Package: python3-pip
Version: 18.1-5
Severity: normal

The new version 19.3.1 is available and would fix #947069 (as well as
any follow-up that'd raise the same problem about manylinux2014).

I've attempted to update the package quickly myself (just a `gbp
import-dsc --uscan` and patch cleanup), but found that `python3 -m
venv /tmp/testpath` does not work with that alone (it gives:

> The virtual environment was not created successfully because ensurepip is not
> available.  On Debian/Ubuntu systems, you need to install the python3-venv
> package using the following command.
>
>     apt-get install python3-venv
>
> You may need to use sudo with that command.  After installing the python3-venv
> package, recreate your virtual environment.
>
> Failing command: ['/tmp/testpath/bin/python3', '-Im', 'ensurepip', 
> '--upgrade', '--default-pip']

so the update needs to be done by someone who understands what's going
on and not blindly follows the last error message of dpkg).

Still, I've had to refresh the patches to get into a working state.
The refershings (patches attached) will need review (and are commented
for that), but I still hope they save you a few minutes.

Bes regards
chrysn


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-pip depends on:
ii  ca-certificates    20190110
ii  python-pip-whl     19.3.1-1
ii  python3            3.7.5-3
ii  python3-distutils  3.8.0-1
ii  python3.8          3.8.1-2

Versions of packages python3-pip recommends:
ii  build-essential     12.8
ii  python3-dev         3.7.5-3
ii  python3-setuptools  44.0.0-1
ii  python3-wheel       0.33.6-2

python3-pip suggests no packages.

-- no debconf information

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom
From 7ae3b61c128bf46a8855b40004528cd321103d14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20M=2E=20Ams=C3=BCss?= <chr...@fsfe.org>
Date: Fri, 17 Jan 2020 08:53:44 +0100
Subject: [PATCH 1/4] Refresh hands-off-system-packages.patch

This refreshment is slightly incomplete as upstream added  note about
normalization requirements on the paths (which the patched version does
not assume); that will need to be reviewed by someone who knows the
original intentions or more context.
---
 debian/patches/hands-off-system-packages.patch | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/debian/patches/hands-off-system-packages.patch b/debian/patches/hands-off-system-packages.patch
index 564a266..ef28a6c 100644
--- a/debian/patches/hands-off-system-packages.patch
+++ b/debian/patches/hands-off-system-packages.patch
@@ -17,13 +17,11 @@ Last-Update: 2014-12-04
 Patch-Name: hands-off-system-packages.patch
 ---
 
-Index: python-pip/src/pip/_internal/utils/misc.py
-===================================================================
---- python-pip.orig/src/pip/_internal/utils/misc.py
-+++ python-pip/src/pip/_internal/utils/misc.py
-@@ -289,22 +289,40 @@ def renames(old, new):
- 
+--- a/src/pip/_internal/utils/misc.py
++++ b/src/pip/_internal/utils/misc.py
+@@ -348,25 +348,42 @@
  def is_local(path):
+     # type: (str) -> bool
      """
 -    Return True if path is within sys.prefix, if we're running in a virtualenv.
 +    Return True if this is a path pip is allowed to modify.
@@ -39,11 +37,12 @@ Index: python-pip/src/pip/_internal/utils/misc.py
 +    and the domain of the OS vendor. (In other words, everything _other
 +    than_ sys.prefix is considered local.)
  
+     Caution: this function assumes the head of path has been normalized
+     with normalize_path.
      """
 -    if not running_under_virtualenv():
 -        return True
--    return normalize_path(path).startswith(normalize_path(sys.prefix))
-+
+-    return path.startswith(normalize_path(sys.prefix))
 +    path = normalize_path(path)
 +    prefix = normalize_path(sys.prefix)
 +
@@ -61,6 +60,7 @@ Index: python-pip/src/pip/_internal/utils/misc.py
  
  
  def dist_is_local(dist):
+     # type: (Distribution) -> bool
      """
 -    Return True if given Distribution object is installed locally
 -    (i.e. within current virtualenv).
-- 
2.25.0.rc2

From 982000b6803625f9796c91d380a5c54c23543e0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20M=2E=20Ams=C3=BCss?= <chr...@fsfe.org>
Date: Fri, 17 Jan 2020 09:09:22 +0100
Subject: [PATCH 2/4] Regular patch refreshing (some manual)

