From b23d187e8f9237697d9b769a66bc28aa1f038c7b Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 11 2022 09:06:19 +0000
Subject: import python-virtualenv-15.1.0-5.el7_9


---

diff --git a/SOURCES/dont-fail-on-missing-requests-cert.patch b/SOURCES/dont-fail-on-missing-requests-cert.patch
new file mode 100644
index 0000000..6dc0714
--- /dev/null
+++ b/SOURCES/dont-fail-on-missing-requests-cert.patch
@@ -0,0 +1,16 @@
+diff --git a/virtualenv.py b/virtualenv.py
+index 1d46506..68284f6 100755
+--- a/virtualenv.py
++++ b/virtualenv.py
+@@ -860,7 +860,10 @@ def install_wheel(project_names, py_executable, search_dirs=None,
+ 
+         import pip
+ 
+-        cert_data = pkgutil.get_data("pip._vendor.requests", "cacert.pem")
++        try:
++            cert_data = pkgutil.get_data("pip._vendor.requests", "cacert.pem")
++        except IOError:
++            cert_data = None
+         if cert_data is not None:
+             cert_file = tempfile.NamedTemporaryFile(delete=False)
+             cert_file.write(cert_data)
diff --git a/SOURCES/dummy-certifi.patch b/SOURCES/dummy-certifi.patch
new file mode 100644
index 0000000..2dbdc69
--- /dev/null
+++ b/SOURCES/dummy-certifi.patch
@@ -0,0 +1,20 @@
+diff --git a/certs.py b/certs.py
+index f922b99..43b1b0a 100644
+--- a/certs.py
++++ b/certs.py
+@@ -14,12 +14,12 @@ packaged CA bundle.
+ import os.path
+ 
+ try:
++    raise ImportError # force fallback
+     from certifi import where
+ except ImportError:
+     def where():
+-        """Return the preferred certificate bundle."""
+-        # vendored bundle inside Requests
+-        return os.path.join(os.path.dirname(__file__), 'cacert.pem')
++        # system CA certs
++        return '/etc/pki/tls/certs/ca-bundle.crt'
+ 
+ if __name__ == '__main__':
+     print(where())
diff --git a/SPECS/python-virtualenv.spec b/SPECS/python-virtualenv.spec
index 3eb516f..6c7562c 100644
--- a/SPECS/python-virtualenv.spec
+++ b/SPECS/python-virtualenv.spec
@@ -1,9 +1,6 @@
-# sitelib for noarch packages
-%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
-
 Name:           python-virtualenv
 Version:        15.1.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Tool to create isolated Python environments
 
 Group:          Development/Languages
@@ -35,11 +32,23 @@ Patch2:         CVE-2019-11236.patch
 # https://github.com/psf/requests/pull/4851
 Patch3:         CVE-2018-18074.patch
 
+# Use the system level root certificate instead of the one bundled in requests
+# for the bundled pip
+# https://bugzilla.redhat.com/show_bug.cgi?id=1826520
+Patch4:         dummy-certifi.patch
+
+# Don't fail on missing requests cert
+# https://github.com/pypa/virtualenv/pull/1252
+Patch5:         dont-fail-on-missing-requests-cert.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildArch:      noarch
 BuildRequires:  python2-devel
-Requires:       python-setuptools, python2-devel
+Requires:       python2-setuptools, python2-devel
+
+BuildRequires:  ca-certificates
+Requires:       ca-certificates
 
 Provides:       python2-virtualenv = %{version}-%{release}
 
@@ -63,33 +72,38 @@ licensed under an MIT-style permissive license.
 # Patching of bundled libraries
 pushd virtualenv_support/
 # Extract wheel content
-unzip pip-9.0.*-any.whl
+unzip pip-9.0.1-py2.py3-none-any.whl
 pushd pip/_vendor/requests/packages/urllib3/
 %patch1 -p1
 %patch2 -p1
 popd  # out of wheel
 pushd pip/_vendor/requests/
 %patch3 -p1
+%patch4 -p1
 popd # out of wheel
+sed -i '/\.pem/d' pip-9.0.1.dist-info/RECORD
 # Replace the pip folder in the zip archive (.whl)
-zip -r pip-9.0.*-any.whl pip
+zip -r pip-9.0.1-py2.py3-none-any.whl pip pip-9.0.1.dist-info
+# Removal of the bundled request certificate
+zip -d pip-9.0.1-py2.py3-none-any.whl pip/_vendor/requests/cacert.pem
 # Remove unzipped folders
-rm -rf pip/ pip-9.0.*.dist-info/
+rm -rf pip/ pip-9.0.1.dist-info/
 popd  # out of virtualenv_support
+%patch5 -p1
 
 %build
 # Build code
-%{__python} setup.py build
+%{__python2} setup.py build
 
 # Build docs on Fedora
 %if 0%{?fedora} > 0
-%{__python} setup.py build_sphinx
+%{__python2} setup.py build_sphinx
 %endif
 
 
 %install
 rm -rf $RPM_BUILD_ROOT
-%{__python} setup.py install --skip-build --root $RPM_BUILD_ROOT
+%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT
 rm -f build/sphinx/html/.buildinfo
 
 # The versioned 2.x script was removed from upstream. Add it back.
@@ -109,11 +123,15 @@ rm -rf $RPM_BUILD_ROOT
 %doc build/sphinx/*
 %endif
 # For noarch packages: sitelib
-%{python_sitelib}/*
+%{python2_sitelib}/*
 %attr(755,root,root) %{_bindir}/virtualenv*
 
 
 %changelog
+* Mon Nov 22 2021 Charalampos Stratakis <cstratak@redhat.com> - 15.1.0-5
+- Use the system certs for the bundled pip
+Resolves: rhbz#2015326
+
 * Thu Feb 13 2020 Lumír Balhar <lbalhar@redhat.com> - 15.1.0-4
 - Bump
 Resolves: rhbz#1649153