powerel9
/
python3.11-pip
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

initial package creation 

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 1 month ago
commit
849f38d8c1
7 changed files with 828 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 78
      SOURCES/cve-2007-4559-tarfile.patch
  2. 128
      SOURCES/dummy-certifi.patch
  3. 16
      SOURCES/no-version-warning.patch
  4. 76
      SOURCES/nowarn-pip._internal.main.patch
  5. 27
      SOURCES/pip-allow-different-versions.patch
  6. 115
      SOURCES/remove-existing-dist-only-if-path-conflicts.patch
  7. 388
      SPECS/python3.11-pip.spec

78
SOURCES/cve-2007-4559-tarfile.patch
Unescape View File

@ -0,0 +1,78 @@
Minimal patch for pip

diff -rU3 pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py pip-22.3.1/src/pip/_internal/utils/unpacking.py
--- pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py 2022-11-05 16:25:43.000000000 +0100
+++ pip-22.3.1/src/pip/_internal/utils/unpacking.py 2023-08-08 13:17:47.705613554 +0200
@@ -184,6 +184,13 @@
"outside target directory ({})"
)
raise InstallationError(message.format(filename, path, location))
+
+ # Call the `data` filter for its side effect (raising exception)
+ try:
+ tarfile.data_filter(member.replace(name=fn), location)
+ except tarfile.LinkOutsideDestinationError:
+ pass
+
if member.isdir():
ensure_dir(path)
elif member.issym():


Test from https://github.com/pypa/pip/pull/12214

diff -rU3 pip-22.3.1-orig/tests/unit/test_utils_unpacking.py pip-22.3.1/tests/unit/test_utils_unpacking.py
--- pip-22.3.1-orig/tests/unit/test_utils_unpacking.py 2022-11-05 16:25:43.000000000 +0100
+++ pip-22.3.1/tests/unit/test_utils_unpacking.py 2023-08-08 13:17:35.151540108 +0200
@@ -171,6 +171,23 @@
test_tar = self.make_tar_file("test_tar.tar", files)
untar_file(test_tar, self.tempdir)
+ def test_unpack_tar_filter(self) -> None:
+ """
+ Test that the tarfile.data_filter is used to disallow dangerous
+ behaviour (PEP-721)
+ """
+ test_tar = os.path.join(self.tempdir, "test_tar_filter.tar")
+ with tarfile.open(test_tar, "w") as mytar:
+ file_tarinfo = tarfile.TarInfo("bad-link")
+ file_tarinfo.type = tarfile.SYMTYPE
+ file_tarinfo.linkname = "../../../../pwn"
+ mytar.addfile(file_tarinfo, io.BytesIO(b""))
+ with pytest.raises(InstallationError) as e:
+ untar_file(test_tar, self.tempdir)
+
+ assert "is outside the destination" in str(e.value)
+
+
def test_unpack_tar_unicode(tmpdir: Path) -> None:
test_tar = tmpdir / "test.tar"


Patch for vendored distlib from https://github.com/pypa/distlib/pull/201

diff --git a/distlib/util.py b/distlib/util.py
index e0622e4..4349d0b 100644
--- a/src/pip/_vendor/distlib/util.py
+++ b/src/pip/_vendor/distlib/util.py
@@ -1249,6 +1249,19 @@ def check_path(path):
for tarinfo in archive.getmembers():
if not isinstance(tarinfo.name, text_type):
tarinfo.name = tarinfo.name.decode('utf-8')
+
+ # Limit extraction of dangerous items, if this Python
+ # allows it easily. If not, just trust the input.
+ # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
+ def extraction_filter(member, path):
+ """Run tarfile.tar_fillter, but raise the expected ValueError"""
+ # This is only called if the current Python has tarfile filters
+ try:
+ return tarfile.tar_filter(member, path)
+ except tarfile.FilterError as exc:
+ raise ValueError(str(exc))
+ archive.extraction_filter = extraction_filter
+
archive.extractall(dest_dir)
finally:

128
SOURCES/dummy-certifi.patch
Unescape View File

@ -0,0 +1,128 @@
From 09c983fdeabe3fa0b90b73f32ddf84a61e498e09 Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Tue, 15 Nov 2022 09:22:46 +0100
Subject: [PATCH] Dummy certifi patch