---
 debian/patches/set_user_default.patch | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/debian/patches/set_user_default.patch b/debian/patches/set_user_default.patch
index 3858f55..f6ecb97 100644
--- a/debian/patches/set_user_default.patch
+++ b/debian/patches/set_user_default.patch
@@ -26,8 +26,8 @@ Patch-Name: set_user_default.patch
 @@ -545,8 +545,10 @@
  location that is specific to a user.  The default location for each OS is
  explained in the python documentation for the `site.USER_BASE
- <https://docs.python.org/3/library/site.html#site.USER_BASE>`_ variable.  This mode
--of installation can be turned on by specifying the :ref:`--user
+ <https://docs.python.org/3/library/site.html#site.USER_BASE>`_ variable.
+-This mode of installation can be turned on by specifying the :ref:`--user
 -<install_--user>` option to ``pip install``.
 +of installation is the default on Debian and derivative systems (--user has no
 +effect) when inside non-virtual environments, and when the script is run as
@@ -38,15 +38,15 @@ Patch-Name: set_user_default.patch
  ``PYTHONUSERBASE`` environment variable, which updates the value of ``site.USER_BASE``.
 --- a/src/pip/_internal/commands/install.py
 +++ b/src/pip/_internal/commands/install.py
-@@ -35,6 +35,7 @@
- except ImportError:
-     wheel = None
+@@ -51,6 +51,7 @@
+     from pip._internal.req.req_install import InstallRequirement
+     from pip._internal.wheel import BinaryAllowedPredicate
  
 +from pip._internal.locations import running_under_virtualenv
  
  logger = logging.getLogger(__name__)
  
-@@ -95,11 +96,14 @@
+@@ -160,11 +161,14 @@
              help="Install to the Python user install directory for your "
                   "platform. Typically ~/.local/, or %APPDATA%\\Python on "
                   "Windows. (See the Python documentation for site.USER_BASE "
@@ -64,7 +64,7 @@ Patch-Name: set_user_default.patch
              help=SUPPRESS_HELP)
          cmd_opts.add_option(
              '--root',
-@@ -116,6 +120,13 @@
+@@ -181,6 +185,13 @@
              help="Installation prefix where lib, bin and other top-level "
                   "folders are placed")
  
@@ -78,9 +78,9 @@ Patch-Name: set_user_default.patch
          cmd_opts.add_option(cmdoptions.build_dir())
  
          cmd_opts.add_option(cmdoptions.src())
-@@ -223,6 +234,15 @@
-         else:
-             python_versions = None
+@@ -290,6 +301,15 @@
+ 
+         cmdoptions.check_dist_restriction(options, check_target=True)
  
 +        # compute install location defaults
 +        if (not options.use_user_site and not options.prefix_path and not
-- 
2.25.0.rc2

From 04401bc547a2bfabc6479f2c9fc5e3a5684d116d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20M=2E=20Ams=C3=BCss?= <chr...@fsfe.org>
Date: Fri, 17 Jan 2020 09:17:49 +0100
Subject: [PATCH 3/4] Remove patch resolved upstream

---
 ...catch_requests_HTTPError_in_index.py.patch | 47 -------------------
 debian/patches/series                         |  1 -
 2 files changed, 48 deletions(-)
 delete mode 100644 debian/patches/Properly_catch_requests_HTTPError_in_index.py.patch

diff --git a/debian/patches/Properly_catch_requests_HTTPError_in_index.py.patch b/debian/patches/Properly_catch_requests_HTTPError_in_index.py.patch
deleted file mode 100644
index 40aa882..0000000
--- a/debian/patches/Properly_catch_requests_HTTPError_in_index.py.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Description: Properly catch requests' HTTPError in index.py
- This resolves issue #4195.
- .
- In index.py's index retrieval routine we were catching
- requests.HTTPError to log and ignore 404s and other similar HTTP server
- errors when pulling from (extra-)index-urls. Unfortunately, the actual
- path to that exception is requests.exceptions.HTTPError and the alias we
- were using does not work when pip is installed with unvendored libs as
- with the debian packaged pip.
- .
- Thankfully the fix is simple. Import and use
- requests.exceptions.HTTPError. This comes with the added bonus of
- fitting in with the existing handling for RetryError and SSLError. With
- this change in place upstream pip and downstream packaged pip should
- both catch this exception properly.
- .
- Note: I've not added any tests cases as I'm unsure how to test the
- distro packaging case within pip's testsuite. However, the existing test
- suite should hopefully cover that this isn't a regression and I've
- manually confirmed that this works with a hacked up debian package
- install. Also this is how we handle RetryError and SSLError.
-Author: Clark Boylan <clark.boy...@gmail.com>
-Date: Fri, 29 Mar 2019 10:17:31 -0700
-Origin: upstream, https://github.com/pypa/pip/pull/6367/commits/f8292a304deebcf0e4cda2e40caa226c70030f11
-Bug-Debian: https://bugs.debian.org/837764
-Last-Update: 2019-03-30
-
---- python-pip-18.1.orig/src/pip/_internal/index.py
-+++ python-pip-18.1/src/pip/_internal/index.py
-@@ -16,7 +16,7 @@ from pip._vendor.distlib.compat import u
- from pip._vendor.packaging import specifiers
- from pip._vendor.packaging.utils import canonicalize_name
- from pip._vendor.packaging.version import parse as parse_version
--from pip._vendor.requests.exceptions import SSLError
-+from pip._vendor.requests.exceptions import HTTPError, SSLError
- from pip._vendor.six.moves.urllib import parse as urllib_parse
- from pip._vendor.six.moves.urllib import request as urllib_request
- 
-@@ -161,7 +161,7 @@ def _get_html_page(link, session=None):
-             return
- 
-         inst = HTMLPage(resp.content, resp.url, resp.headers)
--    except requests.HTTPError as exc:
-+    except HTTPError as exc:
-         _handle_get_page_fail(link, exc, url)
-     except SSLError as exc:
-         reason = "There was a problem confirming the ssl certificate: "
diff --git a/debian/patches/series b/debian/patches/series
index f681574..92fbab9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,4 +3,3 @@ debundle.patch
 handle-unbundled-requests.patch
 set_user_default.patch
 disable-pip-version-check.patch
-Properly_catch_requests_HTTPError_in_index.py.patch
-- 
2.25.0.rc2

