GNU bug report logs - #70179
[PATCH 0/3] Use system nss-certs in Python.

Previous Next

Package: guix-patches;

Reported by: Efraim Flashner <efraim <at> flashner.co.il>

Date: Thu, 4 Apr 2024 05:56:03 UTC

Severity: normal

Tags: patch

Done: Efraim Flashner <efraim <at> flashner.co.il>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Efraim Flashner <efraim <at> flashner.co.il>
To: 70179 <at> debbugs.gnu.org
Cc: Efraim Flashner <efraim <at> flashner.co.il>
Subject: [bug#70179] [PATCH v2 2/3] gnu: python-pip: Use system SSL certificates.
Date: Thu,  4 Apr 2024 08:56:45 +0300

* gnu/packages/python-build.scm (python-pip)[replacement]: New
field.
(python-pip/fixed): Provide a python-pip with a patched python-certifi
which only offers to use the system's SSL certificates.

Change-Id: Icea0769b881dc8d760562f0405fa8ea8167a4bd4
---
 gnu/packages/python-build.scm | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/gnu/packages/python-build.scm b/gnu/packages/python-build.scm
index 2ea457cdba..5b71d1502e 100644
--- a/gnu/packages/python-build.scm
+++ b/gnu/packages/python-build.scm
@@ -260,6 +260,7 @@ (define-public python-pip
   (package
     (name "python-pip")
     (version "23.1")
+    (replacement python-pip/fixed)
     (source
      (origin
        (method url-fetch)
@@ -277,6 +278,39 @@ (define-public python-pip
 Python Package Index (PyPI).")
     (license license:expat)))
 
+(define python-pip/fixed
+  (package
+    (inherit python-pip)
+    (source (origin
+              (inherit (package-source python-pip))
+              (snippet
+               #~(begin
+                   (delete-file "src/pip/_vendor/certifi/cacert.pem")
+                   (delete-file "src/pip/_vendor/certifi/core.py")
+                   (with-output-to-file "src/pip/_vendor/certifi/core.py"
+                     (lambda _
+                       (display "\"\"\"
+certifi.py
+~~~~~~~~~~
+This module returns the installation location of SSL_CERT_FILE or
+/etc/ssl/certs/ca-certificates.crt, or its contents.
+\"\"\"
+import os
+
+_CA_CERTS = None
+
+try:
+    _CA_CERTS = os.environ [\"SSL_CERT_FILE\"]
+except:
+    _CA_CERTS = os.path.join(\"/etc\", \"ssl\", \"certs\", \"ca-certificates.crt\")
+
+def where() -> str:
+    return _CA_CERTS
+
+def contents() -> str:
+    with open(where(), \"r\", encoding=\"ascii\") as data:
+        return data.read()")))))))))
+
 (define-public python-setuptools
   (package
     (name "python-setuptools")
-- 
Efraim Flashner   <efraim <at> flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
This bug report was last modified 1 year and 66 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.