---
src/pip/_vendor/certifi/core.py | 105 ++------------------------------
1 file changed, 6 insertions(+), 99 deletions(-)

diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
index c3e5466..eb297f7 100644
--- a/src/pip/_vendor/certifi/core.py
+++ b/src/pip/_vendor/certifi/core.py
@@ -4,105 +4,12 @@ certifi.py
This module returns the installation location of cacert.pem or its contents.
"""
-import sys
+# The RPM-packaged certifi always uses the system certificates
+def where() -> str:
+ return '/etc/pki/tls/certs/ca-bundle.crt'
-if sys.version_info >= (3, 11):
+def contents() -> str:
+ with open(where(), encoding='utf=8') as data:
+ return data.read()
- from importlib.resources import as_file, files
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the file
- # in cases where we're inside of a zipimport situation until someone
- # actually calls where(), but we don't want to re-extract the file
- # on every call of where(), so we'll do it once then store it in a
- # global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you to
- # manage the cleanup of this file, so it doesn't actually return a
- # path, it returns a context manager that will give you the path
- # when you enter it and will do any cleanup when you leave it. In
- # the common case of not needing a temporary file, it will just
- # return the file system location and the __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
-
-elif sys.version_info >= (3, 7):
-
- from importlib.resources import path as get_path, read_text
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the
- # file in cases where we're inside of a zipimport situation until
- # someone actually calls where(), but we don't want to re-extract
- # the file on every call of where(), so we'll do it once then store
- # it in a global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you
- # to manage the cleanup of this file, so it doesn't actually
- # return a path, it returns a context manager that will give
- # you the path when you enter it and will do any cleanup when
- # you leave it. In the common case of not needing a temporary
- # file, it will just return the file system location and the
- # __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
-
-else:
- import os
- import types
- from typing import Union
-
- Package = Union[types.ModuleType, str]
- Resource = Union[str, "os.PathLike"]
-
- # This fallback will work for Python versions prior to 3.7 that lack the
- # importlib.resources module but relies on the existing `where` function
- # so won't address issues with environments like PyOxidizer that don't set
- # __file__ on modules.
- def read_text(
- package: Package,
- resource: Resource,
- encoding: str = 'utf-8',
- errors: str = 'strict'
- ) -> str:
- with open(where(), encoding=encoding) as data:
- return data.read()
-
- # If we don't have importlib.resources, then we will just do the old logic
- # of assuming we're on the filesystem and munge the path directly.
- def where() -> str:
- f = os.path.dirname(__file__)
-
- return os.path.join(f, "cacert.pem")
-
- def contents() -> str:
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
--
2.37.3

16
SOURCES/no-version-warning.patch
Unescape View File

@ -0,0 +1,16 @@
diff --git a/src/pip/_vendor/packaging/version.py b/src/pip/_vendor/packaging/version.py
index de9a09a..154e94d 100644
--- a/src/pip/_vendor/packaging/version.py
+++ b/src/pip/_vendor/packaging/version.py
@@ -108,11 +108,6 @@ class LegacyVersion(_BaseVersion):
self._version = str(version)
self._key = _legacy_cmpkey(self._version)
- warnings.warn(
- "Creating a LegacyVersion has been deprecated and will be "
- "removed in the next major release",
- DeprecationWarning,
- )
def __str__(self) -> str:
return self._version

76
SOURCES/nowarn-pip._internal.main.patch
Unescape View File

@ -0,0 +1,76 @@
From 8dd3793d1bab226cec9c5c49b01718a9634bc403 Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Mon, 10 May 2021 16:48:49 +0200
Subject: [PATCH] Don't warn the user about pip._internal.main() entrypoint

In Fedora, we use that in ensurepip and users cannot do anything about it,
this warning is juts moot. Also, the warning breaks CPython test suite.