From 9c9147fadb2bcde039639c9c6713ad5556a5eee6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20M=2E=20Ams=C3=BCss?= <chr...@fsfe.org>
Date: Fri, 17 Jan 2020 09:34:08 +0100
Subject: [PATCH 4/4] Patches: Refresh fuzz

---
 debian/patches/debundle.patch                  | 4 +---
 debian/patches/disable-pip-version-check.patch | 4 ++--
 debian/patches/handle-unbundled-requests.patch | 2 +-
 debian/patches/set_user_default.patch          | 4 ++--
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/debian/patches/debundle.patch b/debian/patches/debundle.patch
index c59de1f..08f8d1e 100644
--- a/debian/patches/debundle.patch
+++ b/debian/patches/debundle.patch
@@ -8,11 +8,9 @@ Patch-Name: debundle.patch
  pip/_vendor/__init__.py | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
-diff --git a/pip/_vendor/__init__.py b/pip/_vendor/__init__.py
-index bee5f5e..7e9da3e 100644
 --- a/src/pip/_vendor/__init__.py
 +++ b/src/pip/_vendor/__init__.py
-@@ -14,13 +14,13 @@ import sys
+@@ -14,13 +14,13 @@
  # Downstream redistributors which have debundled our dependencies should also
  # patch this value to be true. This will trigger the additional patching
  # to cause things like "six" to be available as pip.
diff --git a/debian/patches/disable-pip-version-check.patch b/debian/patches/disable-pip-version-check.patch
index 33ca3db..019ff76 100644
--- a/debian/patches/disable-pip-version-check.patch
+++ b/debian/patches/disable-pip-version-check.patch
@@ -10,7 +10,7 @@ Patch-Name: disable-pip-version-check.patch
 
 --- a/src/pip/_internal/cli/cmdoptions.py
 +++ b/src/pip/_internal/cli/cmdoptions.py
-@@ -613,7 +613,7 @@
+@@ -790,7 +790,7 @@
      "--disable-pip-version-check",
      dest="disable_pip_version_check",
      action="store_true",
@@ -18,4 +18,4 @@ Patch-Name: disable-pip-version-check.patch
 +    default=True,
      help="Don't periodically check PyPI to determine whether a new version "
           "of pip is available for download. Implied with --no-index.",
- )  # type: Any
+ )  # type: Callable[..., Option]
diff --git a/debian/patches/handle-unbundled-requests.patch b/debian/patches/handle-unbundled-requests.patch
index 7d5eb3d..c37dc63 100644
--- a/debian/patches/handle-unbundled-requests.patch
+++ b/debian/patches/handle-unbundled-requests.patch
@@ -10,7 +10,7 @@ Patch-Name: handle-unbundled-requests.patch
 
 --- a/src/pip/_vendor/__init__.py
 +++ b/src/pip/_vendor/__init__.py
-@@ -91,8 +91,12 @@
+@@ -90,8 +90,12 @@
      vendored("requests.packages.urllib3.fields")
      vendored("requests.packages.urllib3.filepost")
      vendored("requests.packages.urllib3.packages")
diff --git a/debian/patches/set_user_default.patch b/debian/patches/set_user_default.patch
index f6ecb97..3a18afb 100644
--- a/debian/patches/set_user_default.patch
+++ b/debian/patches/set_user_default.patch
@@ -23,7 +23,7 @@ Patch-Name: set_user_default.patch
 
 --- a/docs/html/user_guide.rst
 +++ b/docs/html/user_guide.rst
-@@ -545,8 +545,10 @@
+@@ -553,8 +553,10 @@
  location that is specific to a user.  The default location for each OS is
  explained in the python documentation for the `site.USER_BASE
  <https://docs.python.org/3/library/site.html#site.USER_BASE>`_ variable.
@@ -35,7 +35,7 @@ Patch-Name: set_user_default.patch
 +:ref:`--system <install_--system>` option to ``pip install``.
  
  Moreover, the "user scheme" can be customized by setting the
- ``PYTHONUSERBASE`` environment variable, which updates the value of ``site.USER_BASE``.
+ ``PYTHONUSERBASE`` environment variable, which updates the value of
 --- a/src/pip/_internal/commands/install.py
 +++ b/src/pip/_internal/commands/install.py
 @@ -51,6 +51,7 @@
-- 
2.25.0.rc2

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Python-modules-team mailing list
Python-modules-team@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team

Reply via email to