Lars-Dominik Braun writes: >> If there are things that aren't essential to change when changing the >> version, they're fine to have in subsequent commits/patches. > the patches do not depend on each other. The second patch merely > contains quality of life improvements that work with or without bumping > the version. But I though I just send them in one go. Fair enough, the version upgrade works fine for me. Regarding the second patch: diff --git a/gnu/packages/patches/pypy3-7.3.1-ssl-paths.patch b/gnu/packages/patches/pypy3-7.3.1-ssl-paths.patch new file mode 100644 index 0000000000..d21133b4ae --- /dev/null +++ b/gnu/packages/patches/pypy3-7.3.1-ssl-paths.patch @@ -0,0 +1,41 @@ +Fix default certificate search path, still allowing the user to override it +with environment variables. + +--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py ++++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py +@@ -1679,20 +1679,9 @@ def get_default_verify_paths(): + https://golang.org/src/crypto/x509/root_linux.go (for the files) + ''' + certFiles = [ +- "/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc. +- "/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6 +- "/etc/ssl/ca-bundle.pem", # OpenSUSE +- "/etc/pki/tls/cacert.pem", # OpenELEC +- "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7 +- "/etc/ssl/cert.pem", # Alpine Linux + ] + certDirectories = [ +- "/etc/ssl/certs", # SLES10/SLES11 +- "/system/etc/security/cacerts", # Android +- "/usr/local/share/certs", # FreeBSD +- "/etc/pki/tls/certs", # Fedora/RHEL +- "/etc/openssl/certs", # NetBSD +- "/var/ssl/certs", # AIX ++ "@GUIX_CERT_PATH@", + ] I'm not sure about removing these bits. pypy3 from Guix may be used on Debian or Fedora, and maybe using certificates from those systems would be appropriate then? + + # optimization: reuse the values from a local varaible +@@ -1707,9 +1696,10 @@ def get_default_verify_paths(): + ofile = _cstr_decode_fs(lib.X509_get_default_cert_file()) + odir = _cstr_decode_fs(lib.X509_get_default_cert_dir()) + +- if os.path.exists(ofile) and os.path.exists(odir): +- get_default_verify_paths.retval = (ofile_env, ofile, odir_env, odir) +- return get_default_verify_paths.retval ++ if not os.path.exists(ofile): ++ ofile = None ++ if not os.path.exists(odir): ++ odir = None + + # OpenSSL didn't supply the goods. Try some other options + for f in certFiles: @@ -793,7 +806,12 @@ ease from the desktop to a microcontroller or embedded system.") ; attribute 'IntFlag' (invoke "python2" "package.py" "--archive-name" "pypy-dist" - "--builddir" (getcwd))))) + "--builddir" (getcwd)) + ;; install pip and setuptools into the dist directory. + ;; XXX: Breaks virtualenv, because it does not set +w + ;; on files copied from the store. + ;(invoke "pypy-dist/bin/pypy3" "-m" "ensurepip") + ))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (if tests? I'm not quite sure what this would do if it's commented back in.