Co-Authored-By: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
---
src/pip/_internal/__init__.py | 2 +-
src/pip/_internal/utils/entrypoints.py | 19 ++++++++++---------
tests/functional/test_cli.py | 3 ++-
3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/pip/_internal/__init__.py b/src/pip/_internal/__init__.py
index 6afb5c6..faf25af 100755
--- a/src/pip/_internal/__init__.py
+++ b/src/pip/_internal/__init__.py
@@ -16,4 +16,4 @@ def main(args: (Optional[List[str]]) = None) -> int:
"""
from pip._internal.utils.entrypoints import _wrapper
- return _wrapper(args)
+ return _wrapper(args, _nowarn=True)
diff --git a/src/pip/_internal/utils/entrypoints.py b/src/pip/_internal/utils/entrypoints.py
index f292c64..2e29a5e 100644
--- a/src/pip/_internal/utils/entrypoints.py
+++ b/src/pip/_internal/utils/entrypoints.py
@@ -20,7 +20,7 @@ if WINDOWS:
]
-def _wrapper(args: Optional[List[str]] = None) -> int:
+def _wrapper(args: Optional[List[str]] = None, _nowarn: bool = False) -> int:
"""Central wrapper for all old entrypoints.
Historically pip has had several entrypoints defined. Because of issues
@@ -32,14 +32,15 @@ def _wrapper(args: Optional[List[str]] = None) -> int:
directing them to an appropriate place for help, we now define all of
our old entrypoints as wrappers for the current one.
"""
- sys.stderr.write(
- "WARNING: pip is being invoked by an old script wrapper. This will "
- "fail in a future version of pip.\n"
- "Please see https://github.com/pypa/pip/issues/5599 for advice on "
- "fixing the underlying issue.\n"
- "To avoid this problem you can invoke Python with '-m pip' instead of "
- "running pip directly.\n"
- )
+ if not _nowarn:
+ sys.stderr.write(
+ "WARNING: pip is being invoked by an old script wrapper. This will "
+ "fail in a future version of pip.\n"
+ "Please see https://github.com/pypa/pip/issues/5599 for advice on "
+ "fixing the underlying issue.\n"
+ "To avoid this problem you can invoke Python with '-m pip' instead of "
+ "running pip directly.\n"
+ )
return main(args)
diff --git a/tests/functional/test_cli.py b/tests/functional/test_cli.py
index 3e85703..f86c392 100644
--- a/tests/functional/test_cli.py
+++ b/tests/functional/test_cli.py
@@ -43,4 +43,5 @@ def test_entrypoints_work(entrypoint: str, script: PipTestEnvironment) -> None:
result = script.pip("-V")
result2 = script.run("fake_pip", "-V", allow_stderr_warning=True)
assert result.stdout == result2.stdout
- assert "old script wrapper" in result2.stderr
+ if entrypoint[0] != "fake_pip = pip._internal:main":
+ assert "old script wrapper" in result2.stderr
--
2.35.3

27
SOURCES/pip-allow-different-versions.patch
Unescape View File

@ -0,0 +1,27 @@
--- /usr/bin/pip3 2019-11-12 17:37:34.793131862 +0100
+++ pip3 2019-11-12 17:40:42.014107134 +0100
@@ -2,7 +2,23 @@
# -*- coding: utf-8 -*-
import re
import sys
-from pip._internal.cli.main import main
+
+try:
+ from pip._internal.cli.main import main
+except ImportError:
+ try:
+ from pip._internal.main import main
+ except ImportError:
+ try:
+ # If the user has downgraded pip, the above import will fail.
+ # Let's try older methods of invoking it:
+
+ # pip 19 uses this
+ from pip._internal import main
+ except ImportError:
+ # older pip versions use this
+ from pip import main
+
if __name__ == '__main__':
sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
sys.exit(main())

115
SOURCES/remove-existing-dist-only-if-path-conflicts.patch
Unescape View File

@ -0,0 +1,115 @@
From 2c3f3a590ddfc151a456b44a5f96f0f603d178e9 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Wed, 16 Feb 2022 08:36:21 +0100
Subject: [PATCH] Prevent removing of the system packages installed under
/usr/lib when pip install --upgrade is executed.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves: rhbz#1550368

