GNU bug report logs - #70179
[PATCH 0/3] Use system nss-certs in Python.

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#70179: closed ([PATCH 0/3] Use system nss-certs in Python.)
Date: Sun, 07 Apr 2024 12:07:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Sun, 7 Apr 2024 15:06:29 +0300
with message-id <ZhKMRYXxEarT-9q5 <at> 3900XT>
and subject line Re: [bug#70179] [PATCH 0/3] Use system nss-certs in Python.
has caused the debbugs.gnu.org bug report #70179,
regarding [PATCH 0/3] Use system nss-certs in Python.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
70179: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=70179
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Efraim Flashner <efraim <at> flashner.co.il>
To: guix-patches <at> gnu.org
Cc: Efraim Flashner <efraim <at> flashner.co.il>
Subject: [PATCH 0/3] Use system nss-certs in Python.
Date: Thu,  4 Apr 2024 08:55:05 +0300

It turns out that the Python ecosystem bundles a version of nss-certs.
This patch series should change it so that it uses the system nss-certs
instead.

Efraim Flashner (3):
  gnu: python-certifi: Use system SSL certificates.
  gnu: python-pip: Use system SSL certificates.
  gnu: python: Use system SSL certificates.

 gnu/packages/python-build.scm  | 34 +++++++++++++++++
 gnu/packages/python-crypto.scm | 34 +++++++++++++++++
 gnu/packages/python.scm        | 67 ++++++++++++++++++++++++++++++++++
 3 files changed, 135 insertions(+)


base-commit: 188d18fc47f0d38edfe06e3e5834fa8587bd300b
-- 
Efraim Flashner   <efraim <at> flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[Message part 3 (message/rfc822, inline)]

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Lars-Dominik Braun <lars <at> 6xq.net>
Cc: Tanguy Le Carrour <tanguy <at> bioneland.org>,
 Munyoki Kilyungi <me <at> bonfacemunyoki.com>, 70179-done <at> debbugs.gnu.org,
 jgart <jgart <at> dismail.de>, Marius Bakke <marius <at> gnu.org>,
 Sharlatan Hellseher <sharlatanus <at> gmail.com>
Subject: Re: [bug#70179] [PATCH 0/3] Use system nss-certs in Python.
Date: Sun, 7 Apr 2024 15:06:29 +0300

[Message part 4 (text/plain, inline)]

On Fri, Apr 05, 2024 at 10:27:46AM +0900, Lars-Dominik Braun wrote:
> Hi Efraim,
> 
> > It turns out that the Python ecosystem bundles a version of nss-certs.
> > This patch series should change it so that it uses the system nss-certs
> > instead.
> 
> I would change the comment at the top of core.py so it mentions this is
> a Guix-specific version of certifi.py, so it’s clear the package has
> been altered. You probably don’t need `_CA_CERTS = None`, since the
> try…except clause covers all cases.
> 
> Otherwise LGTM.

I left the initial `_CA_CERTS = None` as a sort of initial declaration
of the variable, since I don't really know python that well and I didn't
think it was correct to declare it inside the try…except.

I added the line at the top of core.py saying it was Guix specific and I
also adjusted the commit message for python mentioning the
$SSL_CERT_FILE in the natives-search-paths.

Then I went to build my home-config and I realized what I'd done with
the native-search-paths in python-3.10 and I moved it to the replacement
python so it wouldn't cause a world rebuild.

Patches pushed!

-- 
Efraim Flashner   <efraim <at> flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.