%{?scl:%scl_package python-setuptools}

%{!?scl:%global pkg_name %{name}}

%global build_wheel 0

%if 0%{?rhel} && 0%{?rhel} < 6

%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}

%endif

%global srcname pip

%if 0%{?build_wheel}

%global python2_wheelname %{srcname}-%{version}-py2.py3-none-any.whl

%endif

%global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})

%if "%{bashcompdir}" != "%{_sysconfdir}/bash_completion.d"

%global bashcomp2 1

%endif

Name:           %{?scl_prefix}python-%{srcname}

Version:        8.1.2

Release:        7%{?dist}

Summary:        A tool for installing and managing Python packages

Group:          Development/Libraries

# We bundle a lot of libraries with pip, which itself is under MIT license.

# Here is the list of the libraries with corresponding licenses:

# distlib: Python

# html5lib: MIT

# six: MIT

# colorama: BSD

# CacheControl: ASL 2.0

# lockfile: MIT

# progress: ISC

# ipaddress: Python

# packaging: ASL 2.0 or BSD

# pyparsing: MIT

# retrying: ASL 2.0

# requests: ASL 2.0

# chardet: LGPLv2

# urllib3: MIT

# setuptools: MIT

# backports.ssl_match_hostname: Python

License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and (ASL 2.0 or BSD)

URL:            http://www.pip-installer.org

Source0:        https://files.pythonhosted.org/packages/source/p/pip/%{srcname}-%{version}.tar.gz

Patch0:         allow-stripping-given-prefix-from-wheel-RECORD-files.patch

# Fix `pip install` failure in FIPS mode

# Resolves: rhbz#1430763

Patch1:         Fix-pip-install-in-FIPS-mode.patch

# Use the system level root certificate instead of the one bundled in requests

# https://bugzilla.redhat.com/show_bug.cgi?id=1774985

Patch4:         dummy-certifi.patch

# Fix CVE-2019-20916: directory traversal in _download_http_url() function

# Backported from upstream: https://github.com/pypa/pip/pull/6418

Patch5:         CVE-2019-20916.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildArch:      noarch

BuildRequires:  %{?scl_prefix}python-devel

BuildRequires:  %{?scl_prefix}python-setuptools

%if 0%{?build_wheel}

BuildRequires:  %{?scl_prefix}python-pip

BuildRequires:  %{?scl_prefix}python-wheel

%endif

BuildRequires:  ca-certificates

Requires:       ca-certificates

Requires:       %{?scl_prefix}python-setuptools

# Virtual provides for the packages bundled by pip.

# You can find the versions in pip/_vendor/vendor.txt file.

Provides: bundled(python-cachecontrol) = 0.11.6

Provides: bundled(python-colorama) = 0.3.7

Provides: bundled(python-distlib) = 0.2.3

Provides: bundled(python-html5lib) = 1.0b8

Provides: bundled(python-ipaddress) = 1.0.16

Provides: bundled(python-lockfile) = 0.12.2

Provides: bundled(python-packaging) = 16.7

Provides: bundled(python-setuptools) = 21.0.0

Provides: bundled(python-progress) = 1.2

Provides: bundled(python-pyparsing) = 2.1.1

Provides: bundled(python-requests) = 2.10.0

Provides: bundled(python-retrying) = 1.3.3

Provides: bundled(python-six) = 1.10.0

# Bundled within the requests bundle

Provides: bundled(python-chardet) = 2.3.0

Provides: bundled(python-urllib3) = 1.15.1

# Bundled within the urllib3 bundle of the requests bundle

Provides: bundled(python-backports-ssl_match_hostname) = 3.4.0.2

%description

Pip is a replacement for `easy_install

<http://peak.telecommunity.com/DevCenter/EasyInstall>`_.  It uses mostly the

same techniques for finding packages, so packages that were made

easy_installable should be pip-installable as well.

%prep

%{?scl:scl enable %{scl} - << \EOF}

%setup -q -n %{srcname}-%{version}

%patch0 -p1

%patch1 -p1

%patch4 -p1

%patch5 -p1

%{__sed} -i '1d' pip/__init__.py

# this goes together with patch4

rm pip/_vendor/requests/*.pem

sed -i '/\.pem$/d' pip.egg-info/SOURCES.txt

# Remove windows executable binaries

rm -v pip/_vendor/distlib/*.exe

sed -i '/\.exe/d' setup.py

%{?scl:EOF}

%build

%{?scl:scl enable %{scl} - << \EOF}

%if 0%{?build_wheel}

%{__python2} setup.py bdist_wheel

%else

%{__python2} setup.py build

%endif

%{?scl:EOF}

%install

%{__rm} -rf %{buildroot}

%{?scl:scl enable %{scl} - << \EOF}

%if 0%{?build_wheel}

pip2 install -I dist/%{python2_wheelname} --root %{buildroot} --strip-file-prefix %{buildroot}

%else

%{__python2} setup.py install -O1 --skip-build --root %{buildroot}

%endif

mkdir -p %{buildroot}%{bashcompdir}

PYTHONPATH=%{buildroot}%{python_sitelib} \

    %{buildroot}%{_bindir}/pip completion --bash \

    > %{buildroot}%{bashcompdir}/pip

pips2=pip

for pip in %{buildroot}%{_bindir}/pip*; do

    pip=$(basename $pip)

    case $pip in

        pip2*)

            pips2="$pips2 $pip"

%if 0%{?bashcomp2}

            ln -s pip %{buildroot}%{bashcompdir}/$pip

%endif

    esac

done

sed -i -e "s/^\\(complete.*\\) pip\$/\\1 $pips2/" \

    %{buildroot}%{bashcompdir}/pip

%{?scl:EOF}

%clean

%{__rm} -rf %{buildroot}

%files

%defattr(-,root,root,-)