Co-Authored-By: Michal Cyprian <m.cyprian@gmail.com>
Co-Authored-By: Victor Stinner <vstinner@redhat.com>
Co-Authored-By: Petr Viktorin <pviktori@redhat.com>
Co-Authored-By: Lumir Balhar <lbalhar@redhat.com>
Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
Co-Authored-By: Karolina Surma <ksurma@redhat.com>
---
src/pip/_internal/metadata/base.py | 12 +++++++++++-
src/pip/_internal/req/req_install.py | 2 +-
src/pip/_internal/resolution/legacy/resolver.py | 4 +++-
src/pip/_internal/resolution/resolvelib/factory.py | 12 ++++++++++++
4 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/src/pip/_internal/metadata/base.py b/src/pip/_internal/metadata/base.py
index 151fd6d..f9109cd 100644
--- a/src/pip/_internal/metadata/base.py
+++ b/src/pip/_internal/metadata/base.py
@@ -28,7 +28,7 @@ from pip._vendor.packaging.utils import NormalizedName
from pip._vendor.packaging.version import LegacyVersion, Version
from pip._internal.exceptions import NoneMetadataError
-from pip._internal.locations import site_packages, user_site
+from pip._internal.locations import get_scheme, site_packages, user_site
from pip._internal.models.direct_url import (
DIRECT_URL_METADATA_NAME,
DirectUrl,
@@ -560,6 +560,16 @@ class BaseDistribution(Protocol):
for extra in self._iter_egg_info_extras():
metadata["Provides-Extra"] = extra
+ @property
+ def in_install_path(self) -> bool:
+ """
+ Return True if given Distribution is installed in
+ path matching distutils_scheme layout.
+ """
+ norm_path = normalize_path(self.installed_location)
+ return norm_path.startswith(normalize_path(
+ get_scheme("").purelib.split('python')[0]))
+
class BaseEnvironment:
"""An environment containing distributions to introspect."""
diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
index a1e376c..ed7facf 100644
--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
@@ -416,7 +416,7 @@ class InstallRequirement:
f"lack sys.path precedence to {existing_dist.raw_name} "
f"in {existing_dist.location}"
)
- else:
+ elif existing_dist.in_install_path:
self.should_reinstall = True
else:
if self.editable:
diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py
index fb49d41..040f2c1 100644
--- a/src/pip/_internal/resolution/legacy/resolver.py
+++ b/src/pip/_internal/resolution/legacy/resolver.py
@@ -325,7 +325,9 @@ class Resolver(BaseResolver):
"""
# Don't uninstall the conflict if doing a user install and the
# conflict is not a user install.
- if not self.use_user_site or req.satisfied_by.in_usersite:
+ if ((not self.use_user_site
+ or req.satisfied_by.in_usersite)
+ and req.satisfied_by.in_install_path):
req.should_reinstall = True
req.satisfied_by = None
diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py
index a4c24b5..e7e2da9 100644
--- a/src/pip/_internal/resolution/resolvelib/factory.py
+++ b/src/pip/_internal/resolution/resolvelib/factory.py
@@ -1,6 +1,8 @@
import contextlib
import functools
import logging
+import sys
+import sysconfig
from typing import (
TYPE_CHECKING,
Dict,
@@ -549,6 +551,16 @@ class Factory:
if dist is None: # Not installed, no uninstallation required.
return None
+ # Prevent uninstalling packages from /usr
+ try:
+ if dist.installed_location in (
+ sysconfig.get_path('purelib', scheme='posix_prefix', vars={'base': sys.base_prefix}),
+ sysconfig.get_path('platlib', scheme='posix_prefix', vars={'platbase': sys.base_prefix}),
+ ):
+ return None
+ except KeyError: # this Python doesn't have 'rpm_prefix' scheme yet
+ pass
+
# We're installing into global site. The current installation must
# be uninstalled, no matter it's in global or user site, because the
# user site installation has precedence over global.
--
2.35.3

388
SPECS/python3.11-pip.spec
Unescape View File

@ -0,0 +1,388 @@
%global __python3 /usr/bin/python3.11
%global python3_pkgversion 3.11

%bcond_with tests

%global srcname pip
%global base_version 22.3.1
%global upstream_version %{base_version}%{?prerel}
%global python_wheel_name %{srcname}-%{upstream_version}-py3-none-any.whl

