Update python-build to version 0.10.0 / rev 9 via SR 1085246

https://build.opensuse.org/request/show/1085246 by user mcepl + dimstar_suse - Renamed patches support-pip-23.patch and support-tarfile-data-filter.patch to 589-colorized-pip23.patch (gh#pypa/build#589) and 609-filter-out-malicious.patch (gh#pypa/build#609), respectively. - Add patch support-pip-23.patch: * pip 23 also colorizes output, confusing the test. - Add patch support-tarfile-data-filter.patch: * Set tarfile.data_filter if available.
bmwiedemann · May 19, 2023 · e1c33c6 · e1c33c6
1 parent 6d00dcd
commit e1c33c6
Show file tree

Hide file tree

Showing 6 changed files with 152 additions and 4 deletions.
diff --git a/packages/p/python-build/.files b/packages/p/python-build/.files
diff --git a/packages/p/python-build/.rev b/packages/p/python-build/.rev
@@ -72,4 +72,19 @@
     <comment></comment>
     <requestid>1081973</requestid>
   </revision>
+  <revision rev="9" vrev="3">
+    <srcmd5>e9492ccd1f3bf09e87b432b88d3e99f0</srcmd5>
+    <version>0.10.0</version>
+    <time>1684490108</time>
+    <user>dimstar_suse</user>
+    <comment>- Renamed patches support-pip-23.patch and
+  support-tarfile-data-filter.patch to 589-colorized-pip23.patch
+  (gh#pypa/build#589) and 609-filter-out-malicious.patch
+  (gh#pypa/build#609), respectively.
+- Add patch support-pip-23.patch:
+  * pip 23 also colorizes output, confusing the test.
+- Add patch support-tarfile-data-filter.patch:
+  * Set tarfile.data_filter if available.</comment>
+    <requestid>1085246</requestid>
+  </revision>
 </revisionlist>
diff --git a/packages/p/python-build/589-colorized-pip23.patch b/packages/p/python-build/589-colorized-pip23.patch
@@ -0,0 +1,36 @@
+From 4f5362fccc908820574fdbac2f6b6871c0f371c5 Mon Sep 17 00:00:00 2001
+From: Henry Schreiner <henryschreineriii@gmail.com>
+Date: Wed, 15 Mar 2023 09:33:53 -0400
+Subject: [PATCH] tests: strip formatting from stderr (pip 23)
+
+Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
+---
+ tests/test_main.py | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_main.py b/tests/test_main.py
+index e924d8bd..456ff749 100644
+--- a/tests/test_main.py
++++ b/tests/test_main.py
+@@ -20,6 +20,8 @@
+ cwd = os.getcwd()
+ out = os.path.join(cwd, 'dist')
+
++ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
++
+
+ @pytest.mark.parametrize(
+     ('cli_args', 'build_args', 'hook'),
+@@ -368,8 +370,10 @@ def test_output_env_subprocess_error(
+     assert stdout[:4] == stdout_body
+     assert stdout[-1].startswith(stdout_error)
+
+-    assert len(stderr) == 1
+-    assert stderr[0].startswith('ERROR: Invalid requirement: ')
++    # Newer versions of pip also color stderr - strip them if present
++    cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip()
++    assert len(cleaned_stderr.splitlines()) == 1
++    assert cleaned_stderr.startswith('ERROR: Invalid requirement: ')
+
+
+ @pytest.mark.parametrize(
diff --git a/packages/p/python-build/609-filter-out-malicious.patch b/packages/p/python-build/609-filter-out-malicious.patch
@@ -0,0 +1,68 @@
+From 083fde33e7593d8ff9add04bd4d237a3ddcbfe44 Mon Sep 17 00:00:00 2001
+From: layday <layday@protonmail.com>
+Date: Fri, 28 Apr 2023 15:22:53 +0300
+Subject: [PATCH] main: filter out malicious files when extracting tar archives
+
+See https://peps.python.org/pep-0706/.
+---
+ src/build/__main__.py |    5 +++--
+ src/build/util.py     |   14 +++++++++++++-
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+--- a/src/build/__main__.py
++++ b/src/build/__main__.py
+@@ -9,7 +9,6 @@ import platform
+ import shutil
+ import subprocess
+ import sys
+-import tarfile
+ import tempfile
+ import textwrap
+ import traceback
+@@ -228,6 +227,8 @@ def build_package_via_sdist(
+     :param isolation: Isolate the build in a separate environment
+     :param skip_dependency_check: Do not perform the dependency check
+     """
++    from .util import TarFile
++
+     if 'sdist' in distributions:
+         raise ValueError('Only binary distributions are allowed but sdist was specified')
+
+@@ -238,7 +239,7 @@ def build_package_via_sdist(
+     sdist_out = tempfile.mkdtemp(prefix='build-via-sdist-')
+     built: list[str] = []
+     # extract sdist
+-    with tarfile.open(sdist) as t:
++    with TarFile.open(sdist) as t:
+         t.extractall(sdist_out)
+         try:
+             builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[: -len('.tar.gz')]))
+--- a/src/build/util.py
++++ b/src/build/util.py
+@@ -5,6 +5,7 @@ from __future__ import annotations
+ import os
+ import pathlib
+ import sys
++import tarfile
+ import tempfile
+
+ import pyproject_hooks
+@@ -56,6 +57,17 @@ def project_wheel_metadata(
+         return _project_wheel_metadata(builder)
+
+
++# Per https://peps.python.org/pep-0706/, the "data" filter will become
++# the default in Python 3.14.
++if sys.version_info >= (3, 12) and sys.version_info < (3, 14):
++
++    class TarFile(tarfile.TarFile):
++        extraction_filter = tarfile.data_filter
++
++else:
++    TarFile = tarfile.TarFile
++
++
+ __all__ = [
+-    'project_wheel_metadata',
++    'project_wheel_metadata', 'TarFile',
+ ]
diff --git a/packages/p/python-build/python-build.changes b/packages/p/python-build/python-build.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Sat May  6 16:59:52 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Renamed patches support-pip-23.patch and
+  support-tarfile-data-filter.patch to 589-colorized-pip23.patch
+  and 609-filter-out-malicious.patch, respectively.
+
+-------------------------------------------------------------------
+Tue May  2 10:52:23 UTC 2023 - Ben Greiner <code@bnavigator.de>
+
+- Remove support-tarfile-data-filter.patch: better documentation
+  required, preferable supported through upstream
+  * gh#pypa/build#609
+  * ignore the DeprecationWarning instead
+
+-------------------------------------------------------------------
+Tue May  2 08:04:24 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add patch support-pip-23.patch:
+  * pip 23 also colorizes output, confusing the test.
+- Add patch support-tarfile-data-filter.patch:
+  * Set tarfile.data_filter if available.
+
 -------------------------------------------------------------------
 Fri Apr 21 12:22:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

