py-pip-audit: add upgrade candidate, currently broken

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: py-pip-audit: add upgrade candidate, currently broken
From: Thomas Klausner <tk%giga.or.at@localhost>
Date: Tue, 07 Dec 2021 18:07:31 +0000
Module Name:	pkgsrc-wip
Committed By:	Thomas Klausner <tk%giga.or.at@localhost>
Pushed By:	wiz
Date:		Tue Dec 7 19:07:31 2021 +0100
Changeset:	2e97035d39e3c1ae61463a2b4929a51e38194bd5

Modified Files:
	Makefile
Added Files:
	py-pip-audit/ALTERNATIVES
	py-pip-audit/DESCR
	py-pip-audit/Makefile
	py-pip-audit/PLIST
	py-pip-audit/TODO
	py-pip-audit/distinfo

Log Message:
py-pip-audit: add upgrade candidate, currently broken

See https://github.com/trailofbits/pip-audit/issues/195

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=2e97035d39e3c1ae61463a2b4929a51e38194bd5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 Makefile                  |  1 +
 py-pip-audit/ALTERNATIVES |  1 +
 py-pip-audit/DESCR        |  4 +++
 py-pip-audit/Makefile     | 51 ++++++++++++++++++++++++++++++
 py-pip-audit/PLIST        | 80 +++++++++++++++++++++++++++++++++++++++++++++++
 py-pip-audit/TODO         |  2 ++
 py-pip-audit/distinfo     |  5 +++
 7 files changed, 144 insertions(+)

