| Message ID | cover.1712210069.git.efraim@flashner.co.il |
|---|---|
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 44EC827BBE2; Thu, 4 Apr 2024 06:56:21 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 96C2427BBE9 for <patchwork@mira.cbaines.net>; Thu, 4 Apr 2024 06:56:20 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1rsG5A-0002a1-NQ; Thu, 04 Apr 2024 01:56:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rsG52-0002Z1-IP for guix-patches@gnu.org; Thu, 04 Apr 2024 01:56:09 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rsG4z-0003PP-Sk; Thu, 04 Apr 2024 01:56:07 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rsG4x-0008Cc-AD; Thu, 04 Apr 2024 01:56:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70179] [PATCH 0/3] Use system nss-certs in Python. Resent-From: Efraim Flashner <efraim@flashner.co.il> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: lars@6xq.net, marius@gnu.org, me@bonfacemunyoki.com, sharlatanus@gmail.com, tanguy@bioneland.org, jgart@dismail.de, guix-patches@gnu.org Resent-Date: Thu, 04 Apr 2024 05:56:03 +0000 Resent-Message-ID: <handler.70179.B.171221014031386@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70179@debbugs.gnu.org Cc: Efraim Flashner <efraim@flashner.co.il>, Lars-Dominik Braun <lars@6xq.net>, Marius Bakke <marius@gnu.org>, Munyoki Kilyungi <me@bonfacemunyoki.com>, Sharlatan Hellseher <sharlatanus@gmail.com>, Tanguy Le Carrour <tanguy@bioneland.org>, jgart <jgart@dismail.de> X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Lars-Dominik Braun <lars@6xq.net>, Marius Bakke <marius@gnu.org>, Munyoki Kilyungi <me@bonfacemunyoki.com>, Sharlatan Hellseher <sharlatanus@gmail.com>, Tanguy Le Carrour <tanguy@bioneland.org>, jgart <jgart@dismail.de> Received: via spool by submit@debbugs.gnu.org id=B.171221014031386 (code B ref -1); Thu, 04 Apr 2024 05:56:03 +0000 Received: (at submit) by debbugs.gnu.org; 4 Apr 2024 05:55:40 +0000 Received: from localhost ([127.0.0.1]:60212 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1rsG4Z-0008A9-Ka for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:55:39 -0400 Received: from lists.gnu.org ([2001:470:142::17]:55078) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <efraim.flashner@gmail.com>) id 1rsG4Y-00089O-0N for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:55:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <efraim.flashner@gmail.com>) id 1rsG4N-0002Sy-7r for guix-patches@gnu.org; Thu, 04 Apr 2024 01:55:27 -0400 Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <efraim.flashner@gmail.com>) id 1rsG4K-0002SN-PT for guix-patches@gnu.org; Thu, 04 Apr 2024 01:55:26 -0400 Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2d68651e253so7676541fa.0 for <guix-patches@gnu.org>; Wed, 03 Apr 2024 22:55:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712210123; x=1712814923; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:from:to:cc:subject:date:message-id:reply-to; bh=UeNFVMTMQzapVFAXETwa5wlFJmU1mV2x5a4Md7so8lU=; b=X/WRAAlksE4D3VeUGcXGY4+8KgLwLRzjSObTYoVBb5thdT0mJfoYeSgqjVj3HaHtkn USUSK1vNnzLgNPIiwaMvb9OlDYMTwKvOd8wEXGSG39Pxt/RmgCXh6bJWYcXVT2ayUfNm vpGN4cawx5ipjyDosjITVXCEwpyoxXad3Xi8r4PoO7Rw5ZjPziRN7L14ICxuJINy5XaZ ep66ovncrST+nW3VmHEmWZkctG4pPdSL4bNRYytluAd5vJLLeszT5vVxUAU8r0CMpb2O 0oP14LACRDMpifOHENwxwZ+/5cZRt8yRv1I3mcR0B1Fuzg1IjQa2rV7GGaajKCBNsbd3 Zndw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712210123; x=1712814923; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UeNFVMTMQzapVFAXETwa5wlFJmU1mV2x5a4Md7so8lU=; b=Q+F5oGfsHewxvFA1aHIsa0rjiwE6gVDabCpiPb8cSze8Ah8uGF2G6rJm30QW8qPnKg