%{?scl:%scl_package python-setuptools} %{!?scl:%global pkg_name %{name}} %global build_wheel 0 %if 0%{?rhel} && 0%{?rhel} < 6 %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} %endif %global srcname pip %if 0%{?build_wheel} %global python2_wheelname %{srcname}-%{version}-py2.py3-none-any.whl %endif %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d}) %if "%{bashcompdir}" != "%{_sysconfdir}/bash_completion.d" %global bashcomp2 1 %endif Name: %{?scl_prefix}python-%{srcname} Version: 8.1.2 Release: 7%{?dist} Summary: A tool for installing and managing Python packages Group: Development/Libraries # We bundle a lot of libraries with pip, which itself is under MIT license. # Here is the list of the libraries with corresponding licenses: # distlib: Python # html5lib: MIT # six: MIT # colorama: BSD # CacheControl: ASL 2.0 # lockfile: MIT # progress: ISC # ipaddress: Python # packaging: ASL 2.0 or BSD # pyparsing: MIT # retrying: ASL 2.0 # requests: ASL 2.0 # chardet: LGPLv2 # urllib3: MIT # setuptools: MIT # backports.ssl_match_hostname: Python License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and (ASL 2.0 or BSD) URL: http://www.pip-installer.org Source0: https://files.pythonhosted.org/packages/source/p/pip/%{srcname}-%{version}.tar.gz Patch0: allow-stripping-given-prefix-from-wheel-RECORD-files.patch # Fix `pip install` failure in FIPS mode # Resolves: rhbz#1430763 Patch1: Fix-pip-install-in-FIPS-mode.patch # Use the system level root certificate instead of the one bundled in requests # https://bugzilla.redhat.com/show_bug.cgi?id=1774985 Patch4: dummy-certifi.patch # Fix CVE-2019-20916: directory traversal in _download_http_url() function # Backported from upstream: https://github.com/pypa/pip/pull/6418 Patch5: CVE-2019-20916.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: %{?scl_prefix}python-devel BuildRequires: %{?scl_prefix}python-setuptools %if 0%{?build_wheel} BuildRequires: %{?scl_prefix}python-pip BuildRequires: %{?scl_prefix}python-wheel %endif BuildRequires: ca-certificates Requires: ca-certificates Requires: %{?scl_prefix}python-setuptools # Virtual provides for the packages bundled by pip. # You can find the versions in pip/_vendor/vendor.txt file. Provides: bundled(python-cachecontrol) = 0.11.6 Provides: bundled(python-colorama) = 0.3.7 Provides: bundled(python-distlib) = 0.2.3 Provides: bundled(python-html5lib) = 1.0b8 Provides: bundled(python-ipaddress) = 1.0.16 Provides: bundled(python-lockfile) = 0.12.2 Provides: bundled(python-packaging) = 16.7 Provides: bundled(python-setuptools) = 21.0.0 Provides: bundled(python-progress) = 1.2 Provides: bundled(python-pyparsing) = 2.1.1 Provides: bundled(python-requests) = 2.10.0 Provides: bundled(python-retrying) = 1.3.3 Provides: bundled(python-six) = 1.10.0 # Bundled within the requests bundle Provides: bundled(python-chardet) = 2.3.0 Provides: bundled(python-urllib3) = 1.15.1 # Bundled within the urllib3 bundle of the requests bundle Provides: bundled(python-backports-ssl_match_hostname) = 3.4.0.2 %description Pip is a replacement for `easy_install `_. It uses mostly the same techniques for finding packages, so packages that were made easy_installable should be pip-installable as well. %prep %{?scl:scl enable %{scl} - << \EOF} %setup -q -n %{srcname}-%{version} %patch0 -p1 %patch1 -p1 %patch4 -p1 %patch5 -p1 %{__sed} -i '1d' pip/__init__.py # this goes together with patch4 rm pip/_vendor/requests/*.pem sed -i '/\.pem$/d' pip.egg-info/SOURCES.txt # Remove windows executable binaries rm -v pip/_vendor/distlib/*.exe sed -i '/\.exe/d' setup.py %{?scl:EOF} %build %{?scl:scl enable %{scl} - << \EOF} %if 0%{?build_wheel} %{__python2} setup.py bdist_wheel %else %{__python2} setup.py build %endif %{?scl:EOF} %install %{__rm} -rf %{buildroot} %{?scl:scl enable %{scl} - << \EOF} %if 0%{?build_wheel} pip2 install -I dist/%{python2_wheelname} --root %{buildroot} --strip-file-prefix %{buildroot} %else %{__python2} setup.py install -O1 --skip-build --root %{buildroot} %endif mkdir -p %{buildroot}%{bashcompdir} PYTHONPATH=%{buildroot}%{python_sitelib} \ %{buildroot}%{_bindir}/pip completion --bash \ > %{buildroot}%{bashcompdir}/pip pips2=pip for pip in %{buildroot}%{_bindir}/pip*; do pip=$(basename $pip) case $pip in pip2*) pips2="$pips2 $pip" %if 0%{?bashcomp2} ln -s pip %{buildroot}%{bashcompdir}/$pip %endif esac done sed -i -e "s/^\\(complete.