING: pip is being invoked by an old script wrapper. This will "
- "fail in a future version of pip.\n"
- "Please see https://github.com/pypa/pip/issues/5599 for advice on "
- "fixing the underlying issue.\n"
- "To avoid this problem you can invoke Python with '-m pip' instead of "
- "running pip directly.\n"
- )
+ if not _nowarn:
+ sys.stderr.write(
+ "WARNING: pip is being invoked by an old script wrapper. This will "
+ "fail in a future version of pip.\n"
+ "Please see https://github.com/pypa/pip/issues/5599 for advice on "
+ "fixing the underlying issue.\n"
+ "To avoid this problem you can invoke Python with '-m pip' instead of "
+ "running pip directly.\n"
+ )
return main(args)
diff --git a/tests/functional/test_cli.py b/tests/functional/test_cli.py
index 3e85703..f86c392 100644
--- a/tests/functional/test_cli.py
+++ b/tests/functional/test_cli.py
@@ -43,4 +43,5 @@ def test_entrypoints_work(entrypoint: str, script: PipTestEnvironment) -> None:
result = script.pip("-V")
result2 = script.run("fake_pip", "-V", allow_stderr_warning=True)
assert result.stdout == result2.stdout
- assert "old script wrapper" in result2.stderr
+ if entrypoint[0] != "fake_pip = pip._internal:main":
+ assert "old script wrapper" in result2.stderr
--
2.35.3

115
SOURCES/remove-existing-dist-only-if-path-conflicts.patch Normal file
View File

@ -0,0 +1,115 @@
From 2c3f3a590ddfc151a456b44a5f96f0f603d178e9 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Wed, 16 Feb 2022 08:36:21 +0100
Subject: [PATCH] Prevent removing of the system packages installed under
/usr/lib when pip install --upgrade is executed.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves: rhbz#1550368
Co-Authored-By: Michal Cyprian <m.cyprian@gmail.com>
Co-Authored-By: Victor Stinner <vstinner@redhat.com>
Co-Authored-By: Petr Viktorin <pviktori@redhat.com>
Co-Authored-By: Lumir Balhar <lbalhar@redhat.com>
Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
Co-Authored-By: Karolina Surma <ksurma@redhat.com>
---
src/pip/_internal/metadata/base.py | 12 +++++++++++-
src/pip/_internal/req/req_install.py | 2 +-
src/pip/_internal/resolution/legacy/resolver.py | 4 +++-
src/pip/_internal/resolution/resolvelib/factory.py | 12 ++++++++++++
4 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/pip/_internal/metadata/base.py b/src/pip/_internal/metadata/base.py
index 151fd6d..f9109cd 100644
--- a/src/pip/_internal/metadata/base.py
+++ b/src/pip/_internal/metadata/base.py
@@ -28,7 +28,7 @@ from pip._vendor.packaging.utils import NormalizedName
from pip._vendor.packaging.version import LegacyVersion, Version
from pip._internal.exceptions import NoneMetadataError
-from pip._internal.locations import site_packages, user_site
+from pip._internal.locations import get_scheme, site_packages, user_site
from pip._internal.models.direct_url import (
DIRECT_URL_METADATA_NAME,
DirectUrl,
@@ -560,6 +560,16 @@ class BaseDistribution(Protocol):
for extra in self._iter_egg_info_extras():
metadata["Provides-Extra"] = extra
+ @property
+ def in_install_path(self) -> bool:
+ """
+ Return True if given Distribution is installed in
+ path matching distutils_scheme layout.
+ """
+ norm_path = normalize_path(self.installed_location)
+ return norm_path.startswith(normalize_path(
+ get_scheme("").purelib.split('python')[0]))
+
class BaseEnvironment:
"""An environment containing distributions to introspect."""
diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
index a1e376c..ed7facf 100644
--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
@@ -416,7 +416,7 @@ class InstallRequirement:
f"lack sys.path precedence to {existing_dist.raw_name} "
f"in {existing_dist.location}"
)
- else:
+ elif existing_dist.in_install_path:
self.should_reinstall = True
else:
if self.editable:
diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py
index fb49d41..040f2c1 100644
--- a/src/pip/_internal/resolution/legacy/resolver.py
+++ b/src/pip/_internal/resolution/legacy/resolver.py
@@ -325,7 +325,9 @@ class Resolver(BaseResolver):
"""
# Don't uninstall the conflict if doing a user install and the
# conflict is not a user install.
- if not self.use_user_site or req.satisfied_by.in_usersite:
+ if ((not self.use_user_site
+ or req.satisfied_by.in_usersite)
+ and req.satisfied_by.in_install_path):
req.should_reinstall = True
req.satisfied_by = None
diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py
index a4c24b5..e7e2da9 100644
--- a/src/pip/_internal/resolution/resolvelib/factory.py
+++ b/src/pip/_internal/resolution/resolvelib/factory.py
@@ -1,6 +1,8 @@
import contextlib
import functools
import logging
+import sys
+import sysconfig
from typing import (
TYPE_CHECKING,
Dict,
@@ -549,6 +551,16 @@ class Factory:
if dist is None: # Not installed, no uninstallation required.
