Wed Dec 8 14:35:00 2021 UTC ()

py-pip-audit: add upstream patch fixing a test failure.


(wiz)

diff -r1.2 -r1.3 pkgsrc/security/py-pip-audit/Makefile
diff -r1.2 -r1.3 pkgsrc/security/py-pip-audit/distinfo
diff -r0 -r1.1 pkgsrc/security/py-pip-audit/patches/patch-test_dependency__source_test__pip.py

--- pkgsrc/security/py-pip-audit/Makefile 2021/12/07 20:27:07 1.2
+++ pkgsrc/security/py-pip-audit/Makefile 2021/12/08 14:35:00 1.3

 @@ -1,14 +1,14 @@
-# $NetBSD: Makefile,v 1.2 2021/12/07 20:27:07 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2021/12/08 14:35:00 wiz Exp $
 DISTNAME=	pip-audit-1.1.0
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=	security python
 # pypi file does not include tests
 #MASTER_SITES=	${MASTER_SITE_PYPI:=p/pip-audit/}
 MASTER_SITES=	${MASTER_SITE_GITHUB:=trailofbits/}
 GITHUB_PROJECT=	pip-audit
 GITHUB_TAG=	v${PKGVERSION_NOREV}
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	https://pypi.org/project/pip-audit/
 COMMENT=	Scan Python environments for known vulnerabilities
 @@ -31,21 +31,20 @@ PYTHON_VERSIONS_INCOMPATIBLE=	27
 .if ${_PYTHON_VERSION} == 36
 DEPENDS+=	${PYPKGPREFIX}-dataclasses>=0.6:../../devel/py-dataclasses
 .endif
 USE_LANGUAGES=	# none
 post-install:
 	cd ${DESTDIR}${PREFIX}/bin && \
         ${MV} pip-audit pip-audit-${PYVERSSUFFIX} || ${TRUE}
 	${RM} -r ${DESTDIR}${PREFIX}/${PYSITELIB}/test
 # as of 1.1.0
-# 2 failed, 59 passed
+# 1 failed, 60 passed
 # https://github.com/trailofbits/pip-audit/issues/195
 TEST_ENV+=	PYTHONPATH=${WRKSRC}/build/lib:${WRKSRC}/build/lib/test
 do-test:
 	cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
 .include "../../lang/python/egg.mk"
 .include "../../mk/bsd.pkg.mk"

--- pkgsrc/security/py-pip-audit/distinfo 2021/12/07 20:27:07 1.2
+++ pkgsrc/security/py-pip-audit/distinfo 2021/12/08 14:35:00 1.3

 @@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.2 2021/12/07 20:27:07 wiz Exp $
+$NetBSD: distinfo,v 1.3 2021/12/08 14:35:00 wiz Exp $
 BLAKE2s (pip-audit-1.1.0.tar.gz) = c31697d727e3fe5413a281f37b24e83732afbc20dfead2e436a4680d3fc6e8a4
 SHA512 (pip-audit-1.1.0.tar.gz) = 77c0552f840ca17fb9a80e9dd594bf8faf74aad5331e1689ad6b7c436d29589fd1b5db9db3e41a16679934fe1856ad0d0821ee5c52a5d4508fda6236bdf27f22
 Size (pip-audit-1.1.0.tar.gz) = 41526 bytes
 SHA1 (patch-test_dependency__source_test__pip.py) = 8cdbbcba2e6d3207cef84046170e3cfb0bb8de59

$NetBSD: patch-test_dependency__source_test__pip.py,v 1.1 2021/12/08 14:35:00 wiz Exp $

https://github.com/trailofbits/pip-audit/commit/8d3e8137fc25a84c077f17909b033bd6752671f1

--- test/dependency_source/test_pip.py.orig	2021-12-06 19:13:47.000000000 +0000
+++ test/dependency_source/test_pip.py
@@ -7,7 +7,6 @@ import pretend  # type: ignore
 import pytest
 from packaging.version import Version
 
-import pip_audit
 from pip_audit._dependency_source import pip
 from pip_audit._service.interface import ResolvedDependency, SkippedDependency
 
@@ -16,14 +15,11 @@ def test_pip_source():
     source = pip.PipSource()
 
     # We're running under pytest, so we can safely assume that pytest is in
-    # our execution environment. We're also running pip_audit itself, so we
-    # can safely test for ourselves.
+    # our execution environment.
     pytest_spec = ResolvedDependency(name="pytest", version=Version(pytest.__version__))
-    pip_audit_spec = ResolvedDependency(name="pip-audit", version=Version(pip_audit.__version__))
 
     specs = list(source.collect())
     assert pytest_spec in specs
-    assert pip_audit_spec in specs
 
 
 def test_pip_source_warns_about_old_pip(monkeypatch):