From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id uBlFAnmMEmY+QwEA62LTzQ:P1 (envelope-from ) for ; Sun, 07 Apr 2024 14:07:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id uBlFAnmMEmY+QwEA62LTzQ (envelope-from ) for ; Sun, 07 Apr 2024 14:07:21 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Etnv4bd3; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1712491640; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-to:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=0icTTi9RPx/z+xgBTHpjUgrJ+R/d4WEIax4sdXQtk5Y=; b=ZqUe8Q2wkBl310EKcfsF1BbiTZotcV6gDjUWy+eUxvoRl9BKEo4lV/WBo5eglxUBs0dhqS MTJ4mBuZgAh6XQUMWzFZC4u/i9NhQcKPdLoVA/1f73t7T6lwdjvxRP5ivAnL91RgzloOqZ BqkXJkRGu3HZ5pfuP9DLwWjdeu18liVrBh3yJKs6iMszxABp8PmubSyMPcrlzPfKehTWw5 HEwu8xknrFmtuvkbZvn7TEFdPZr7a+58I1jRbh9TtW8pXhlX91bYbqopfMXjntdVhqmD55 bEjLhClBBqFgzauiniUcMuiRWqwQaknO+YTxEbFARTGrEroK92ZLLdpDwOI3DA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712491640; a=rsa-sha256; cv=none; b=nIwFcVqPzbgZPjqwVyOT22FVwz29ZrTgwdZexdIPkPZNa+FxXgbhSNrH1upnz1oGRBnXhV oEfLrT29XNToq9lBofzaq6md/oISxd7XCZAWyE1h7C9O09zhiRahXcVVfK1kdqpzgoneyI ujnSP0Wi051281oSH+RTsfdXGX3A5q6cZ+OAxPfffeyNKJMO2VKAleLoxcgmRdRs6OiGsM Vsu0U8EQIZrlXYEB1at+D0O1VpaJ21bQPHH8+R2mpIAQ8RK0CuV4t7lCUTZelZOF0u4lZL qkKbKCLHYzHy5pumRQ3Bhi/07Ww2nKYa1NxyvMpSUV8eJYsO8cee+tO46CFB2Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Etnv4bd3; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 98EA71A362 for ; Sun, 7 Apr 2024 14:07:20 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rtRIa-0000Xv-9g; Sun, 07 Apr 2024 08:07:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rtRIX-0000XJ-Cr for guix-patches@gnu.org; Sun, 07 Apr 2024 08:06:57 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rtRIV-0004FO-JY for guix-patches@gnu.org; Sun, 07 Apr 2024 08:06:57 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rtRIc-00032M-3U for guix-patches@gnu.org; Sun, 07 Apr 2024 08:07:02 -0400 Subject: bug#70179: [PATCH 0/3] Use system nss-certs in Python. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Sun, 07 Apr 2024 12:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 70179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Lars-Dominik Braun Cc: Tanguy Le Carrour , Munyoki Kilyungi , 70179-done@debbugs.gnu.org, jgart , Marius Bakke , Sharlatan Hellseher Received: via spool by 70179-done@debbugs.gnu.org id=D70179.171249161411641 (code D ref 70179); Sun, 07 Apr 2024 12:07:01 +0000 Received: (at 70179-done) by debbugs.gnu.org; 7 Apr 2024 12:06:54 +0000 Received: from localhost ([127.0.0.1]:41764 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtRIR-00031W-UV for submit@debbugs.gnu.org; Sun, 07 Apr 2024 08:06:53 -0400 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]:44431) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtRIN-00030S-Hb for 70179-done@debbugs.gnu.org; Sun, 07 Apr 2024 08:06:49 -0400 Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-343e7c20686so1629447f8f.1 for <70179-done@debbugs.gnu.org>; Sun, 07 Apr 2024 05:06:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712491595; x=1713096395; darn=debbugs.gnu.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=0icTTi9RPx/z+xgBTHpjUgrJ+R/d4WEIax4sdXQtk5Y=; b=Etnv4bd35XjBuFgpGhUDU78k/xKl1t7Opj7/YQKi5DyFOL+VKr34CJkT3YARsDGOon ZuHklcNEyXgF0tk8Mble9UXJv5ZJ1ioBFVkrUMin5FtUoqAlLBJWMKiw5BWdgcy2Mem9 3BEVT2pscrjGv48f/0qOyzMkCHVzlm3X2bPL1PCNekdoxnC2OEcNACwO9WfkCEyMqqkP CpFsAEgCsX+5R2z3S/fXylkmIOcJRZLhVY+89DNy4OCMTfHCBOEbw6GyAhhgKTgEVztp yghY88/Wu7Q22dFe99U58sc0ahqTApq/ufUwKq/oh+W1LME4YeAeuozQLWPgZDWw2qEy