return None
+ # Prevent uninstalling packages from /usr
+ try:
+ if dist.installed_location in (
+ sysconfig.get_path('purelib', scheme='posix_prefix', vars={'base': sys.base_prefix}),
+ sysconfig.get_path('platlib', scheme='posix_prefix', vars={'platbase': sys.base_prefix}),
+ ):
+ return None
+ except KeyError: # this Python doesn't have 'rpm_prefix' scheme yet
+ pass
+
# We're installing into global site. The current installation must
# be uninstalled, no matter it's in global or user site, because the
# user site installation has precedence over global.
--
2.35.3

385
SPECS/python3.12-pip.spec Normal file
View File

@ -0,0 +1,385 @@
%global __python3 /usr/bin/python3.12
%global python3_pkgversion 3.12
%bcond_with tests
%bcond_with doc
%global srcname pip
%global base_version 23.2.1
%global upstream_version %{base_version}%{?prerel}
%global python_wheel_name %{srcname}-%{upstream_version}-py3-none-any.whl
%global bashcompdir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null)
Name: python%{python3_pkgversion}-%{srcname}
Version: %{base_version}%{?prerel:~%{prerel}}
Release: 4%{?dist}
Summary: A tool for installing and managing Python packages
# We bundle a lot of libraries with pip, which itself is under MIT license.
# Here is the list of the libraries with corresponding licenses:
# appdirs: MIT
# certifi: MPLv2.0
# chardet: LGPLv2
# colorama: BSD
# CacheControl: ASL 2.0
# distlib: Python
# distro: ASL 2.0
# html5lib: MIT
# idna: BSD
# ipaddress: Python
# msgpack: ASL 2.0
# packaging: ASL 2.0 or BSD
# progress: ISC
# pygments: BSD
# pyparsing: MIT
# pyproject-hooks: MIT
# requests: ASL 2.0
# resolvelib: ISC
# rich: MIT
# setuptools: MIT
# six: MIT
# tenacity: ASL 2.0
# tomli: MIT
# typing-extensions: Python
# urllib3: MIT
# webencodings: BSD
License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
URL: https://pip.pypa.io/
Source0: https://github.com/pypa/pip/archive/%{upstream_version}/%{srcname}-%{upstream_version}.tar.gz