diff --git a/packages/p/python-build/python-build.spec b/packages/p/python-build/python-build.spec
@@ -27,20 +27,24 @@
 # wheeldir of name build does not work well with this packagename gh#openSUSE/python-rpm-macros#157
 %define _pyproject_wheeldir distwheel
 
-%define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-build%{psuffix}
 Version:        0.10.0
 Release:        0
 Summary:        Simple PEP517 package builder
 License:        MIT
-Group:          Development/Languages/Python
 URL:            https://github.com/pypa/build
 Source0:        https://github.com/pypa/build/archive/%{version}.tar.gz#/build-%{version}.tar.gz
 # Needs the wheels for wheel, flit-core, pytoml, and tomli for testing
 Source10:       https://files.pythonhosted.org/packages/py2.py3/w/wheel/wheel-0.37.1-py2.py3-none-any.whl
 Source11:       https://files.pythonhosted.org/packages/py3/f/flit-core/flit_core-3.8.0-py3-none-any.whl
 Source12:       https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl
+# PATCH-FIX-UPSTREAM 589-colorized-pip23.patch gh#pypa/build#587 mcepl@suse.com
+# Different style of colouring in pip 23 (actually I see it even with pip 22)
+Patch0:         589-colorized-pip23.patch
+# PATCH-FIX-UPSTREAM 609-filter-out-malicious.patch gh#pypa/build!609 mcepl@suse.com
+# With new tarfile filters, there is now new warning
+Patch1:         609-filter-out-malicious.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module flit-core >= 3.4}
 BuildRequires:  %{python_module pip}
@@ -75,6 +79,8 @@ It is a simple build tool and does not perform any dependency management.
 
 %prep
 %autosetup -p1 -n build-%{version}
+# until we have gh#pypa/build#609
+sed -i '/"error",/ a \  "ignore::DeprecationWarning:tarfile",' pyproject.toml
 
 %if !%{with test}
 %build
@@ -92,7 +98,7 @@ mkdir -p wheels
 cp %{SOURCE10} %{SOURCE11} %{SOURCE12} wheels/
 export PIP_FIND_LINKS="%{python3_sitelib}/../wheels $PWD/wheels"
 pushd tests
-%pytest -n auto -x
+%pytest -n auto
 popd
 %endif
 
@@ -108,7 +114,7 @@ popd
 %license LICENSE
 %python_alternative %{_bindir}/pyproject-build
 %{python_sitelib}/build
-%{python_sitelib}/build-%{version}*-info
+%{python_sitelib}/build-%{version}.dist-info
 %endif
 
 %changelog