%global bashcompdir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null)

Name: python%{python3_pkgversion}-%{srcname}
Version: %{base_version}%{?prerel:~%{prerel}}
Release: 5%{?dist}
Summary: A tool for installing and managing Python packages

# We bundle a lot of libraries with pip, which itself is under MIT license.
# Here is the list of the libraries with corresponding licenses:

# appdirs: MIT
# certifi: MPLv2.0
# chardet: LGPLv2
# colorama: BSD
# CacheControl: ASL 2.0
# distlib: Python
# distro: ASL 2.0
# html5lib: MIT
# idna: BSD
# ipaddress: Python
# msgpack: ASL 2.0
# packaging: ASL 2.0 or BSD
# pep517: MIT
# progress: ISC
# pygments: BSD
# pyparsing: MIT
# requests: ASL 2.0
# resolvelib: ISC
# rich: MIT
# setuptools: MIT
# six: MIT
# tenacity: ASL 2.0
# tomli: MIT
# typing-extensions: Python
# urllib3: MIT
# webencodings: BSD

License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
URL: https://pip.pypa.io/
Source0: https://github.com/pypa/pip/archive/%{upstream_version}/%{srcname}-%{upstream_version}.tar.gz
BuildArch: noarch

# Prevent removing of the system packages installed under /usr/lib
# when pip install -U is executed.
# https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24
# Could be replaced with https://www.python.org/dev/peps/pep-0668/
Patch0: remove-existing-dist-only-if-path-conflicts.patch

# Use the system level root certificate instead of the one bundled in certifi
# https://bugzilla.redhat.com/show_bug.cgi?id=1655253
# The same patch is a part of the RPM-packaged python-certifi
Patch1: dummy-certifi.patch

# Don't warn the user about pip._internal.main() entrypoint
# In Fedora, we use that in ensurepip and users cannot do anything about it,
# this warning is juts moot. Also, the warning breaks CPython test suite.
Patch2: nowarn-pip._internal.main.patch

# Don't warn the user about packaging's LegacyVersion being deprecated.
# (This also breaks Python's test suite when warnings are treated as errors.)
# Upstream issue: https://github.com/pypa/packaging/issues/368
Patch3: no-version-warning.patch

# CVE-2007-4559, PEP-721, PEP-706: Use tarfile.data_filter for extracting
# - Minimal downstream-only patch, to be replaced by upstream solution
# proposed in https://github.com/pypa/pip/pull/12214
# - Test patch submitted upstream in the above pull request
# - Patch for vendored distlib, accepted upstream:
# https://github.com/pypa/distlib/pull/201
Patch4: cve-2007-4559-tarfile.patch

# Downstream only patch
# Users might have local installations of pip from using
# `pip install --user --upgrade pip` on older/newer versions.
# If they do that and they run `pip` or `pip3`, the one from /usr/bin is used.
# However that's the one from this RPM package and the import in there might
# fail (it tries to import from ~/.local, but older or newer pip is there with
# a bit different API).
# We add this patch as a dirty workaround to make /usr/bin/pip* work with
# both pip10+ (from this RPM) and older or newer (19.3+) pip (from whatever).
# A proper fix is to put ~/.local/bin in front of /usr/bin in the PATH,
# however others are against that and we cannot change it for existing
# installs/user homes anyway.
# https://bugzilla.redhat.com/show_bug.cgi?id=1569488
# https://bugzilla.redhat.com/show_bug.cgi?id=1571650
# https://bugzilla.redhat.com/show_bug.cgi?id=1767212
# WARNING: /usr/bin/pip* are entrypoints, this cannot be applied in %%prep!
# %%patch10 doesn't work outside of %%prep, so we add it as a source
# Note that since pip 20, old main() import paths are preserved for backwards
# compatibility: https://github.com/pypa/pip/issues/7498
# Meaning we don't need to update any of the older pips to support 20+
# We also don't need to update Pythons to use new import path in ensurepip
Source10: pip-allow-different-versions.patch


