Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
[ Reason ]
python-virtualenv recently had a regression in buster caused by a
server-side change on pypi.org (#994952).
It started to 404 (breaking virtualenv) where it had previously returned
an empty directory listing for the pkg_resources package.
pip, setuptools, and pkg_resources are bootstrapped into virtualenvs.
pkg_resources is part of the setuptools PyPI package, upstream. But in
Debian its packaged as its own binary package, so we have some patches
in Debian to explicitly install pkg_resources.
The old behaviour is currently back on pypi.org, see
https://github.com/pypa/warehouse/issues/10081
But the fix to avoid virtualenv from depending on this empty directory
listing is very simple, so we should probably apply it.
[ Impact ]
Reliance on pypi.org serving a workaround for our virtualenv version.
Without that workaround, virtualenv fails (unless explicitly run with
--no-download)
[ Tests ]
Manually tested behaviour with and without --no-download.
[ Risks ]
Trivial patch.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
When bootstrapping setuptools and pip into the virtualenv *from PyPI*,
don't ask pip to install pkg_resources.
[ Other info ]
(Anything else the release team should know.)
diff -Nru python-virtualenv-15.1.0+ds/debian/changelog
python-virtualenv-15.1.0+ds/debian/changelog
--- python-virtualenv-15.1.0+ds/debian/changelog 2018-12-13
11:19:35.000000000 -0800
+++ python-virtualenv-15.1.0+ds/debian/changelog 2021-10-20
15:48:33.000000000 -0700
@@ -1,3 +1,9 @@
+python-virtualenv (15.1.0+ds-2+deb10u1) buster; urgency=medium
+
+ * Avoid attempting to install pkg_resources from PyPI. (Closes: #994952)
+
+ -- Stefano Rivera <stefa...@debian.org> Wed, 20 Oct 2021 15:48:33 -0700
+
python-virtualenv (15.1.0+ds-2) unstable; urgency=medium
[ Vincent Bernat ]
diff -Nru python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch
python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch
--- python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch 2018-12-13
11:19:35.000000000 -0800
+++ python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch 2021-10-20
15:48:33.000000000 -0700
@@ -22,8 +22,8 @@
scripts/virtualenv | 9 +++++++
setup.py | 4 ++--
virtualenv.egg-info/SOURCES.txt | 4 ++--
- virtualenv.py | 52 ++++++++++++++++++++++++++++++++++++++---
- 4 files changed, 62 insertions(+), 7 deletions(-)
+ virtualenv.py | 53 ++++++++++++++++++++++++++++++++++++++---
+ 4 files changed, 63 insertions(+), 7 deletions(-)
diff --git a/scripts/virtualenv b/scripts/virtualenv
index 418bd79..7dd0203 100644
@@ -126,7 +126,7 @@
if cert_data is not None:
cert_file = tempfile.NamedTemporaryFile(delete=False)
cert_file.write(cert_data)
-@@ -928,8 +948,34 @@ def create_environment(home_dir, site_packages=False,
clear=False,
+@@ -928,8 +948,35 @@ def create_environment(home_dir, site_packages=False,
clear=False,
to_install = []
@@ -157,7 +157,8 @@
+
if not no_setuptools:
to_install.append('setuptools')
-+ to_install.append('pkg_resources')
++ if not download:
++ to_install.append('pkg_resources')
if not no_pip:
to_install.append('pip')