# To generate the man pages for RHEL8 on a system with Python >= 3.7
# rhpkg prep
# cd into the pip folder
# sed -i '/myst_parser/d;/sphinx_copybutton/d;/sphinx_inline_tabs/d;/sphinxcontrib.towncrier/d' docs/html/conf.py
# sphinx-build-3 -b man docs/man docs/build/man -c docs/html
# tar -czf pip-23.2.1-man.tar.gz --exclude=".[^/]*" -v docs/build/man
# mv pip-23.2.1-man.tar.gz ..
Source1: pip-%{base_version}-man.tar.gz
BuildArch: noarch
# Prevent removing of the system packages installed under /usr/lib
# when pip install -U is executed.
# https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24
# Could be replaced with https://www.python.org/dev/peps/pep-0668/
Patch0: remove-existing-dist-only-if-path-conflicts.patch
# Use the system level root certificate instead of the one bundled in certifi
# https://bugzilla.redhat.com/show_bug.cgi?id=1655253
# The same patch is a part of the RPM-packaged python-certifi
Patch1: dummy-certifi.patch
# Don't warn the user about pip._internal.main() entrypoint
# In Fedora, we use that in ensurepip and users cannot do anything about it,
# this warning is juts moot. Also, the warning breaks CPython test suite.
Patch2: nowarn-pip._internal.main.patch
# Don't warn the user about packaging's LegacyVersion being deprecated.
# (This also breaks Python's test suite when warnings are treated as errors.)
# Upstream issue: https://github.com/pypa/packaging/issues/368
Patch3: no-version-warning.patch
# CVE-2007-4559, PEP-721, PEP-706: Use tarfile.data_filter for extracting
# - Minimal downstream-only patch, to be replaced by upstream solution
# proposed in https://github.com/pypa/pip/pull/12214
# - Test patch submitted upstream in the above pull request
# - Patch for vendored distlib, accepted upstream:
# https://github.com/pypa/distlib/pull/201
Patch4: cve-2007-4559-tarfile.patch
# Virtual provides for the packages bundled by pip.
# You can generate it with:
# %%{_rpmconfigdir}/pythonbundles.py --namespace 'python%%{1}dist' src/pip/_vendor/vendor.txt
%global bundled() %{expand:
Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.11
Provides: bundled(python%{1}dist(certifi)) = 2023.5.7
Provides: bundled(python%{1}dist(chardet)) = 5.1
Provides: bundled(python%{1}dist(colorama)) = 0.4.6
Provides: bundled(python%{1}dist(distlib)) = 0.3.6
Provides: bundled(python%{1}dist(distro)) = 1.8
Provides: bundled(python%{1}dist(idna)) = 3.4
Provides: bundled(python%{1}dist(msgpack)) = 1.0.5
Provides: bundled(python%{1}dist(packaging)) = 21.3
Provides: bundled(python%{1}dist(platformdirs)) = 3.8.1
Provides: bundled(python%{1}dist(pygments)) = 2.15.1
Provides: bundled(python%{1}dist(pyparsing)) = 3.1
Provides: bundled(python%{1}dist(pyproject-hooks)) = 1
Provides: bundled(python%{1}dist(requests)) = 2.31
Provides: bundled(python%{1}dist(resolvelib)) = 1.0.1
Provides: bundled(python%{1}dist(rich)) = 13.4.2
Provides: bundled(python%{1}dist(setuptools)) = 68
Provides: bundled(python%{1}dist(six)) = 1.16
Provides: bundled(python%{1}dist(tenacity)) = 8.2.2
Provides: bundled(python%{1}dist(tomli)) = 2.0.1
Provides: bundled(python%{1}dist(typing-extensions)) = 4.7.1
Provides: bundled(python%{1}dist(urllib3)) = 1.26.16
Provides: bundled(python%{1}dist(webencodings)) = 0.5.1
}
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-rpm-macros
# python3 bootstrap: this is rebuilt before the final build of python3, which
# adds the dependency on python3-rpm-generators, so we require it manually
# Note that the package prefix is always python3-, even if we build for 3.X
BuildRequires: python3-rpm-generators
# We utilize the main Python's stack sphinx to build the manual pages
BuildRequires: python3-sphinx
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: bash-completion
BuildRequires: python%{python3_pkgversion}-wheel
BuildRequires: ca-certificates
Requires: ca-certificates
%if %{with tests}
BuildRequires: /usr/bin/git
BuildRequires: /usr/bin/hg
BuildRequires: /usr/bin/bzr
BuildRequires: /usr/bin/svn
BuildRequires: python%{python3_pkgversion}-setuptools-wheel
BuildRequires: python%{python3_pkgversion}-wheel-wheel
BuildRequires: python%{python3_pkgversion}-cryptography
BuildRequires: python%{python3_pkgversion}-mock
BuildRequires: python%{python3_pkgversion}-pytest
BuildRequires: python%{python3_pkgversion}-pretend
BuildRequires: python%{python3_pkgversion}-freezegun
BuildRequires: python%{python3_pkgversion}-scripttest
BuildRequires: python%{python3_pkgversion}-virtualenv
BuildRequires: python%{python3_pkgversion}-werkzeug
BuildRequires: python%{python3_pkgversion}-pyyaml
BuildRequires: python%{python3_pkgversion}-tomli-w
BuildRequires: python%{python3_pkgversion}-installer
%endif
# This was previously required and we keep it recommended because a lot of
# sdists installed via pip will try to import setuptools.
# But pip doesn't actually require setuptools.
# It can install wheels without them and it can build wheels in isolation mode
# (using setuptools/flit/poetry/... installed from PyPI).
# Side note: pip bundles pkg_resources from setuptools for internal usage.
Recommends: python%{python3_pkgversion}-setuptools
# Require alternatives version that implements the --keep-foreign flag and fixes rhbz#2203820
Requires(postun): alternatives >= 1.19.2-1
# python3.12 installs the alternatives master symlink to which we attach a slave
Requires: python%{python3_pkgversion}
Requires(post): python%{python3_pkgversion}
Requires(postun): python%{python3_pkgversion}
# Virtual provides for the packages bundled by pip:
%{bundled %{python3_pkgversion}}
%description -n python%{python3_pkgversion}-%{srcname}
pip is a package management system used to install and manage software packages
written in Python. Many packages can be found in the Python Package Index
(PyPI). pip is a recursive acronym that can stand for either "Pip Installs
Packages" or "Pip Installs Python".
