From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id CMKUAAZBDmZFXgAAe85BDQ:P1 (envelope-from ) for ; Thu, 04 Apr 2024 07:56:22 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id CMKUAAZBDmZFXgAAe85BDQ (envelope-from ) for ; Thu, 04 Apr 2024 07:56:22 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b="X/WRAAlk"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1712210181; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=UeNFVMTMQzapVFAXETwa5wlFJmU1mV2x5a4Md7so8lU=; b=t4gg0EbPG/PJpZY0/LYjaXfYNsJpJK1ALh3t/cKrV+rSnD2BjG5ETxAGkkiwoJlY3hSzh4 8+tMJR5eBhaNDFUtdhFal5MFrzEs6yXz78Iqsv7b4keQUKB1kT4RpwqgAAd3FE14FHSP3H /XPnk8dmH9BMSg0zEOabH3zjD56Rtspxok0kqazcabL/3Gtu+Yn1Q+52pkAGAQ8iBNvwi5 1g/EeZSXx8hyHhynzIIeBVx9IN830pbmAvnkMYp3wEtP4tYK9eeygqr9EZuSefW3LhRPOi cjMt9Z+Mh+srLThCZzYr+gKLkI0Sk5b3BlG3LPN6JY1HBIpSBjpRLV6Kb+MSZw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b="X/WRAAlk"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712210181; a=rsa-sha256; cv=none; b=SmuGCufR8vn3CJBl+mF+Sz3RhNkMRHPHi3/LlqeyUF79QcV+GRchCSQYlK+kKlG38ceNga 3gp4Zw/A1t9rolmEQOoQu05QahOL/eAj9wUw3XXgaqzffiLDA0KFv8ikwluTQOyIiQ8Vp5 O7IQ+gEp55XfwIRfUXwFSrj2MfkM/v1DSzBIg5DCMvKMdv+n058X4z0ld53Gw3stdWT3PG /tTTig7HkSyh16Q5KwsertKvY2u8R1twMQcFL9CZoB1/QuygQa90xPg9Z6WBah785M0m94 mpRobwthp94i3zsaj49Xn9TSs4p0G7O4sMpI9RT2Ce1HsNJBAhMbKwO6Zp+GyA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 620EE74026 for ; Thu, 04 Apr 2024 07:56:21 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsG5A-0002a1-NQ; Thu, 04 Apr 2024 01:56:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsG52-0002Z1-IP for guix-patches@gnu.org; Thu, 04 Apr 2024 01:56:09 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsG4z-0003PP-Sk; Thu, 04 Apr 2024 01:56:07 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rsG4x-0008Cc-AD; Thu, 04 Apr 2024 01:56:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70179] [PATCH 0/3] Use system nss-certs in Python. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: lars@6xq.net, marius@gnu.org, me@bonfacemunyoki.com, sharlatanus@gmail.com, tanguy@bioneland.org, jgart@dismail.de, guix-patches@gnu.org Resent-Date: Thu, 04 Apr 2024 05:56:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70179@debbugs.gnu.org Cc: Efraim Flashner , Lars-Dominik Braun , Marius Bakke , Munyoki Kilyungi , Sharlatan Hellseher , Tanguy Le Carrour , jgart X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Lars-Dominik Braun , Marius Bakke , Munyoki Kilyungi , Sharlatan Hellseher , Tanguy Le Carrour , jgart Received: via spool by submit@debbugs.gnu.org id=B.171221014031386 (code B ref -1); Thu, 04 Apr 2024 05:56:03 +0000 Received: (at submit) by debbugs.gnu.org; 4 Apr 2024 05:55:40 +0000 Received: from localhost ([127.0.0.1]:60212 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG4Z-0008A9-Ka for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:55:39 -0400 Received: from lists.gnu.org ([2001:470:142::17]:55078) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG4Y-00089O-0N