%doc README.rst LICENSE.txt docs

%attr(755,root,root) %{_bindir}/pip

%attr(755,root,root) %{_bindir}/pip2*

%{python_sitelib}/pip*

%{bashcompdir}

%if 0%{?bashcomp2}

%dir %(dirname %{bashcompdir})

%endif

%changelog

* Wed Mar 16 2022 Charalampos Stratakis <cstratak@redhat.com> - 8.1.2-7

- Remove bundled windows executables

Resolves: rhbz#2064442

* Wed Sep 23 2020 Charalampos Stratakis <cstratak@redhat.com> - 8.1.2-6

- Security fix for CVE-2019-20916

Resolves: rhbz#1877248

* Wed Sep 23 2020 Charalampos Stratakis <cstratak@redhat.com> - 8.1.2-5

- Use the system level root certificate instead of the one bundled in requests

Resolves: rhbz#1774985

* Wed Sep 23 2020 Charalampos Stratakis <cstratak@redhat.com> - 8.1.2-4

- Add virtual provides for the bundled libraries

- Correct the license information to reflect the bundled libraries

Resolves: rhbz#1774944

* Wed May 23 2018 Charalampos Stratakis <cstratak@redhat.com> - 8.1.2-3

- Rebuild for multi-arch bootstrap of python27

* Fri Mar 17 2017 Tomas Orsava <torsava@redhat.com> - 8.1.2-2

- Added Patch 1: Fix `pip install` failure in FIPS mode

Resolves: rhbz#1430763

* Mon Jan 16 2017 Tomas Orsava <torsava@redhat.com> - 8.1.2-1

- Rebased to 8.1.2

- Updated to a new PyPI source URL

- Rebased and renamed prefix-stripping Patch 0

Resolves: rhbz#1344674

* Tue May 10 2016 Charalampos Stratakis <cstratak@redhat.com> - 7.1.0-2

- Change license tag to doc tag so directory is owned by the collection

- Will revert when ownership of directories is defined in scl-utils-build package

Resolves: rhbz#1334447

* Mon Feb 15 2016 Charalampos Stratakis <cstratak@redhat.com> - 7.1.0-1

- Update to 7.1.0 

Resolves: rhbz#1255516

* Tue Jan 20 2015 Slavek Kabrda <bkabrda@redhat.com> - 1.5.6-5

- Rebuild for python27 (not as wheel)

Resolves: rhbz#994189

* Mon Jan 19 2015 Matej Stuchlik <mstuchli@redhat.com> - 1.5.6-4

- Rebuild as wheel

* Tue Nov 18 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.6-3

- Added patch for local dos with predictable temp dictionary names

  (http://seclists.org/oss-sec/2014/q4/655)

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.6-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sun May 25 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.6-1

- Update to 1.5.6

* Fri Apr 25 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-4

- Rebuild as wheel for Python 3.4

* Thu Apr 24 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-3

- Disable build_wheel

* Thu Apr 24 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-2

- Rebuild as wheel for Python 3.4

* Mon Apr 07 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-1

- Updated to 1.5.4

* Mon Oct 14 2013 Tim Flink <tflink@fedoraproject.org> - 1.4.1-1

- Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release

- Updated version to 1.4.1

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Tue Jul 16 2013 Toshio Kuratomi <toshio@fedoraproject.org> - 1.3.1-4

- Fix for CVE 2013-2099

* Thu May 23 2013 Tim Flink <tflink@fedoraproject.org> - 1.3.1-3

- undo python2 executable rename to python-pip. fixes #958377

- fix summary to match upstream

* Mon May 06 2013 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1.3.1-2

- Fix main package Summary, it's for Python 2, not 3 (#877401)

* Fri Apr 26 2013 Jon Ciesla <limburgher@gmail.com> - 1.3.1-1

- Update to 1.3.1, fix for CVE-2013-1888.

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Tue Oct 09 2012 Tim Flink <tflink@fedoraproject.org> - 1.2.1-2

- Fixing files for python3-pip

* Thu Oct 04 2012 Tim Flink <tflink@fedoraproject.org> - 1.2.1-1

- Update to upstream 1.2.1

- Change binary from pip-python to python-pip (RHBZ#855495)

- Add alias from python-pip to pip-python, to be removed at a later date

* Tue May 15 2012 Tim Flink <tflink@fedoraproject.org> - 1.1.0-1

- Update to upstream 1.1.0

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Sat Oct 22 2011 Tim Flink <tflink@fedoraproject.org> - 1.0.2-1

- update to 1.0.2 and added python3 subpackage

* Wed Jun 22 2011 Tim Flink <tflink@fedoraproject.org> - 0.8.3-1

- update to 0.8.3 and project home page

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Mon Dec 20 2010 Luke Macken <lmacken@redhat.com> - 0.8.2-1

- update to 0.8.2 of pip

* Mon Aug 30 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.8-1

- update to 0.8 of pip

* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 0.7.2-5

- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Wed Jul 7 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.7.2-1

- update to 0.7.2 of pip

* Sun May 23 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.7.1-1

- update to 0.7.1 of pip

* Fri Jan 1 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.6.1.4

- fix dependency issue

* Fri Dec 18 2009 Peter Halliday <phalliday@excelsiorsystems.net> - 0.6.1-2

- fix spec file 

* Thu Dec 17 2009 Peter Halliday <phalliday@excelsiorsystems.net> - 0.6.1-1

- upgrade to 0.6.1 of pip

* Mon Aug 31 2009 Peter Halliday <phalliday@excelsiorsystems.net> - 0.4-1

- Initial package