Subject: Prevent removing of the system packages installed under /usr/lib

when pip install -U is executed. Resolves: rhbz#1550368
2018-08-30 15:27:55 +02:00 · 2018-08-30 15:27:55 +02:00 · 50d9d64d96
parent ae152c5ccf
commit 50d9d64d96
2 changed files with 100 additions and 1 deletions
--- a/python-pip.spec
+++ b/python-pip.spec
@ -22,7 +22,7 @@
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        18.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A tool for installing and managing Python packages
 Group:          Development/Libraries

@ -88,6 +88,11 @@ Patch1:         emit-a-warning-when-running-with-root-privileges.patch
 # Add path to the doc themes to conf.py
 Patch2:         html_theme_path.patch

+# Prevent removing of the system packages installed under /usr/lib
+# when pip install -U is executed.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24
+Patch3:         remove-existing-dist-only-if-path-conflicts.patch
+
 # Downstream only patch
 # Users might have local installations of pip from using
 # `pip install --user --upgrade pip` on older versions.
@ -250,6 +255,7 @@ popd
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1


 %build
@ -447,6 +453,11 @@ export PYTHONPATH=src
 %endif

 %changelog
+* Tue Sep 18 2018 Victor Stinner <vstinner@redhat.com> - 18.0-4
+- Prevent removing of the system packages installed under /usr/lib
+  when pip install -U is executed. Original patch by Michal Cyprian.
+  Resolves: rhbz#1550368.
+
 * Wed Aug 08 2018 Miro Hrončok <mhroncok@redhat.com> - 18.0-3
 - Create python-pip-wheel package with the wheel

--- a/remove-existing-dist-only-if-path-conflicts.patch
+++ b/remove-existing-dist-only-if-path-conflicts.patch
@ -0,0 +1,88 @@
+commit b6d5da6796801862eb751a93d507c343af0604d6
+Author: Victor Stinner <vstinner@redhat.com>
+Date:   Tue Sep 18 17:13:51 2018 +0200
+
+    Subject: Prevent removing of the system packages installed under /usr/lib
+    
+    when pip install -U is executed.
+    
+    Resolves: rhbz#1550368
+    
+    Co-Authored-By: Michal Cyprian <m.cyprian@gmail.com>
+
+diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
+index 8e91ecb..9beb100 100644
+--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
+@@ -36,7 +36,7 @@ from pip._internal.utils.hashes import Hashes
+ from pip._internal.utils.logging import indent_log
+ from pip._internal.utils.misc import (
+     _make_build_dir, ask_path_exists, backup_dir, call_subprocess,
+-    display_path, dist_in_site_packages, dist_in_usersite, ensure_dir,
+    display_path, dist_in_install_path, dist_in_site_packages, dist_in_usersite, ensure_dir,
+     get_installed_version, is_installable_dir, read_text_file, rmtree,
+ )
+ from pip._internal.utils.setuptools_build import SETUPTOOLS_SHIM
+@@ -503,7 +503,7 @@ class InstallRequirement(object):
+                         "lack sys.path precedence to %s in %s" %
+                         (existing_dist.project_name, existing_dist.location)
+                     )
+-            else:
+            elif dist_in_install_path(existing_dist):
+                 self.conflicts_with = existing_dist
+         return True
+ 
+diff --git a/src/pip/_internal/resolve.py b/src/pip/_internal/resolve.py
+index 8480e48..b118098 100644
+--- a/src/pip/_internal/resolve.py
+++ b/src/pip/_internal/resolve.py
+@@ -20,7 +20,7 @@ from pip._internal.exceptions import (
+ )
+ from pip._internal.req.req_install import InstallRequirement
+ from pip._internal.utils.logging import indent_log
+-from pip._internal.utils.misc import dist_in_usersite, ensure_dir
+from pip._internal.utils.misc import dist_in_install_path, dist_in_usersite, ensure_dir
+ from pip._internal.utils.packaging import check_dist_requires_python
+ 
+ logger = logging.getLogger(__name__)
+@@ -123,7 +123,9 @@ class Resolver(object):
+         """
+         # Don't uninstall the conflict if doing a user install and the
+         # conflict is not a user install.
+-        if not self.use_user_site or dist_in_usersite(req.satisfied_by):
+        if ((not self.use_user_site
+                or dist_in_usersite(req.satisfied_by))
+                and dist_in_install_path(req.satisfied_by)):
+             req.conflicts_with = req.satisfied_by
+         req.satisfied_by = None
+ 
+diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
+index 3236af6..e60287b 100644
+--- a/src/pip/_internal/utils/misc.py
+++ b/src/pip/_internal/utils/misc.py
+@@ -32,7 +32,7 @@ from pip._internal.compat import (
+ from pip._internal.exceptions import CommandError, InstallationError
+ from pip._internal.locations import (
+     running_under_virtualenv, site_packages, user_site, virtualenv_no_global,
+-    write_delete_marker_file,
+    write_delete_marker_file, distutils_scheme,
+ )
+ 
+ if PY2:
+@@ -324,6 +324,16 @@ def dist_in_site_packages(dist):
+     ).startswith(normalize_path(site_packages))
+ 
+ 
+def dist_in_install_path(dist):
+    """
+    Return True if given Distribution is installed in
+    path matching distutils_scheme layout.
+    """
+    norm_path = normalize_path(dist_location(dist))
+    return norm_path.startswith(normalize_path(
+        distutils_scheme("")['purelib'].split('python')[0]))
+
+
+ def dist_is_editable(dist):
+     """Is distribution an editable install?"""
+     for path_item in sys.path: