.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1,6 @@
-SOURCES/setuptools-78.1.1.tar.gz
+/setuptools-*.tar.gz
+/setuptools-*.zip
+/setuptools-*/
+/pkg_resources-tests-data-*.tar.gz
+/results_python-setuptools/
+*.rpm

.python3.14-setuptools.metadata

@@ -1 +0,0 @@
-b752a80ce7dc2541ed53731347844516a80830ab SOURCES/setuptools-78.1.1.tar.gz

4356.patch

@@ -0,0 +1,40 @@
+From d53bf1509f40c8e84feb62ac13e91b76074a063a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
+Date: Tue, 14 May 2024 16:19:02 +0200
+Subject: [PATCH] Explicitly disallow resource paths starting with single
+ backslash
+
+Previously, such paths were disallowed implicitly
+as they were treated as Windows absolute paths.
+
+Since Python 3.13, paths starting with a single backslash are not considered
+Windows-absolute, so we treat them specially.
+
+This change makes the existing doctest pass with Python 3.13.
+
+Partially fixes https://github.com/pypa/setuptools/issues/4196
+---
+ pkg_resources/__init__.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/pkg_resources/__init__.py b/pkg_resources/__init__.py
+index 713d9bdfa3..faee7dec79 100644
+--- a/pkg_resources/__init__.py
++++ b/pkg_resources/__init__.py
+@@ -1604,6 +1604,7 @@ def _validate_resource_path(path):
+             os.path.pardir in path.split(posixpath.sep)
+             or posixpath.isabs(path)
+             or ntpath.isabs(path)
++            or path.startswith("\\")
+         )
+         if not invalid:
+             return
+@@ -1611,7 +1612,7 @@ def _validate_resource_path(path):
+         msg = "Use of .. or absolute path in a resource path is not allowed."
+ 
+         # Aggressively disallow Windows absolute paths
+-        if ntpath.isabs(path) and not posixpath.isabs(path):
++        if (path.startswith("\\") or ntpath.isabs(path)) and not posixpath.isabs(path):
+             raise ValueError(msg)
+ 
+         # for compatibility, warn; in future

4357.patch

@@ -0,0 +1,30 @@
+From c6266e423fa26aafa01f1df71de7c6613273155e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
+Date: Tue, 14 May 2024 16:24:07 +0200
+Subject: [PATCH] Make the validation test for entry-points work with Python
+ 3.13+
+
+The exception in importlib.metadata has changed.
+See https://github.com/python/importlib_metadata/issues/488
+
+This makes an existing test pass with Python 3.13.
+
+Partially fixes https://github.com/pypa/setuptools/issues/4196
+---
+ setuptools/_entry_points.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/setuptools/_entry_points.py b/setuptools/_entry_points.py
+index 747a69067e..b244e78387 100644
+--- a/setuptools/_entry_points.py
++++ b/setuptools/_entry_points.py
+@@ -17,7 +17,8 @@ def ensure_valid(ep):
+     """
+     try:
+         ep.extras
+-    except AttributeError as ex:
++    except (AttributeError, AssertionError) as ex:
++        # Why both? See https://github.com/python/importlib_metadata/issues/488
+         msg = (
+             f"Problems to parse {ep}.\nPlease ensure entry-point follows the spec: "
+             "https://packaging.python.org/en/latest/specifications/entry-points/"