diffs:
diff --git a/Makefile b/Makefile
index 5f1457478a..e2ffd47f67 100644
--- a/Makefile
+++ b/Makefile
@@ -4283,6 +4283,7 @@ SUBDIR+=	py-picture-to-gds
 SUBDIR+=	py-pillow
 SUBDIR+=	py-pinout
 SUBDIR+=	py-pint
+SUBDIR+=	py-pip-audit
 SUBDIR+=	py-pip2pi
 SUBDIR+=	py-pipdeptree
 SUBDIR+=	py-pipenv
diff --git a/py-pip-audit/ALTERNATIVES b/py-pip-audit/ALTERNATIVES
new file mode 100644
index 0000000000..92e2cd1851
--- /dev/null
+++ b/py-pip-audit/ALTERNATIVES
@@ -0,0 +1 @@
+bin/pip-audit @PREFIX@/bin/pip-audit-@PYVERSSUFFIX@
diff --git a/py-pip-audit/DESCR b/py-pip-audit/DESCR
new file mode 100644
index 0000000000..9ad6523ba9
--- /dev/null
+++ b/py-pip-audit/DESCR
@@ -0,0 +1,4 @@
+pip-audit is a prototype tool for scanning Python environments for
+packages with known vulnerabilities. It uses the Python Packaging
+Advisory Database via the PyPI JSON API as a source of vulnerability
+reports.
diff --git a/py-pip-audit/Makefile b/py-pip-audit/Makefile
new file mode 100644
index 0000000000..34b7a0c42a
--- /dev/null
+++ b/py-pip-audit/Makefile
@@ -0,0 +1,51 @@
+# $NetBSD: Makefile,v 1.1 2021/11/16 16:04:40 wiz Exp $
+
+DISTNAME=	pip-audit-1.1.0
+PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
+CATEGORIES=	security python
+# pypi file does not include tests
+#MASTER_SITES=	${MASTER_SITE_PYPI:=p/pip-audit/}
+MASTER_SITES=	${MASTER_SITE_GITHUB:=trailofbits/}
+GITHUB_PROJECT=	pip-audit
+GITHUB_TAG=	v${PKGVERSION_NOREV}
+
+MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=	https://pypi.org/project/pip-audit/
+COMMENT=	Scan Python environments for known vulnerabilities
+LICENSE=	apache-2.0
+
+DEPENDS+=	${PYPKGPREFIX}-cachecontrol>=0.12.6:../../devel/py-cachecontrol
+DEPENDS+=	${PYPKGPREFIX}-cyclonedx-python-lib-[0-9]*:../../security/py-cyclonedx-python-lib
+DEPENDS+=	${PYPKGPREFIX}-html5lib>=1.1:../../textproc/py-html5lib
+DEPENDS+=	${PYPKGPREFIX}-lockfile>=0.12.2:../../devel/py-lockfile
+DEPENDS+=	${PYPKGPREFIX}-packaging>=21.0.0:../../devel/py-packaging
+DEPENDS+=	${PYPKGPREFIX}-pip-api>=0.0.23:../../devel/py-pip-api
+DEPENDS+=	${PYPKGPREFIX}-progress>=1.6:../../devel/py-progress
+DEPENDS+=	${PYPKGPREFIX}-resolvelib>=0.8.0:../../devel/py-resolvelib
+TEST_DEPENDS+=	${PYPKGPREFIX}-pretend-[0-9]*:../../devel/py-pretend
+TEST_DEPENDS+=	${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test
+
+PYTHON_VERSIONS_INCOMPATIBLE=	27
+
+.include "../../lang/python/pyversion.mk"
+
+.if ${_PYTHON_VERSION} == 36
+DEPENDS+=	${PYPKGPREFIX}-dataclasses>=0.6:../../devel/py-dataclasses
+.endif
+
+USE_LANGUAGES=	c
+
+post-install:
+	cd ${DESTDIR}${PREFIX}/bin && \
+        ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
+	${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
+
+# as of 1.1.0
+# 2 failed, 59 passed
+# https://github.com/trailofbits/pip-audit/issues/195
+TEST_ENV+=	PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
+do-test:
+	cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
+
+.include "../../lang/python/egg.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/py-pip-audit/PLIST b/py-pip-audit/PLIST
new file mode 100644
index 0000000000..de5cfc1fa9
--- /dev/null
+++ b/py-pip-audit/PLIST
@@ -0,0 +1,80 @@
+@comment $NetBSD$
+bin/pip-audit-${PYVERSSUFFIX}
+${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
+${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
+${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
+${PYSITELIB}/${EGG_INFODIR}/entry_points.txt
+${PYSITELIB}/${EGG_INFODIR}/requires.txt
+${PYSITELIB}/${EGG_INFODIR}/top_level.txt
+${PYSITELIB}/pip_audit/__init__.py
+${PYSITELIB}/pip_audit/__init__.pyc
+${PYSITELIB}/pip_audit/__init__.pyo
+${PYSITELIB}/pip_audit/__main__.py
+${PYSITELIB}/pip_audit/__main__.pyc
+${PYSITELIB}/pip_audit/__main__.pyo
+${PYSITELIB}/pip_audit/_audit.py