mImX0DEVAzhelPvewbdulSLkGp5zPxmrGIoOQ8Jot51bGoZrfNpuWYN/ATF1nNTfEQCO XdE0QUBRmS1QdZLc1fwq8Ak6uAIjxDhQlqLRBSOjLrd/Rh5aoj6rPuSoE+bmvfyejX6p 5zyPMJewj2CL3xkQ3IhehbnEtWShCyKrRExmty6T/nJP43pRjmTLVHubYCKaQzWypGPP yJL0NGVkR/kYoar2WapOa4/2iKC5LOrmEPxIPCDYxVmBfgZsASWR0cta8qR1XodGFSMK 16XA== X-Gm-Message-State: AOJu0YwdyAe7hhsQMTGoCXfbS2cxFA5FhTVwL6gBxOh+3NDaam3XhydQ TS0xO4yISoRZ8neC8MTY6hytXTZGwCHRx9oAFgI3tbTPJ8sxRsIikelln1c+ysM= X-Google-Smtp-Source: AGHT+IFE4oKahIfgVgUQK/68jHGfKqJmbC0EiId1kHoGvd3lOOM0cyiJWeoKviyO23okN6OsOaoOxA== X-Received: by 2002:a2e:9c07:0:b0:2d7:7c0:b077 with SMTP id s7-20020a2e9c07000000b002d707c0b077mr1013829lji.43.1712210122409; Wed, 03 Apr 2024 22:55:22 -0700 (PDT) Received: from localhost ([141.226.11.200]) by smtp.gmail.com with ESMTPSA id e21-20020a05600c4e5500b0041629a68b12sm1211134wmq.25.2024.04.03.22.55.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 22:55:21 -0700 (PDT) From: Efraim Flashner <efraim@flashner.co.il> Date: Thu, 4 Apr 2024 08:55:05 +0300 Message-ID: <cover.1712210069.git.efraim@flashner.co.il> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::233; envelope-from=efraim.flashner@gmail.com; helo=mail-lj1-x233.google.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
Use system nss-certs in Python.
|
|
Message
Efraim Flashner
April 4, 2024, 5:55 a.m. UTC
It turns out that the Python ecosystem bundles a version of nss-certs. This patch series should change it so that it uses the system nss-certs instead. Efraim Flashner (3): gnu: python-certifi: Use system SSL certificates. gnu: python-pip: Use system SSL certificates. gnu: python: Use system SSL certificates. gnu/packages/python-build.scm | 34 +++++++++++++++++ gnu/packages/python-crypto.scm | 34 +++++++++++++++++ gnu/packages/python.scm | 67 ++++++++++++++++++++++++++++++++++ 3 files changed, 135 insertions(+) base-commit: 188d18fc47f0d38edfe06e3e5834fa8587bd300b
Comments
Hi Efraim, > It turns out that the Python ecosystem bundles a version of nss-certs. > This patch series should change it so that it uses the system nss-certs > instead. I would change the comment at the top of core.py so it mentions this is a Guix-specific version of certifi.py, so it’s clear the package has been altered. You probably don’t need `_CA_CERTS = None`, since the try…except clause covers all cases. Otherwise LGTM. Lars
On Fri, Apr 05, 2024 at 10:27:46AM +0900, Lars-Dominik Braun wrote: > Hi Efraim, > > > It turns out that the Python ecosystem bundles a version of nss-certs. > > This patch series should change it so that it uses the system nss-certs > > instead. > > I would change the comment at the top of core.py so it mentions this is > a Guix-specific version of certifi.py, so it’s clear the package has > been altered. You probably don’t need `_CA_CERTS = None`, since the > try…except clause covers all cases. > > Otherwise LGTM. I left the initial `_CA_CERTS = None` as a sort of initial declaration of the variable, since I don't really know python that well and I didn't think it was correct to declare it inside the try…except. I added the line at the top of core.py saying it was Guix specific and I also adjusted the commit message for python mentioning the $SSL_CERT_FILE in the natives-search-paths. Then I went to build my home-config and I realized what I'd done with the native-search-paths in python-3.10 and I moved it to the replacement python so it wouldn't cause a world rebuild. Patches pushed!
On Sun, Apr 07, 2024 at 03:06:29PM +0300, Efraim Flashner wrote:
> Patches pushed!
Thanks so much Efraim!