CVE-2024-6345.patch

@@ -0,0 +1,116 @@
+From 472528deea4063f20c5d9525f0faf64ae0cd0a90 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Wed, 24 Jul 2024 14:26:09 +0200
+Subject: [PATCH] CVE-2024-6345
+
+---
+ setuptools/package_index.py           | 21 +++++----------------
+ setuptools/tests/test_packageindex.py | 20 ++++++++++----------
+ 2 files changed, 15 insertions(+), 26 deletions(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 7095585..1368bde 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -1,5 +1,6 @@
+ """PyPI and direct package downloading."""
+ 
++import subprocess
+ import sys
+ import os
+ import re
+@@ -881,17 +882,11 @@ class PackageIndex(Environment):
+         url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
+ 
+         self.info("Doing git clone from %s to %s", url, filename)
+-        os.system("git clone --quiet %s %s" % (url, filename))
++        subprocess.check_call(["git", "clone", "--quiet", url, filename])
+ 
+         if rev is not None:
+             self.info("Checking out %s", rev)
+-            os.system(
+-                "git -C %s checkout --quiet %s"
+-                % (
+-                    filename,
+-                    rev,
+-                )
+-            )
++            subprocess.check_call(["git", "-C", filename, "checkout", "--quiet", rev])
+ 
+         return filename
+ 
+@@ -900,17 +895,11 @@ class PackageIndex(Environment):
+         url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
+ 
+         self.info("Doing hg clone from %s to %s", url, filename)
+-        os.system("hg clone --quiet %s %s" % (url, filename))
++        subprocess.check_call(["hg", "clone", "--quiet", url, filename])
+ 
+         if rev is not None:
+             self.info("Updating to %s", rev)
+-            os.system(
+-                "hg --cwd %s up -C -r %s -q"
+-                % (
+-                    filename,
+-                    rev,
+-                )
+-            )
++            subprocess.check_call(["hg", "--cwd", filename, "up", "-C", "-r", rev, "-q"])
+ 
+         return filename
+ 
+diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py
+index 0287063..c136e8d 100644
+--- a/setuptools/tests/test_packageindex.py
++++ b/setuptools/tests/test_packageindex.py
+@@ -190,37 +190,37 @@ class TestPackageIndex:
+         url = 'git+https://github.example/group/project@master#egg=foo'
+         index = setuptools.package_index.PackageIndex()
+ 
+-        with mock.patch("os.system") as os_system_mock:
++        with mock.patch("subprocess.check_call") as subprocess_check_call_mock:
+             result = index.download(url, str(tmpdir))
+ 
+-        os_system_mock.assert_called()
++        subprocess_check_call_mock.assert_called()
+ 
+         expected_dir = str(tmpdir / 'project@master')
+         expected = (
+             'git clone --quiet ' 'https://github.example/group/project {expected_dir}'
+-        ).format(**locals())
+-        first_call_args = os_system_mock.call_args_list[0][0]
++        ).format(**locals()).split()
++        first_call_args = subprocess_check_call_mock.call_args_list[0][0]
+         assert first_call_args == (expected,)
+ 
+         tmpl = 'git -C {expected_dir} checkout --quiet master'
+-        expected = tmpl.format(**locals())
+-        assert os_system_mock.call_args_list[1][0] == (expected,)
++        expected = tmpl.format(**locals()).split()
++        assert subprocess_check_call_mock.call_args_list[1][0] == (expected,)
+         assert result == expected_dir
+ 
+     def test_download_git_no_rev(self, tmpdir):
+         url = 'git+https://github.example/group/project#egg=foo'
+         index = setuptools.package_index.PackageIndex()
+ 
+-        with mock.patch("os.system") as os_system_mock:
++        with mock.patch("subprocess.check_call") as subprocess_check_call_mock:
+             result = index.download(url, str(tmpdir))
+ 
+-        os_system_mock.assert_called()
++        subprocess_check_call_mock.assert_called()
+ 
+         expected_dir = str(tmpdir / 'project')
+         expected = (
+             'git clone --quiet ' 'https://github.example/group/project {expected_dir}'
+-        ).format(**locals())
+-        os_system_mock.assert_called_once_with(expected)
++        ).format(**locals()).split()
++        subprocess_check_call_mock.assert_called_once_with(expected)
+ 
+     def test_download_svn(self, tmpdir):
+         url = 'svn+https://svn.example/project#egg=foo'
+-- 
+2.45.2
+