Sofg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712491595; x=1713096395; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0icTTi9RPx/z+xgBTHpjUgrJ+R/d4WEIax4sdXQtk5Y=; b=bobUkjIZr3JoKnEF/WRA44x/r/0lkTeCZiPyNy8rnezZzf9h+D15D9KTbiqCCIMhz8 KKM4c9lkghS+h80vZ0bp7Ys1zyd/Ef2mG9/MSm/rLA1mOK055Dry39jxwPpSSfmqhSZF ceFxhXlNh6viWgmMK3TLGZ5tewc5OfC9PywbDOb933gDDStS/aTmI51tpc0wh9e3EATD xhU7J2oMo+rWhU9obQpEffeYAZtE0zEVlFn8pMkEZv9Ew7xVKZGD0bszZBjAK375SFDK txCSLgtpNoZEwuWeTxs0Ybina1E0ft7h4W4coEEWUMn2ixHE+VyRsHwUsVzqaHDUjj29 rf5Q== X-Gm-Message-State: AOJu0YweHUqFH37Zkq+U10HurBcwrO/q0CxJ08pHHjUrtGfWGMWq25sn Jx79XI1KKc3fu4dkDQnERF6MdITT0CQ0V2IuUC+jrY/GPyQYa/g/ X-Google-Smtp-Source: AGHT+IE9wjvpSRjWehpSbQxvqA4MQqeKCuMSDYy7FJ4znMpWjxusgL4K4DLSCs41ldp2vKb4gcvdbA== X-Received: by 2002:a05:600c:3b1d:b0:414:6909:f65f with SMTP id m29-20020a05600c3b1d00b004146909f65fmr5329977wms.6.1712491594355; Sun, 07 Apr 2024 05:06:34 -0700 (PDT) Received: from localhost ([141.226.11.200]) by smtp.gmail.com with ESMTPSA id u10-20020a05600c19ca00b0041632fcf272sm7198937wmq.22.2024.04.07.05.06.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 Apr 2024 05:06:31 -0700 (PDT) Date: Sun, 7 Apr 2024 15:06:29 +0300 From: Efraim Flashner Message-ID: Mail-Followup-To: Efraim Flashner , Lars-Dominik Braun , 70179-done@debbugs.gnu.org, Marius Bakke , Munyoki Kilyungi , Sharlatan Hellseher , Tanguy Le Carrour , jgart References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6Dgyd3vtWhW/8463" Content-Disposition: inline In-Reply-To: X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.43 X-Spam-Score: -3.43 X-Migadu-Queue-Id: 98EA71A362 X-Migadu-Scanner: mx12.migadu.com X-TUID: WXZNeJvxJz5I --6Dgyd3vtWhW/8463 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 05, 2024 at 10:27:46AM +0900, Lars-Dominik Braun wrote: > Hi Efraim, >=20 > > It turns out that the Python ecosystem bundles a version of nss-certs. > > This patch series should change it so that it uses the system nss-certs > > instead. >=20 > I would change the comment at the top of core.py so it mentions this is > a Guix-specific version of certifi.py, so it=E2=80=99s clear the package = has > been altered. You probably don=E2=80=99t need `_CA_CERTS =3D None`, since= the > try=E2=80=A6except clause covers all cases. >=20 > Otherwise LGTM. I left the initial `_CA_CERTS =3D None` as a sort of initial declaration of the variable, since I don't really know python that well and I didn't think it was correct to declare it inside the try=E2=80=A6except. I added the line at the top of core.py saying it was Guix specific and I also adjusted the commit message for python mentioning the $SSL_CERT_FILE in the natives-search-paths. Then I went to build my home-config and I realized what I'd done with the native-search-paths in python-3.10 and I moved it to the replacement python so it wouldn't cause a world rebuild. Patches pushed! --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --6Dgyd3vtWhW/8463 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmYSjEIACgkQQarn3Mo9 g1H7rQ/9G4GYNDI1gXbG9D3f2cbJd+6PSm/ffAV8YyRXWCxASutvuDQ8/cPuNvzt YTyrXkA8FZb6GOF7etLsBhy9BrtzO8Z9KSEhH6AybME167GZ4FVzq5qaVz79ZjKq 4mgBLRCFRXdFKpCIyzhS+a/KLZftzbOjMUFGZoiJ+4HpdZHkuEJRF8zjuqqAU6J9 vdAqmkrQdRWelBKE5B2HOQpAoGdOMos53bRmJNwOskvTQcph5LloWV+SquX99UFM 3TsgN1AOilhTtFi03AsluFigXKCKoaAZTcbqq58JgOrtW5czL+oeX9f8wvb63fgY 9ehlc3yuywMqzZ+l2je81bAZxQ9urHszfFcaShny65C3imOfbRdNFJFVYGMDq1xE wC+Jey7W1JWRUE1UnlbufskeBi6plKyZPObYEHm7OHZC7JpRgYdr/mmkibmY8nCI InTLn7N4OsGFRyYIs8TRe+/H3QFRm2dnSrTfpqNOBRWDVKUEWL4xFAxncjFLI7pE SzhSEztM5idaIWdatA1RwB3vPKbgKw6uSctXCwC5N9RrtDks6lAsbX4m5m+qapYd lW/iwAzGe+QsGtPRQKgGFcICSSnpptIP7bubOcRohsAmraail1zv8lS60W3P7nlt HTa7j4aK6JbSVNzqw1jhB2J1rZUsYi8w60RKWtxuxOU30vunnVo= =Rhg+ -----END PGP SIGNATURE----- --6Dgyd3vtWhW/8463--