# Virtual provides for the packages bundled by pip.
# You can generate it with:
# %%{_rpmconfigdir}/pythonbundles.py --namespace 'python%%{1}dist' src/pip/_vendor/vendor.txt
%global bundled() %{expand:
Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.11
Provides: bundled(python%{1}dist(certifi)) = 2022.9.24
Provides: bundled(python%{1}dist(chardet)) = 5
Provides: bundled(python%{1}dist(colorama)) = 0.4.5
Provides: bundled(python%{1}dist(distlib)) = 0.3.6
Provides: bundled(python%{1}dist(distro)) = 1.7
Provides: bundled(python%{1}dist(idna)) = 3.4
Provides: bundled(python%{1}dist(msgpack)) = 1.0.4
Provides: bundled(python%{1}dist(packaging)) = 21.3
Provides: bundled(python%{1}dist(pep517)) = 0.13
Provides: bundled(python%{1}dist(platformdirs)) = 2.5.2
Provides: bundled(python%{1}dist(pygments)) = 2.13
Provides: bundled(python%{1}dist(pyparsing)) = 3.0.9
Provides: bundled(python%{1}dist(requests)) = 2.28.1
Provides: bundled(python%{1}dist(resolvelib)) = 0.8.1
Provides: bundled(python%{1}dist(rich)) = 12.5.1
Provides: bundled(python%{1}dist(setuptools)) = 44
Provides: bundled(python%{1}dist(six)) = 1.16
Provides: bundled(python%{1}dist(tenacity)) = 8.1
Provides: bundled(python%{1}dist(tomli)) = 2.0.1
Provides: bundled(python%{1}dist(typing-extensions)) = 4.4
Provides: bundled(python%{1}dist(urllib3)) = 1.26.12
Provides: bundled(python%{1}dist(webencodings)) = 0.5.1
}

# Some manylinux1 wheels need libcrypt.so.1.
# Manylinux1, a common (as of 2019) platform tag for binary wheels, relies
# on a glibc version that included ancient crypto functions, which were
# moved to libxcrypt and then removed in:
# https://fedoraproject.org/wiki/Changes/FullyRemoveDeprecatedAndUnsafeFunctionsFromLibcrypt
# The manylinux1 standard assumed glibc would keep ABI compatibility,
# but that's only the case if libcrypt.so.1 (libxcrypt-compat) is around.
# This should be solved in the next manylinux standard (but it may be
# a long time until manylinux1 is phased out).
# See: https://github.com/pypa/manylinux/issues/305
# Note that manylinux is only applicable to x86 (both 32 and 64 bits)
%global crypt_compat_recommends() %{expand:
Recommends: (libcrypt.so.1()(64bit) if python%{1}(x86-64))
Recommends: (libcrypt.so.1 if python%{1}(x86-32))
}

BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-rpm-macros
# python3 bootstrap: this is rebuilt before the final build of python3, which
# adds the dependency on python3-rpm-generators, so we require it manually
# Note that the package prefix is always python3-, even if we build for 3.X
BuildRequires: python3-rpm-generators
# We utilize the main Python's stack sphinx to build the manual pages
BuildRequires: python3-sphinx
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: bash-completion
BuildRequires: python%{python3_pkgversion}-wheel
BuildRequires: ca-certificates
Requires: ca-certificates

%if %{with tests}
BuildRequires: /usr/bin/git
BuildRequires: /usr/bin/hg
BuildRequires: /usr/bin/bzr
BuildRequires: /usr/bin/svn
BuildRequires: python%{python3_pkgversion}-setuptools-wheel
BuildRequires: python%{python3_pkgversion}-wheel-wheel
BuildRequires: python%{python3_pkgversion}-cryptography
BuildRequires: python%{python3_pkgversion}-mock
BuildRequires: python%{python3_pkgversion}-pytest
BuildRequires: python%{python3_pkgversion}-pretend
BuildRequires: python%{python3_pkgversion}-freezegun
BuildRequires: python%{python3_pkgversion}-scripttest
BuildRequires: python%{python3_pkgversion}-virtualenv
BuildRequires: python%{python3_pkgversion}-werkzeug
BuildRequires: python%{python3_pkgversion}-pyyaml
BuildRequires: python%{python3_pkgversion}-tomli-w
BuildRequires: python%{python3_pkgversion}-installer
%endif