%package -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
Summary: The pip wheel
Requires: ca-certificates
# Virtual provides for the packages bundled by pip:
%{bundled %{python3_pkgversion}}
%description -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
A Python wheel of pip to use with venv.
%prep
%autosetup -p1 -n %{srcname}-%{upstream_version}
# this goes together with patch4
rm src/pip/_vendor/certifi/*.pem
# Remove unneeded doc dependencies
sed -i '/myst_parser/d;/sphinx_copybutton/d;/sphinx_inline_tabs/d;/sphinxcontrib.towncrier/d' docs/html/conf.py
# tests expect wheels in here
ln -s %{python_wheel_dir} tests/data/common_wheels
# Remove windows executable binaries
rm -v src/pip/_vendor/distlib/*.exe
sed -i '/\.exe/d' setup.py
# Remove RIGHT-TO-LEFT OVERRIDE from AUTHORS.txt
# https://github.com/pypa/pip/pull/12046
%{python3} -c 'from pathlib import Path; p = Path("AUTHORS.txt"); p.write_text("".join(c for c in p.read_text() if c != "\u202e"))'
%build
%py3_build_wheel
%install
# The following is similar to %%pyproject_install, but we don't have
# /usr/bin/pip yet, so we install using the wheel directly.
# (This is not standard wheel usage, but the pip wheel supports it -- see
# pip/__main__.py)
%{python3} dist/%{python_wheel_name}/pip install \
--root %{buildroot} \
--no-deps \
--disable-pip-version-check \
--progress-bar off \
--verbose \
--ignore-installed \
--no-warn-script-location \
--no-index \
--no-cache-dir \
--find-links dist \
'pip==%{upstream_version}'
# Install the man pages
tar -xvf %{SOURCE1}
pushd docs/build/man
install -d %{buildroot}%{_mandir}/man1
for MAN in *1; do
install -pm0644 $MAN %{buildroot}%{_mandir}/man1/${MAN/pip/pip%{python3_pkgversion}}
install -pm0644 $MAN %{buildroot}%{_mandir}/man1/${MAN/pip/pip-%{python3_pkgversion}}
done
popd
mkdir -p %{buildroot}%{bashcompdir}
PYTHONPATH=%{buildroot}%{python3_sitelib} \
%{buildroot}%{_bindir}/pip completion --bash \
> %{buildroot}%{bashcompdir}/pip%{python3_pkgversion}
# Make bash completion apply to all the 5 symlinks we install
sed -i -e "s/^\\(complete.*\\) pip\$/\\1 pip{,-}%{python3_pkgversion}}/" \
-e s/_pip_completion/_pip%{python3_pkgversion}_completion/ \
%{buildroot}%{bashcompdir}/pip%{python3_pkgversion}
# Provide symlinks to executables to comply with Fedora guidelines for Python
ln -s ./pip%{python3_pkgversion} %{buildroot}%{_bindir}/pip-%{python3_pkgversion}
