From 43f1f9f9feccb8794f289542ba7de6e00a3604bd Mon Sep 17 00:00:00 2001 From: tigro Date: Fri, 17 Jan 2025 08:50:29 +0300 Subject: [PATCH] import python-build-0.10.0-6.el9 --- .gitignore | 2 +- .python-build.metadata | 2 +- SOURCES/589.patch | 36 +++++++ ...ious-files-when-extracting-tar-archi.patch | 78 +++++++++++++++ SPECS/python-build.spec | 98 ++++++------------- 5 files changed, 148 insertions(+), 68 deletions(-) create mode 100644 SOURCES/589.patch create mode 100644 SOURCES/filter-out-malicious-files-when-extracting-tar-archi.patch diff --git a/.gitignore b/.gitignore index efd7f6a..e641a6f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/build-1.2.1.tar.gz +SOURCES/build-0.10.0.tar.gz diff --git a/.python-build.metadata b/.python-build.metadata index 155088c..552f1e8 100644 --- a/.python-build.metadata +++ b/.python-build.metadata @@ -1 +1 @@ -decd14db86648aa4a4a37e751fdc403fc7b68447 SOURCES/build-1.2.1.tar.gz +09ab6a243772343cb846a833bdc18532b596061f SOURCES/build-0.10.0.tar.gz diff --git a/SOURCES/589.patch b/SOURCES/589.patch new file mode 100644 index 0000000..1c12ffa --- /dev/null +++ b/SOURCES/589.patch @@ -0,0 +1,36 @@ +From 4f5362fccc908820574fdbac2f6b6871c0f371c5 Mon Sep 17 00:00:00 2001 +From: Henry Schreiner +Date: Wed, 15 Mar 2023 09:33:53 -0400 +Subject: [PATCH] tests: strip formatting from stderr (pip 23) + +Signed-off-by: Henry Schreiner +--- + tests/test_main.py | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tests/test_main.py b/tests/test_main.py +index e924d8bd..456ff749 100644 +--- a/tests/test_main.py ++++ b/tests/test_main.py +@@ -20,6 +20,8 @@ + cwd = os.getcwd() + out = os.path.join(cwd, 'dist') + ++ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])') ++ + + @pytest.mark.parametrize( + ('cli_args', 'build_args', 'hook'), +@@ -368,8 +370,10 @@ def test_output_env_subprocess_error( + assert stdout[:4] == stdout_body + assert stdout[-1].startswith(stdout_error) + +- assert len(stderr) == 1 +- assert stderr[0].startswith('ERROR: Invalid requirement: ') ++ # Newer versions of pip also color stderr - strip them if present ++ cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip() ++ assert len(cleaned_stderr.splitlines()) == 1 ++ assert cleaned_stderr.startswith('ERROR: Invalid requirement: ') + + + @pytest.mark.parametrize( diff --git a/SOURCES/filter-out-malicious-files-when-extracting-tar-archi.patch b/SOURCES/filter-out-malicious-files-when-extracting-tar-archi.patch new file mode 100644 index 0000000..831e32d --- /dev/null +++ b/SOURCES/filter-out-malicious-files-when-extracting-tar-archi.patch @@ -0,0 +1,78 @@ +From e62a9fbd9ae519d35341dd2e972b43fb1f00b7c7 Mon Sep 17 00:00:00 2001 +From: layday +Date: Tue, 13 Jun 2023 12:46:09 +0200 +Subject: [PATCH] filter out malicious files when extracting tar archives + +--- + src/build/__main__.py | 5 +++-- + src/build/util.py | 16 ++++++++++++++++ + 2 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/build/__main__.py b/src/build/__main__.py +index 2d65720..914e0d6 100644 +--- a/src/build/__main__.py ++++ b/src/build/__main__.py +@@ -9,7 +9,6 @@ import platform + import shutil + import subprocess + import sys +-import tarfile + import tempfile + import textwrap + import traceback +@@ -228,6 +227,8 @@ def build_package_via_sdist( + :param isolation: Isolate the build in a separate environment + :param skip_dependency_check: Do not perform the dependency check + """ ++ from .util import TarFile ++ + if 'sdist' in distributions: + raise ValueError('Only binary distributions are allowed but sdist was specified') + +@@ -238,7 +239,7 @@ def build_package_via_sdist( + sdist_out = tempfile.mkdtemp(prefix='build-via-sdist-') + built: list[str] = [] + # extract sdist +- with tarfile.open(sdist) as t: ++ with TarFile.open(sdist) as t: + t.extractall(sdist_out) + try: + builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')])) +diff --git a/src/build/util.py b/src/build/util.py +index 90c0028..7597667 100644 +--- a/src/build/util.py ++++ b/src/build/util.py +@@ -5,7 +5,9 @@ from __future__ import annotations + import os + import pathlib + import sys ++import tarfile + import tempfile ++import typing + + import pyproject_hooks + +@@ -56,6 +58,20 @@ def project_wheel_metadata( + return _project_wheel_metadata(builder) + + ++if typing.TYPE_CHECKING: ++ TarFile = tarfile.TarFile ++ ++else: ++ # Per https://peps.python.org/pep-0706/, the "data" filter will become ++ # the default in Python 3.14. ++ if sys.version_info < (3, 14) and hasattr(tarfile, 'data_filter'): ++ ++ class TarFile(tarfile.TarFile): ++ extraction_filter = staticmethod(tarfile.data_filter) ++ ++ else: ++ TarFile = tarfile.TarFile ++ + __all__ = [ + 'project_wheel_metadata', + ] +-- +2.40.1 + diff --git a/SPECS/python-build.spec b/SPECS/python-build.spec index 