# pip has to require explicit version of python that provides
# filters in tarfile module (fix for CVE-2007-4559).
Requires: python%{python3_pkgversion} >= 3.11.4-3


# This was previously required and we keep it recommended because a lot of
# sdists installed via pip will try to import setuptools.
# But pip doesn't actually require setuptools.
# It can install wheels without them and it can build wheels in isolation mode
# (using setuptools/flit/poetry/... installed from PyPI).
# Side note: pip bundles pkg_resources from setuptools for internal usage.
Recommends: python%{python3_pkgversion}-setuptools

# Virtual provides for the packages bundled by pip:
%{bundled %{python3_pkgversion}}

%{crypt_compat_recommends %{python3_pkgversion}}

%description -n python%{python3_pkgversion}-%{srcname}
pip is a package management system used to install and manage software packages
written in Python. Many packages can be found in the Python Package Index
(PyPI). pip is a recursive acronym that can stand for either "Pip Installs
Packages" or "Pip Installs Python".

%package -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
Summary: The pip wheel
Requires: ca-certificates
# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
Conflicts: python%{python3_pkgversion} < 3.11.4-3

# Virtual provides for the packages bundled by pip:
%{bundled %{python3_pkgversion}}

%{crypt_compat_recommends %{python3_pkgversion}}

%description -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
A Python wheel of pip to use with venv.

%prep
%autosetup -p1 -n %{srcname}-%{upstream_version}

# this goes together with patch4
rm src/pip/_vendor/certifi/*.pem

# Remove unneeded doc dependencies
sed -i '/myst_parser/d;/sphinx_copybutton/d;/sphinx_inline_tabs/d;/sphinxcontrib.towncrier/d' docs/html/conf.py

# tests expect wheels in here
ln -s %{python_wheel_dir} tests/data/common_wheels

# Remove windows executable binaries
rm -v src/pip/_vendor/distlib/*.exe
sed -i '/\.exe/d' setup.py

%build
%py3_build_wheel

# Build the man pages
export PYTHONPATH=./src/
sphinx-build-3 -b man docs/man docs/build/man -c docs/html

%install
# The following is similar to %%pyproject_install, but we don't have
# /usr/bin/pip yet, so we install using the wheel directly.
# (This is not standard wheel usage, but the pip wheel supports it -- see
# pip/__main__.py)
%{python3} dist/%{python_wheel_name}/pip install \
--root %{buildroot} \
--no-deps \
--disable-pip-version-check \
--progress-bar off \
--verbose \
--ignore-installed \
--no-warn-script-location \
--no-index \
--no-cache-dir \
--find-links dist \
'pip==%{upstream_version}'

# Install the man pages
pushd docs/build/man
install -d %{buildroot}%{_mandir}/man1
for MAN in *1; do
install -pm0644 $MAN %{buildroot}%{_mandir}/man1/${MAN/pip/pip%{python3_pkgversion}}
install -pm0644 $MAN %{buildroot}%{_mandir}/man1/${MAN/pip/pip-%{python3_pkgversion}}
done
popd

# before we ln -s anything, we apply Source10 patch to all pips:
for PIP in %{buildroot}%{_bindir}/pip*; do
patch -p1 --no-backup-if-mismatch $PIP < %{SOURCE10}
done

mkdir -p %{buildroot}%{bashcompdir}
PYTHONPATH=%{buildroot}%{python3_sitelib} \
%{buildroot}%{_bindir}/pip completion --bash \
> %{buildroot}%{bashcompdir}/pip%{python3_pkgversion}

# Make bash completion apply to all the 5 symlinks we install
sed -i -e "s/^\\(complete.*\\) pip\$/\\1 pip{,-}%{python3_pkgversion}/" \
-e s/_pip_completion/_pip%{python3_pkgversion}_completion/ \
%{buildroot}%{bashcompdir}/pip%{python3_pkgversion}


# Provide symlinks to executables to comply with Fedora guidelines for Python
ln -s ./pip%{python3_pkgversion} %{buildroot}%{_bindir}/pip-%{python3_pkgversion}