*\\) pip\$/\\1 $pips2/" \ %{buildroot}%{bashcompdir}/pip %{?scl:EOF} %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root,-) %doc README.rst LICENSE.txt docs %attr(755,root,root) %{_bindir}/pip %attr(755,root,root) %{_bindir}/pip2* %{python_sitelib}/pip* %{bashcompdir} %if 0%{?bashcomp2} %dir %(dirname %{bashcompdir}) %endif %changelog * Wed Mar 16 2022 Charalampos Stratakis - 8.1.2-7 - Remove bundled windows executables Resolves: rhbz#2064442 * Wed Sep 23 2020 Charalampos Stratakis - 8.1.2-6 - Security fix for CVE-2019-20916 Resolves: rhbz#1877248 * Wed Sep 23 2020 Charalampos Stratakis - 8.1.2-5 - Use the system level root certificate instead of the one bundled in requests Resolves: rhbz#1774985 * Wed Sep 23 2020 Charalampos Stratakis - 8.1.2-4 - Add virtual provides for the bundled libraries - Correct the license information to reflect the bundled libraries Resolves: rhbz#1774944 * Wed May 23 2018 Charalampos Stratakis - 8.1.2-3 - Rebuild for multi-arch bootstrap of python27 * Fri Mar 17 2017 Tomas Orsava - 8.1.2-2 - Added Patch 1: Fix `pip install` failure in FIPS mode Resolves: rhbz#1430763 * Mon Jan 16 2017 Tomas Orsava - 8.1.2-1 - Rebased to 8.1.2 - Updated to a new PyPI source URL - Rebased and renamed prefix-stripping Patch 0 Resolves: rhbz#1344674 * Tue May 10 2016 Charalampos Stratakis - 7.1.0-2 - Change license tag to doc tag so directory is owned by the collection - Will revert when ownership of directories is defined in scl-utils-build package Resolves: rhbz#1334447 * Mon Feb 15 2016 Charalampos Stratakis - 7.1.0-1 - Update to 7.1.0 Resolves: rhbz#1255516 * Tue Jan 20 2015 Slavek Kabrda - 1.5.6-5 - Rebuild for python27 (not as wheel) Resolves: rhbz#994189 * Mon Jan 19 2015 Matej Stuchlik - 1.5.6-4 - Rebuild as wheel * Tue Nov 18 2014 Matej Stuchlik - 1.5.6-3 - Added patch for local dos with predictable temp dictionary names (http://seclists.org/oss-sec/2014/q4/655) * Sat Jun 07 2014 Fedora Release Engineering - 1.5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun May 25 2014 Matej Stuchlik - 1.5.6-1 - Update to 1.5.6 * Fri Apr 25 2014 Matej Stuchlik - 1.5.4-4 - Rebuild as wheel for Python 3.4 * Thu Apr 24 2014 Matej Stuchlik - 1.5.4-3 - Disable build_wheel * Thu Apr 24 2014 Matej Stuchlik - 1.5.4-2 - Rebuild as wheel for Python 3.4 * Mon Apr 07 2014 Matej Stuchlik - 1.5.4-1 - Updated to 1.5.4 * Mon Oct 14 2013 Tim Flink - 1.4.1-1 - Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release - Updated version to 1.4.1 * Sun Aug 04 2013 Fedora Release Engineering - 1.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 16 2013 Toshio Kuratomi - 1.3.1-4 - Fix for CVE 2013-2099 * Thu May 23 2013 Tim Flink - 1.3.1-3 - undo python2 executable rename to python-pip. fixes #958377 - fix summary to match upstream * Mon May 06 2013 Kevin Kofler - 1.3.1-2 - Fix main package Summary, it's for Python 2, not 3 (#877401) * Fri Apr 26 2013 Jon Ciesla - 1.3.1-1 - Update to 1.3.1, fix for CVE-2013-1888. * Thu Feb 14 2013 Fedora Release Engineering - 1.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Oct 09 2012 Tim Flink - 1.2.1-2 - Fixing files for python3-pip * Thu Oct 04 2012 Tim Flink - 1.2.1-1 - Update to upstream 1.2.1 - Change binary from pip-python to python-pip (RHBZ#855495) - Add alias from python-pip to pip-python, to be removed at a later date * Tue May 15 2012 Tim Flink - 1.1.0-1 - Update to upstream 1.1.0 * Sat Jan 14 2012 Fedora Release Engineering - 1.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Sat Oct 22 2011 Tim Flink - 1.0.2-1 - update to 1.0.2 and added python3 subpackage * Wed Jun 22 2011 Tim Flink - 0.8.3-1 - update to 0.8.3 and project home page * Tue Feb 08 2011 Fedora Release Engineering - 0.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Dec 20 2010 Luke Macken - 0.8.2-1 - update to 0.8.2 of pip * Mon Aug 30 2010 Peter Halliday - 0.8-1 - update to 0.8 of pip * Thu Jul 22 2010 David Malcolm - 0.7.2-5 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Wed Jul 7 2010 Peter Halliday - 0.7.2-1 - update to 0.7.2 of pip * Sun May 23 2010 Peter Halliday - 0.7.1-1 - update to 0.7.1 of pip * Fri Jan 1 2010 Peter Halliday - 0.6.1.4 - fix dependency issue * Fri Dec 18 2009 Peter Halliday - 0.6.1-2 - fix spec file * Thu Dec 17 2009 Peter Halliday - 0.6.1-1 - upgrade to 0.6.1 of pip * Mon Aug 31 2009 Peter Halliday - 0.4-1 - Initial package