97c7203..cc7ced8 100644 --- a/SPECS/python-build.spec +++ b/SPECS/python-build.spec @@ -1,5 +1,5 @@ ## START: Set by rpmautospec -## (rpmautospec version 0.7.1) +## (rpmautospec version 0.3.5) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 6; @@ -8,28 +8,23 @@ }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec -# uv has many build dependencies, and will take some time to be available for -# new EPEL major versions. -%bcond uv %{undefined rhel} - %global pypi_name build Name: python-%{pypi_name} -Version: 1.2.1 +Version: 0.10.0 Release: %autorelease Summary: A simple, correct PEP517 package builder License: MIT URL: https://github.com/pypa/build Source0: %{url}/archive/%{version}/%{pypi_name}-%{version}.tar.gz - -# downstream-only -Patch: 0001-fedora-disable-some-build-requirements.patch -# https://github.com/pypa/build/pull/807 -Patch: 0002-tests-optional-uv.patch -# https://github.com/pypa/build/pull/808 -Patch: 0003-tests-mark-more-network-tests.patch - +# Upstream patch for fixing tests with pip 23 +Patch: https://github.com/pypa/build/pull/589.patch +# Filter out malicious files when extracting tar archives +# to avoid DeprecationWarnings on Python 3.12+ +# The patch was inspired by this PR: +# https://github.com/pypa/build/pull/609 +Patch: filter-out-malicious-files-when-extracting-tar-archi.patch BuildArch: noarch BuildRequires: python3-devel @@ -46,15 +41,19 @@ Summary: %{summary} A simple, correct PEP517 package builder. -%pyproject_extras_subpkg -n python3-%{pypi_name} virtualenv %{?with_uv:uv} +%pyproject_extras_subpkg -n python3-%{pypi_name} virtualenv %prep %autosetup -p1 -n %{pypi_name}-%{version} - +# coverage is discouraged in Python packages +# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_linters +sed -Ei '/\bpytest-cov\b/d' pyproject.toml +# relax pytest minimum version to run tests on RHEL 9 +sed -Ei '/"pytest >=/ s/6\.2\.4/6.2.2/' pyproject.toml %generate_buildrequires -%pyproject_buildrequires -x test,virtualenv%{?with_uv:,uv} +%pyproject_buildrequires -x test,virtualenv %build %pyproject_wheel @@ -64,11 +63,17 @@ A simple, correct PEP517 package builder. %pyproject_save_files %{pypi_name} %check -# Upstream has integration tests that can be run with the --run-integration -# flag, but currently that only includes one network test and one test that is -# xfail when flit-core is installed (which it will be during our package -# build), so including that flag doesn't run any additional tests. -%pytest -v -m "not network" +# The skipped tests require internet +%pytest -k "not (test_build_package or \ + test_build_package_via_sdist or \ + test_output[via-sdist-isolation] or \ + test_output[wheel-direct-isolation] or \ + test_wheel_metadata[True] or \ + test_wheel_metadata_isolation or \ + test_with_get_requires or \ + test_build_sdist or \ + test_build_wheel[from_sdist] or \ + test_build_wheel[direct])" %files -n python3-%{pypi_name} -f %{pyproject_files} %license LICENSE @@ -76,52 +81,14 @@ A simple, correct PEP517 package builder. %{_bindir}/pyproject-build %changelog -* Tue Dec 17 2024 Arkady L. Shane - 1.2.1-6 -- Rebuilt for MSVSphere 10 - -## START: Generated by rpmautospec -* Fri Aug 30 2024 Carl George - 1.2.1-6 -- Reduce build requirements - -* Fri Aug 30 2024 Benjamin A. Beasley - 1.2.1-5 -- Add a metapackage for the uv extra - -* Thu Aug 01 2024 Benjamin A. Beasley - 1.2.1-4 -- Enable tests that require uv - -* Fri Jul 19 2024 Fedora Release Engineering - 1.2.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Fri Jun 07 2024 Python Maint - 1.2.1-2 -- Rebuilt for Python 3.13 - -* Thu Mar 28 2024 Lumir Balhar - 1.2.1-1 -- Update to 1.2.1 (rhbz#2271978) - -* Sun Mar 17 2024 Charalampos Stratakis - 1.1.1-1 -- Update to 1.1.1 -- Resolves: rhbz#2267099 - -* Tue Jan 23 2024 Karolina Surma - 1.0.3-3 -- Fix build with setuptools v69.0.3+ - -* Sun Jan 21 2024 Fedora Release Engineering - 1.0.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Thu Oct 05 2023 Lumir Balhar - 1.0.3-1 -- Update to 1.0.3 (rhbz#2236861) - -* Fri Jul 21 2023 Fedora Release Engineering - 0.10.0-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Thu Jun 15 2023 Python Maint - 0.10.0-7 -- Rebuilt for Python 3.12 +* Fri Jan 17 2025 Arkady L. Shane - 0.10.0-6 +- Rebuilt for MSVSphere 9.5 -* Thu Jun 15 2023 Tomáš Hrnčiar - 0.10.0-6 +* Wed Nov 15 2023 Tomáš Hrnčiar - 0.10.0-6 - Avoid fatal DeprecationWarnings on Python 3.12+ -* Wed Jun 14 2023 Python Maint - 0.10.0-5 -- Rebuilt for Python 3.12 +* Tue Nov 14 2023 Carl George - 0.10.0-5 +- Fix EPEL 9 compatibility * Tue Jun 06 2023 Miro Hrončok - 0.10.0-4 - Do not BuildRequire pytest-cov, it is discouraged and was not needed @@ -180,4 +147,3 @@ Resolves: rhbz#1989297 * Thu Jun 24 2021 Lumír Balhar - 0.5.1-1 - Initial package. -## END: Generated by rpmautospec