# Make sure the INSTALLER is not pip and remove RECORD
# %%pyproject macros do this for all packages
echo rpm > %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/INSTALLER
rm %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/RECORD
mkdir -p %{buildroot}%{python_wheel_dir}
install -p dist/%{python_wheel_name} -t %{buildroot}%{python_wheel_dir}
# RHEL: Remove binaries conflicting with RHEL's main pip
rm %{buildroot}%{_bindir}/pip
rm %{buildroot}%{_bindir}/pip3
# All ghost files controlled by alternatives need to exist for the files
# section check to succeed
touch %{buildroot}%{_bindir}/pip3
touch %{buildroot}%{_bindir}/pip-3
%check
%if 0%{?rhel} >= 9
# The test cannot run on RHEL8 due to the test script missing from RPM.
# Verify bundled provides are up to date
%{_rpmconfigdir}/pythonbundles.py src/pip/_vendor/vendor.txt --namespace 'python%{python3_pkgversion}dist' \
--compare-with '%{bundled %{python3_pkgversion}}'
%endif
%if %{with tests}
# Upstream tests
# bash completion tests only work from installed package
pytest_k='not completion'
# --deselect'ed tests are not compatible with the latest virtualenv
# These files contain almost 500 tests so we should enable them back
# as soon as pip will be compatible upstream
# https://github.com/pypa/pip/pull/8441
%pytest -m 'not network' -k "$(echo $pytest_k)" \
--deselect tests/functional --deselect tests/lib/test_lib.py
%endif
%post -n python%{python3_pkgversion}-%{srcname}
alternatives --keep-foreign --add-slave python3 %{_bindir}/python%{python3_version} \
%{_bindir}/pip3 \
pip3 \
%{_bindir}/pip%{python3_version}
alternatives --keep-foreign --add-slave python3 %{_bindir}/python%{python3_version} \
%{_bindir}/pip-3 \
pip-3 \
%{_bindir}/pip-%{python3_version}
%postun -n python%{python3_pkgversion}-%{srcname}
# Do this only during uninstall process (not during update)
if [ $1 -eq 0 ]; then
# Only remove the slave links if the master link for python3 still exists.
# Due to a possible bug in yum, python3.12 gets removed before python3.12-pip
# even though we have declared Requires(postun): python3.12
EXISTS=`alternatives --display python3 | \
grep -c "^/usr/bin/python%{python3_version} - priority [0-9]*"`
if [ $EXISTS -ne 0 ]; then
alternatives --keep-foreign --remove-slave python3 %{_bindir}/python%{python3_version} \
pip3
alternatives --keep-foreign --remove-slave python3 %{_bindir}/python%{python3_version} \
pip-3
fi
fi
%files -n python%{python3_pkgversion}-%{srcname}
%doc README.rst
%license %{python3_sitelib}/pip-%{upstream_version}.dist-info/LICENSE.txt
%{_mandir}/man1/pip%{python3_pkgversion}.*
%{_mandir}/man1/pip%{python3_pkgversion}-*.*
%{_mandir}/man1/pip-%{python3_pkgversion}.*
%{_mandir}/man1/pip-%{python3_pkgversion}-*.*
%{_bindir}/pip%{python3_pkgversion}
%{_bindir}/pip-%{python3_pkgversion}
%{python3_sitelib}/pip*
%dir %{bashcompdir}
%{bashcompdir}/pip%{python3_pkgversion}
%ghost %{_bindir}/pip3
%ghost %{_bindir}/pip-3
%files -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
%license LICENSE.txt
# we own the dir for simplicity
%dir %{python_wheel_dir}/
%{python_wheel_dir}/%{python_wheel_name}
%changelog
* Fri Feb 16 2024 Charalampos Stratakis <cstratak@redhat.com> - 23.2.1-4
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
Resolves: RHEL-25737
* Thu Jan 25 2024 Miro Hrončok <mhroncok@redhat.com> - 23.2.1-3
- Don't RPM Provide pip
- Remove a superfluous RPM Conflict with python-pip
- Allows to install python3.12-pip together with python3-pip
* Tue Jan 23 2024 Miro Hrončok <mhroncok@redhat.com> - 23.2.1-2
- Rebuilt for timestamp .pyc invalidation mode
* Fri Oct 6 2023 Tomáš Hrnčiar <thrnciar@redhat.com> - 23.2.1-1
- Initial package
- Fedora contributions by:
Bill Nottingham <notting@fedoraproject.org>
Charalampos Stratakis <cstratak@redhat.com>
David Malcolm <dmalcolm@redhat.com>
Dennis Gilmore <dennis@ausil.us>
Jon Ciesla <limburgher@gmail.com>
Karolina Surma <ksurma@redhat.com>
Kevin Fenzi <kevin@fedoraproject.org>
Kevin Kofler <Kevin@tigcc.ticalc.org>
Luke Macken <lmacken@redhat.com>
Lumir Balhar <lbalhar@redhat.com>
Marcel Plch <mplch@redhat.com>
Matej Stuchlik <mstuchli@redhat.com>
Michal Cyprian <m.cyprian@gmail.com>
Miro Hrončok <miro@hroncok.cz>
Orion Poplawski <orion@cora.nwra.com>
Pádraig Brady <P@draigBrady.com>
Peter Halliday <hoangelos@fedoraproject.org>
Petr Viktorin <pviktori@redhat.com>
Robert Kuska <rkuska@redhat.com>
Slavek Kabrda <bkabrda@redhat.com>
Tim Flink <tflink@fedoraproject.org>
Tomáš Hrnčiar <thrnciar@redhat.com>
Tomas Orsava <tomas.n@orsava.cz>
Toshio Kuratomi <toshio@fedoraproject.org>
Ville Skyttä <ville.skytta@iki.fi>