[python-virtualenv/el5] - Epoch 1 to back down the release in epel5. - Remove the bundled pip - Add a patch to tell the user
Toshio くらとみ
toshio at fedoraproject.org
Thu Jun 6 20:33:32 UTC 2013
commit e28ff2a7cab1232ec872e191e62531d1b2e234dd
Author: Toshio Kuratomi <toshio at fedoraproject.org>
Date: Thu Jun 6 13:32:51 2013 -0700
- Epoch 1 to back down the release in epel5.
- Remove the bundled pip
- Add a patch to tell the user that pip is insecure on python-2.4 with
instructions on how to make virtualenv work with a manually downloaded pip
.gitignore | 1 +
python-virtualenv.spec | 17 ++++++++++++++++-
sources | 2 +-
virtualenv-insecure-pip-warning.patch | 23 +++++++++++++++++++++++
4 files changed, 41 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 0fda0e4..d1e9ca5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
virtualenv-1.9.1.tar.gz
+/virtualenv-1.7.2.tar.gz
diff --git a/python-virtualenv.spec b/python-virtualenv.spec
index 7fcfc2c..56b90ed 100644
--- a/python-virtualenv.spec
+++ b/python-virtualenv.spec
@@ -2,14 +2,16 @@
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
Name: python-virtualenv
-Version: 1.9.1
+Version: 1.7.2
Release: 1%{?dist}
+Epoch: 1
Summary: Tool to create isolated Python environments
Group: Development/Languages
License: MIT
URL: http://pypi.python.org/pypi/virtualenv
Source0: http://pypi.python.org/packages/source/v/virtualenv/virtualenv-%{version}.tar.gz
+Patch0: virtualenv-insecure-pip-warning.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -30,6 +32,8 @@ licensed under an MIT-style permissive license.
%prep
%setup -q -n virtualenv-%{version}
+%patch0 -p1
+
%{__sed} -i -e "1s|#!/usr/bin/env python||" virtualenv.py
%build
@@ -47,6 +51,11 @@ rm -rf $RPM_BUILD_ROOT
%{__python} setup.py install --skip-build --root $RPM_BUILD_ROOT
rm -f build/sphinx/html/.buildinfo
+# Remove the bundled pip. Eventually we want to do this (and remove the other bundles)
+# on all releases. Waiting on maintainer views on
+# https://bugzilla.redhat.com/show_bug.cgi?id=749378
+rm $RPM_BUILD_ROOT%{python_sitelib}/virtualenv_support/pip*tar.gz
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -65,6 +74,12 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Jun 6 2013 Toshio Kuratomi <toshio at fedoraproject.org> - 1:1.7.2-1
+- Epoch 1 to back down the release in epel5.
+- Remove the bundled pip
+- Add a patch to tell the user that pip is insecure on python-2.4 with
+ instructions on how to make virtualenv work with a manually downloaded pip
+
* Tue May 14 2013 Toshio Kuratomi <toshio at fedoraproject.org> - 1.9.1-1
- Update to upstream 1.9.1 because of security issues with the bundled
python-pip in older releases. This is just a quick fix until a
diff --git a/sources b/sources
index c048175..839d740 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-07e09df0adfca0b2d487e39a4bf2270a virtualenv-1.9.1.tar.gz
+b5d63b05373a4344ae099a68875aae78 virtualenv-1.7.2.tar.gz
diff --git a/virtualenv-insecure-pip-warning.patch b/virtualenv-insecure-pip-warning.patch
new file mode 100644
index 0000000..bad73bd
--- /dev/null
+++ b/virtualenv-insecure-pip-warning.patch
@@ -0,0 +1,23 @@
+Index: virtualenv-1.7.2/virtualenv.py
+===================================================================
+--- virtualenv-1.7.2.orig/virtualenv.py
++++ virtualenv-1.7.2/virtualenv.py
+@@ -634,6 +634,18 @@ def install_pip(py_executable, search_di
+ if is_jython or is_pypy:
+ cmd.remove('-x')
+ if filename == 'pip':
++ if sys.version_info < (2,5):
++ logger.fatal("Can't find any local distributions of pip to install "
++ "and virtualenv can't download a secure version of pip that "
++ "works with your python version (2.4.x). If you evaluate "
++ "the unfixed security issues in pip-1.1 ( as of this writing: "
++ "https://github.com/pypa/pip/issues/425 and "
++ "https://github.com/pypa/pip/issues/725 ) "
++ "and decide they do not apply to your environment you may "
++ "manually download the pip-1.1 source distribution from pypi ( "
++ "https://pypi.python.org/packages/source/p/pip/pip-1.1.tar.gz ) "
++ "and place it in one of these locations: %r" % search_dirs)
++ sys.exit(1)
+ if never_download:
+ logger.fatal("Can't find any local distributions of pip to install "
+ "and --never-download is set. Either re-run virtualenv "
More information about the scm-commits
mailing list