From: Ricardo Wurmus <rekado@elephly.net>
To: Zheng Junjie <zhengjunjie@iscas.ac.cn>
Cc: guix-devel@gnu.org, Efraim Flashner <efraim@flashner.co.il>
Subject: Re: [core-updates] Setting SSL_CERT_FILE in the build environment
Date: Thu, 18 Jul 2024 21:35:02 +0200 [thread overview]
Message-ID: <87h6cmxzmh.fsf@elephly.net> (raw)
In-Reply-To: <87plrdg543.fsf@iscas.ac.cn> (Zheng Junjie's message of "Tue, 16 Jul 2024 15:37:00 +0800")
Zheng Junjie <zhengjunjie@iscas.ac.cn> writes:
> Zheng Junjie <zhengjunjie@iscas.ac.cn> writes:
>
>> Ricardo Wurmus <rekado@elephly.net> writes:
>>
>>> Zheng Junjie <zhengjunjie@iscas.ac.cn> writes:
>>>
>>>> This patch should fix it.
>>>
>>> Thank you for the patch!
>>>
>>>> From f41bf905cfb1395a53cfc0d79315148ac9ba0a79 Mon Sep 17 00:00:00 2001
>>>> Message-ID: <f41bf905cfb1395a53cfc0d79315148ac9ba0a79.1721059686.git.zhengjunjie@iscas.ac.cn>
>>>> From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
>>>> Date: Tue, 16 Jul 2024 00:06:39 +0800
>>>> Subject: [PATCH] gnu: python-requests-next: Fix build.
>>>>
>>>> * gnu/packages/python-web.scm (python-requests-next): Fix build.
>>>> [native-inputs]: Add nss-certs.
>>>> [arguments]: Add set-SSL_CERT_FILE phase.
>>>> <#:modules>: Adjust it.
>>>
>>> This seems rather complicated for something that may have to be added to
>>> a number of packages. Would it make sense to create a package
>>> containing this bundle file, set a search path specification, and add
>>> that to the packages needing it?
>
> I checked it out and thought this patch might be a better way.
>
> From 8d7466eadcb543d538b1f40c4ec06a953c4aa45d Mon Sep 17 00:00:00 2001
> Message-ID: <8d7466eadcb543d538b1f40c4ec06a953c4aa45d.1721115252.git.zhengjunjie@iscas.ac.cn>
> From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
> Date: Tue, 16 Jul 2024 00:06:39 +0800
> Subject: [PATCH] gnu: python-requests-next: Fix build.
>
> * gnu/packages/python-web.scm (python-requests-next): Fix build.
> [arguments]<#:phases>: Add add-check-DEFAULT_CA_BUNDLE_PATH-exists phase.
>
> Change-Id: I1592ef3329fdcd681df618bb12fbc205aa028be3
> ---
> gnu/packages/python-web.scm | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
> index bca7da9139..2926d24b40 100644
> --- a/gnu/packages/python-web.scm
> +++ b/gnu/packages/python-web.scm
> @@ -65,6 +65,7 @@
> ;;; Copyright © 2024 Sharlatan Hellseher <sharlatanus@gmail.com>
> ;;; Copyright © 2024 normally_js <normally_js@posteo.net>
> ;;; Copyright © 2024 Markku Korkeala <markku.korkeala@iki.fi>
> +;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -3621,7 +3622,17 @@ (define-public python-requests-next
> python-urllib3))
> (arguments
> ;; FIXME: Some tests require network access.
> - '(#:tests? #f))
> + (list #:tests? #f
> + #:phases
> + #~(modify-phases %standard-phases
> + (add-after 'unpack 'add-check-DEFAULT_CA_BUNDLE_PATH-exists
> + (lambda _
> + (substitute* "src/requests/adapters.py"
> + ((" _preloaded_ssl_context = create_urllib3_context\\(\\)")
> + " if os.path.exists(DEFAULT_CA_BUNDLE_PATH):
> + _preloaded_ssl_context = create_urllib3_context()")
> + (("_preloaded_ssl_context\\.load_verify_locations\\(")
> + " _preloaded_ssl_context.load_verify_locations(")))))))
What happens when DEFAULT_CA_BUNDLE_PATH does not exist?
Wouldn't it silently skip initializing the SSL context? I would not be
comfortable with this. I think we should just satisfy the test. It is
hard to see the full consequences of patching things here.
DEFAULT_CA_BUNDLE_PATH is the result of using the tools provided by
certifi, which has been patched to give us control over the location of
the bundle. I think that's what we should use.
--
Ricardo
next prev parent reply other threads:[~2024-07-18 19:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-15 10:43 [core-updates] Setting SSL_CERT_FILE in the build environment Ricardo Wurmus
2024-07-15 14:00 ` Ricardo Wurmus
2024-07-15 14:40 ` Ricardo Wurmus
2024-07-15 16:08 ` Zheng Junjie
2024-07-15 16:22 ` Ricardo Wurmus
2024-07-15 17:20 ` Zheng Junjie
2024-07-16 7:37 ` Zheng Junjie
2024-07-18 19:35 ` Ricardo Wurmus [this message]
2024-07-22 9:50 ` Ricardo Wurmus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h6cmxzmh.fsf@elephly.net \
--to=rekado@elephly.net \
--cc=efraim@flashner.co.il \
--cc=guix-devel@gnu.org \
--cc=zhengjunjie@iscas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).