+${PYSITELIB}/pip_audit/_audit.pyc
+${PYSITELIB}/pip_audit/_audit.pyo
+${PYSITELIB}/pip_audit/_cli.py
+${PYSITELIB}/pip_audit/_cli.pyc
+${PYSITELIB}/pip_audit/_cli.pyo
+${PYSITELIB}/pip_audit/_dependency_source/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/interface.py
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyc
+${PYSITELIB}/pip_audit/_dependency_source/interface.pyo
+${PYSITELIB}/pip_audit/_dependency_source/pip.py
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyc
+${PYSITELIB}/pip_audit/_dependency_source/pip.pyo
+${PYSITELIB}/pip_audit/_dependency_source/requirement.py
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyc
+${PYSITELIB}/pip_audit/_dependency_source/requirement.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/__init__.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/pypi_provider.pyo
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.py
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyc
+${PYSITELIB}/pip_audit/_dependency_source/resolvelib/resolvelib.pyo
+${PYSITELIB}/pip_audit/_format/__init__.py
+${PYSITELIB}/pip_audit/_format/__init__.pyc
+${PYSITELIB}/pip_audit/_format/__init__.pyo
+${PYSITELIB}/pip_audit/_format/columns.py
+${PYSITELIB}/pip_audit/_format/columns.pyc
+${PYSITELIB}/pip_audit/_format/columns.pyo
+${PYSITELIB}/pip_audit/_format/cyclonedx.py
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyc
+${PYSITELIB}/pip_audit/_format/cyclonedx.pyo
+${PYSITELIB}/pip_audit/_format/interface.py
+${PYSITELIB}/pip_audit/_format/interface.pyc
+${PYSITELIB}/pip_audit/_format/interface.pyo
+${PYSITELIB}/pip_audit/_format/json.py
+${PYSITELIB}/pip_audit/_format/json.pyc
+${PYSITELIB}/pip_audit/_format/json.pyo
+${PYSITELIB}/pip_audit/_service/__init__.py
+${PYSITELIB}/pip_audit/_service/__init__.pyc
+${PYSITELIB}/pip_audit/_service/__init__.pyo
+${PYSITELIB}/pip_audit/_service/interface.py
+${PYSITELIB}/pip_audit/_service/interface.pyc
+${PYSITELIB}/pip_audit/_service/interface.pyo
+${PYSITELIB}/pip_audit/_service/osv.py
+${PYSITELIB}/pip_audit/_service/osv.pyc
+${PYSITELIB}/pip_audit/_service/osv.pyo
+${PYSITELIB}/pip_audit/_service/pypi.py
+${PYSITELIB}/pip_audit/_service/pypi.pyc
+${PYSITELIB}/pip_audit/_service/pypi.pyo
+${PYSITELIB}/pip_audit/_state.py
+${PYSITELIB}/pip_audit/_state.pyc
+${PYSITELIB}/pip_audit/_state.pyo
+${PYSITELIB}/pip_audit/_util.py
+${PYSITELIB}/pip_audit/_util.pyc
+${PYSITELIB}/pip_audit/_util.pyo
+${PYSITELIB}/pip_audit/_version.py
+${PYSITELIB}/pip_audit/_version.pyc
+${PYSITELIB}/pip_audit/_version.pyo
+${PYSITELIB}/pip_audit/_virtual_env.py
+${PYSITELIB}/pip_audit/_virtual_env.pyc
+${PYSITELIB}/pip_audit/_virtual_env.pyo
diff --git a/py-pip-audit/TODO b/py-pip-audit/TODO
new file mode 100644
index 0000000000..224c04f60f
--- /dev/null
+++ b/py-pip-audit/TODO
@@ -0,0 +1,2 @@
+Broken, see
+https://github.com/trailofbits/pip-audit/issues/195
diff --git a/py-pip-audit/distinfo b/py-pip-audit/distinfo
new file mode 100644
index 0000000000..21552bda02
--- /dev/null
+++ b/py-pip-audit/distinfo
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2021/11/16 16:04:40 wiz Exp $
+
+BLAKE2s (pip-audit-1.1.0.tar.gz) = c31697d727e3fe5413a281f37b24e83732afbc20dfead2e436a4680d3fc6e8a4
+SHA512 (pip-audit-1.1.0.tar.gz) = 77c0552f840ca17fb9a80e9dd594bf8faf74aad5331e1689ad6b7c436d29589fd1b5db9db3e41a16679934fe1856ad0d0821ee5c52a5d4508fda6236bdf27f22
+Size (pip-audit-1.1.0.tar.gz) = 41526 bytes
Prev by Date: gnome-boxes: Import gnome-boxes-41.2 as wip/gnome-boxes
Next by Date: *: remove users of py-m2crypto, which is obsolete and doesn't build
Previous by Thread: gnome-boxes: Import gnome-boxes-41.2 as wip/gnome-boxes
Next by Thread: *: remove users of py-m2crypto, which is obsolete and doesn't build
Indexes:
Home | Main Index | Thread Index | Old Index