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plan.fmf

@@ -0,0 +1,56 @@
+execute:
+  how: tmt
+
+discover:
+  - name: rpms_pyproject-rpm-macros
+    how: shell
+    url: https://gitlab.com/redhat/centos-stream/rpms/pyproject-rpm-macros.git
+    ref: c10s
+    tests:
+    - name: pyproject_pytest
+      path: /tests
+      test: ./mocktest.sh python-isort
+  - name: same_repo
+    how: shell
+    dist-git-source: true
+    dist-git-download-only: true
+    tests:
+    - name: import_test
+      test: python3.14 -c "import setuptools"
+    - name: mock_bootstrap_build
+      # Needs cwd to contain downloaded sources, path to mocktes.sh depends on tmt tree structure
+      test: |
+        cd $TMT_SOURCE_DIR &&
+        $TMT_TREE/../discover/rpms_pyproject-rpm-macros/tests/tests/mocktest.sh python-setuptools --with bootstrap
+  - name: tests_python
+    how: shell
+    url: https://gitlab.com/redhat/centos-stream/tests/python.git
+    tests:
+    - name: smoke312_virtualenv
+      path: /smoke
+      test:  VERSION=3.12 METHOD=virtualenv VIRTUALENV_SETUPTOOLS=bundle ./venv.sh
+    - name: smoke314_virtualenv
+      path: /smoke
+      test:  VERSION=3.14 METHOD=virtualenv VIRTUALENV_SETUPTOOLS=bundle ./venv.sh
+
+prepare:
+  - name: Install dependencies
+    how: install
+    package:
+    - gcc
+    - virtualenv
+    - python3.12-devel
+    - python3.14-devel
+    - python3-devel
+    - python3-tox
+    - mock
+    - rpmdevtools
+    - rpm-build
+    - dnf
+  - name: Update packages
+    how: shell
+    script: dnf upgrade -y
+  - name: rpm_qa
+    order: 100
+    how: shell
+    script: rpm -qa | sort | tee $TMT_PLAN_DATA/rpmqa.txt

python-setuptools.rpmlintrc

@@ -0,0 +1,14 @@
+# let's not report duplicate __init__s
+addFilter(r'W: files-duplicate .+__init__\.py ')
+
+# setuptools and pkg_resources have duplicated vendored libraries
+# we might want to de-duplicate this somehow in the future, but not yet
+# regex a bit complex to allow arbitrary order
+addFilter(r'W: files-duplicate .+/(setuptools/_vendor/.+ .+/pkg_resources|pkg_resources/_vendor/.+ .+/setuptools)/_vendor/')
+
+# When duplicate files are found, this errors is produced
+# as long as we filter out the warnings, we need to filter the error as well
+addFilter(r'E: files-duplicated-waste')
+
+# no %doc in the wheel packages
+addFilter(r'python-setuptools-wheel.noarch: (E|W): no-documentation')

python3.14-setuptools.spec

@@ -1,13 +1,3 @@
-## START: Set by rpmautospec
-## (rpmautospec version 0.6.5)
-## RPMAUTOSPEC: autorelease, autochangelog
-%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 4;
-    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
-    print(release_number + base_release_number - 1);
-}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
-## END: Set by rpmautospec
-
 %global python3_pkgversion 3.14
 
 %global srcname setuptools
@@ -242,20 +232,4 @@ PYTHONPATH=$(pwd) %pytest \
 
 
 %changelog
-## START: Generated by rpmautospec
+%autochangelog
-* Thu Nov 27 2025 Lumir Balhar <lbalhar@redhat.com> - 78.1.1-4
-- Disable bootstrap
-
-* Tue Nov 25 2025 Lukáš Zachar <lzachar@redhat.com> - 78.1.1-3
-- Adjust gating
-- Generic gating.yaml for all rhel
-- Use CS repos instead of Fedora
-- Remove python versions not available on c9s
-- use python-isort to test
-
-* Tue Nov 25 2025 Tomáš Hrnčiar <thrnciar@redhat.com> - 78.1.1-2
-- Convert from Fedora for the Python 3.14 stack in RHEL
-
-* Tue Nov 25 2025 Tomáš Hrnčiar <thrnciar@redhat.com> - 78.1.1-1
-- RHEL: Rename SPEC to python3.14-setuptools.spec
-## END: Generated by rpmautospec

sources

@@ -0,0 +1 @@
+SHA512 (setuptools-78.1.1.tar.gz) = 0a44bb3f9e5c9b247ada0854552042e7733d6908a8b2ce82d750a7bebbd94a15c9f453343dc131e34cfa641bec300611d57ea8e52ee8ad4971a026ad6cc8b938