for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:55:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsG4N-0002Sy-7r for guix-patches@gnu.org; Thu, 04 Apr 2024 01:55:27 -0400 Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsG4K-0002SN-PT for guix-patches@gnu.org; Thu, 04 Apr 2024 01:55:26 -0400 Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2d68651e253so7676541fa.0 for ; Wed, 03 Apr 2024 22:55:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712210123; x=1712814923; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:from:to:cc:subject:date:message-id:reply-to; bh=UeNFVMTMQzapVFAXETwa5wlFJmU1mV2x5a4Md7so8lU=; b=X/WRAAlksE4D3VeUGcXGY4+8KgLwLRzjSObTYoVBb5thdT0mJfoYeSgqjVj3HaHtkn USUSK1vNnzLgNPIiwaMvb9OlDYMTwKvOd8wEXGSG39Pxt/RmgCXh6bJWYcXVT2ayUfNm vpGN4cawx5ipjyDosjITVXCEwpyoxXad3Xi8r4PoO7Rw5ZjPziRN7L14ICxuJINy5XaZ ep66ovncrST+nW3VmHEmWZkctG4pPdSL4bNRYytluAd5vJLLeszT5vVxUAU8r0CMpb2O 0oP14LACRDMpifOHENwxwZ+/5cZRt8yRv1I3mcR0B1Fuzg1IjQa2rV7GGaajKCBNsbd3 Zndw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712210123; x=1712814923; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UeNFVMTMQzapVFAXETwa5wlFJmU1mV2x5a4Md7so8lU=; b=Q+F5oGfsHewxvFA1aHIsa0rjiwE6gVDabCpiPb8cSze8Ah8uGF2G6rJm30QW8qPnKg mImX0DEVAzhelPvewbdulSLkGp5zPxmrGIoOQ8Jot51bGoZrfNpuWYN/ATF1nNTfEQCO XdE0QUBRmS1QdZLc1fwq8Ak6uAIjxDhQlqLRBSOjLrd/Rh5aoj6rPuSoE+bmvfyejX6p 5zyPMJewj2CL3xkQ3IhehbnEtWShCyKrRExmty6T/nJP43pRjmTLVHubYCKaQzWypGPP yJL0NGVkR/kYoar2WapOa4/2iKC5LOrmEPxIPCDYxVmBfgZsASWR0cta8qR1XodGFSMK 16XA== X-Gm-Message-State: AOJu0YwdyAe7hhsQMTGoCXfbS2cxFA5FhTVwL6gBxOh+3NDaam3XhydQ TS0xO4yISoRZ8neC8MTY6hytXTZGwCHRx9oAFgI3tbTPJ8sxRsIikelln1c+ysM= X-Google-Smtp-Source: AGHT+IFE4oKahIfgVgUQK/68jHGfKqJmbC0EiId1kHoGvd3lOOM0cyiJWeoKviyO23okN6OsOaoOxA== X-Received: by 2002:a2e:9c07:0:b0:2d7:7c0:b077 with SMTP id s7-20020a2e9c07000000b002d707c0b077mr1013829lji.43.1712210122409; Wed, 03 Apr 2024 22:55:22 -0700 (PDT) Received: from localhost ([141.226.11.200]) by smtp.gmail.com with ESMTPSA id e21-20020a05600c4e5500b0041629a68b12sm1211134wmq.25.2024.04.03.22.55.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 22:55:21 -0700 (PDT) From: Efraim Flashner Date: Thu, 4 Apr 2024 08:55:05 +0300 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::233; envelope-from=efraim.flashner@gmail.com; helo=mail-lj1-x233.google.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.36 X-Migadu-Scanner: mx11.migadu.com X-Spam-Score: -4.36 X-Migadu-Queue-Id: 620EE74026 X-TUID: MM5kDSYwk+XL It turns out that the Python ecosystem bundles a version of nss-certs. This patch series should change it so that it uses the system nss-certs instead. Efraim Flashner (3): gnu: python-certifi: Use system SSL certificates. gnu: python-pip: Use system SSL certificates. gnu: python: Use system SSL certificates. gnu/packages/python-build.scm | 34 +++++++++++++++++ gnu/packages/python-crypto.scm | 34 +++++++++++++++++ gnu/packages/python.scm | 67 ++++++++++++++++++++++++++++++++++ 3 files changed, 135 insertions(+) base-commit: 188d18fc47f0d38edfe06e3e5834fa8587bd300b -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted