diff --git a/recipes-compliance/scap-security-guide/files/0001-Replace-pkg_resources.Requirement.patch b/recipes-compliance/scap-security-guide/files/0001-Replace-pkg_resources.Requirement.patch new file mode 100644 index 0000000..604e099 --- /dev/null +++ b/recipes-compliance/scap-security-guide/files/0001-Replace-pkg_resources.Requirement.patch @@ -0,0 +1,127 @@ +From 12f2503c51484005f29dad75c80395352ac8b668 Mon Sep 17 00:00:00 2001 +From: Matthew Burket +Date: Tue, 18 Nov 2025 18:32:45 -0600 +Subject: [PATCH] Replace pkg_resources.Requirement + +Replaced pkg_resources with a custom RequirementParser. +It implements just enough of pkg_resources.Requirement to work for our +project. + +Fixes: #13902 + +Upstream-Status: Backport [https://github.com/ComplianceAsCode/content/commit/12f2503] + +Signed-off-by: Mingli Yu +--- + ssg/requirement_specs.py | 51 ++++++++++++++----- + .../unit/ssg-module/test_requirement_specs.py | 11 ++++ + 2 files changed, 49 insertions(+), 13 deletions(-) + +diff --git a/ssg/requirement_specs.py b/ssg/requirement_specs.py +index 10e6a6f35d..16637ddff8 100644 +--- a/ssg/requirement_specs.py ++++ b/ssg/requirement_specs.py +@@ -1,18 +1,43 @@ + """ + Common functions for processing Requirements Specs in SSG + """ +- +-import pkg_resources + import re ++from typing import Tuple, List + + from ssg import utils + +-# Monkey-patch pkg_resources.safe_name function to keep underscores intact +-# Setuptools recognize the issue: https://github.com/pypa/setuptools/issues/2522 +-pkg_resources.safe_name = lambda name: re.sub('[^A-Za-z0-9_.]+', '-', name) +-# Monkey-patch pkg_resources.safe_extras function to keep dashes intact +-# Setuptools recognize the issue: https://github.com/pypa/setuptools/pull/732 +-pkg_resources.safe_extra = lambda extra: re.sub('[^A-Za-z0-9.-]+', '_', extra).lower() ++ ++class RequirementParser: ++ name: str ++ operation: str ++ version: str ++ extra: str ++ ++ def __init__(self, target_v): ++ match = re.match(r'^(?P[a-zA-Z0-9\-_.]+)\[?(?P[a-zA-Z0-9\-_]+)?]?\s*(?P[>.*)?$', ++ target_v) ++ if match: ++ self.name = match.groupdict().get('name', '') ++ self.operation = match.groupdict().get('operation', '') ++ self.version = match.groupdict().get('version', '') ++ self.extra = match.groupdict().get('extra', '') ++ ++ @property ++ def specs(self) -> List[Tuple[str, str]]: ++ if self.operation and self.version: ++ return [(self.operation, self.version)] ++ else: ++ return [] ++ ++ @property ++ def project_name(self) -> str: ++ return self.name ++ ++ @property ++ def extras(self) -> List[str]: ++ if self.extra: ++ return [self.extra.lower()] ++ return [] + + + def _parse_version_into_evr(version): +@@ -62,11 +87,11 @@ class Requirement: + A class to represent a package requirement with version specifications. + + Attributes: +- _req (pkg_resources.Requirement): The parsed requirement object. ++ _req (RequirementParser): The parsed requirement object. + _specs (utils.VersionSpecifierSet): The set of version specifiers for the requirement. + """ +- def __init__(self, obj): +- self._req = pkg_resources.Requirement.parse(obj) ++ def __init__(self, obj: str): ++ self._req = RequirementParser(obj) + self._specs = utils.VersionSpecifierSet( + [_spec_to_version_specifier(spec) for spec in self._req.specs] + ) +@@ -131,7 +156,7 @@ class Requirement: + bool: True if the package requirement is parametrized (includes extras), + False otherwise. + """ +- return bool(pkg_resources.Requirement.parse(name).extras) ++ return bool(RequirementParser(name).extras) + + @staticmethod + def get_base_for_parametrized(name): +@@ -144,4 +169,4 @@ class Requirement: + Returns: + str: The base project name of the package. + """ +- return pkg_resources.Requirement.parse(name).project_name ++ return RequirementParser(name).project_name +diff --git a/tests/unit/ssg-module/test_requirement_specs.py b/tests/unit/ssg-module/test_requirement_specs.py +index 13c3292b5f..ae078e9a8f 100644 +--- a/tests/unit/ssg-module/test_requirement_specs.py ++++ b/tests/unit/ssg-module/test_requirement_specs.py +@@ -33,3 +33,14 @@ def test_parse_version_into_evr(): + v = requirement_specs._parse_version_into_evr(':') + with pytest.raises(ValueError): + v = requirement_specs._parse_version_into_evr('-') ++ ++def test_requirement_parse(): ++ req = requirement_specs.RequirementParser("package[NetworkManager]>=8.7") ++ assert req.project_name == 'package' ++ assert req.operation == '>=' ++ assert req.version == '8.7' ++ assert req.extras == ['networkmanager'] ++ assert req.specs == [('>=', '8.7')] ++ ++ req = requirement_specs.RequirementParser('linux_os') ++ assert req.project_name == 'linux_os' +-- +2.34.1 + diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.78.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.78.bb index 919a09c..e42b054 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.78.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.78.bb @@ -8,6 +8,7 @@ LICENSE = "BSD-3-Clause" SRCREV = "f7d794851971087db77d4be8eeb716944a1aae21" SRC_URI = "git://github.com/ComplianceAsCode/content.git;protocol=https;branch=stable \ + file://0001-Replace-pkg_resources.Requirement.patch \ file://run_eval.sh \ "