# Make sure the INSTALLER is not pip and remove RECORD
# %%pyproject macros do this for all packages
echo rpm > %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/INSTALLER
rm %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/RECORD

mkdir -p %{buildroot}%{python_wheel_dir}
install -p dist/%{python_wheel_name} -t %{buildroot}%{python_wheel_dir}

# RHEL: Remove binaries conflicting with RHEL's main pip
rm %{buildroot}%{_bindir}/pip
rm %{buildroot}%{_bindir}/pip3


%check
# Verify bundled provides are up to date
%{_rpmconfigdir}/pythonbundles.py src/pip/_vendor/vendor.txt --namespace 'python%{python3_pkgversion}dist' \
--compare-with '%{bundled %{python3_pkgversion}}'

%if %{with tests}
# Upstream tests
# bash completion tests only work from installed package
pytest_k='not completion'

# --deselect'ed tests are not compatible with the latest virtualenv
# These files contain almost 500 tests so we should enable them back
# as soon as pip will be compatible upstream
# https://github.com/pypa/pip/pull/8441
%pytest -m 'not network' -k "$(echo $pytest_k)" \
--deselect tests/functional --deselect tests/lib/test_lib.py
%endif


%files -n python%{python3_pkgversion}-%{srcname}
%doc README.rst
%license %{python3_sitelib}/pip-%{upstream_version}.dist-info/LICENSE.txt
%{_mandir}/man1/pip%{python3_pkgversion}.*
%{_mandir}/man1/pip%{python3_pkgversion}-*.*
%{_mandir}/man1/pip-%{python3_pkgversion}.*
%{_mandir}/man1/pip-%{python3_pkgversion}-*.*
%{_bindir}/pip%{python3_pkgversion}
%{_bindir}/pip-%{python3_pkgversion}
%{python3_sitelib}/pip*
%dir %{bashcompdir}
%{bashcompdir}/pip%{python3_pkgversion}

%files -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
%license LICENSE.txt
# we own the dir for simplicity
%dir %{python_wheel_dir}/
%{python_wheel_dir}/%{python_wheel_name}

%changelog
* Wed Feb 14 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 22.3.1-5
- Require Python with tarfile filters
Resolves: RHEL-25455

* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 22.3.1-4
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
Resolves: RHBZ#2218247

* Mon Mar 06 2023 Lumír Balhar <lbalhar@redhat.com> - 22.3.1-3
- Fix changelog to contain Fedora contributors
Resolves: RHEL-232

* Mon Jan 30 2023 Charalampos Stratakis <cstratak@redhat.com> - 22.3.1-2
- Add BuildRequires on python3.11-rpm-macros

* Wed Aug 03 2022 Charalampos Stratakis <cstratak@redhat.com> - 22.3.1-1
- Initial package
- Fedora contributions by:
Bill Nottingham <notting@fedoraproject.org>
Charalampos Stratakis <cstratak@redhat.com>
David Malcolm <dmalcolm@redhat.com>
Dennis Gilmore <dennis@ausil.us>
Jon Ciesla <limburgher@gmail.com>
Karolina Surma <ksurma@redhat.com>
Kevin Fenzi <kevin@fedoraproject.org>
Kevin Kofler <Kevin@tigcc.ticalc.org>
Luke Macken <lmacken@redhat.com>
Lumir Balhar <lbalhar@redhat.com>
Marcel Plch <mplch@redhat.com>
Matej Stuchlik <mstuchli@redhat.com>
Michal Cyprian <m.cyprian@gmail.com>
Miro Hrončok <miro@hroncok.cz>
Orion Poplawski <orion@cora.nwra.com>
Pádraig Brady <P@draigBrady.com>
Peter Halliday <hoangelos@fedoraproject.org>
Petr Viktorin <pviktori@redhat.com>
Robert Kuska <rkuska@redhat.com>
Slavek Kabrda <bkabrda@redhat.com>
Tim Flink <tflink@fedoraproject.org>
Tomáš Hrnčiar <thrnciar@redhat.com>
Tomas Orsava <torsava@redhat.com>
Toshio Kuratomi <toshio@fedoraproject.org>
Ville Skyttä <ville.skytta@iki.fi>
Write Preview
Loading…
Cancel
Save