[bug#44656] Upgrade pypy3

Message ID	874klpnrg7.fsf@cbaines.net
State	Not Applicable
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#44656] [PATCH] Upgrade pypy3 Resent-From: Christopher Baines <mail@cbaines.net> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 16 Nov 2020 17:27:02 +0000 Resent-Message-ID: <handler.44656.B44656.160554760225592@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: Lars-Dominik Braun <lars@6xq.net> Cc: 44656@debbugs.gnu.org References: <20201115123911.GA1956@noor.fritz.box> <87zh3ibekx.fsf@cbaines.net> <20201115195549.GA1304@noor.fritz.box> User-agent: mu4e 1.4.13; emacs 27.1 From: Christopher Baines <mail@cbaines.net> In-reply-to: <20201115195549.GA1304@noor.fritz.box> Date: Mon, 16 Nov 2020 17:26:32 +0000 Message-ID: <874klpnrg7.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches
Series	[bug#44656] Upgrade pypy3 \| expand [bug#44656] Upgrade pypy3

Message ID

874klpnrg7.fsf@cbaines.net

State

Not Applicable

Headers

Subject: [bug#44656] [PATCH] Upgrade pypy3
Resent-From: Christopher Baines <mail@cbaines.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 16 Nov 2020 17:27:02 +0000
Resent-Message-ID: <handler.44656.B44656.160554760225592@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: Lars-Dominik Braun <lars@6xq.net>
Cc: 44656@debbugs.gnu.org
References: <20201115123911.GA1956@noor.fritz.box>
 <87zh3ibekx.fsf@cbaines.net> <20201115195549.GA1304@noor.fritz.box>
User-agent: mu4e 1.4.13; emacs 27.1
From: Christopher Baines <mail@cbaines.net>
In-reply-to: <20201115195549.GA1304@noor.fritz.box>
Date: Mon, 16 Nov 2020 17:26:32 +0000
Message-ID: <874klpnrg7.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Precedence: list
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>

Series

[bug#44656] Upgrade pypy3 | expand

Context	Check	Description
cbaines/applying patch	fail	View Laminar job
cbaines/issue	success	View issue

Context

Check

Description

cbaines/applying patch

fail

View Laminar job

cbaines/issue

success

View issue

Commit Message

Christopher Baines Nov. 16, 2020, 5:26 p.m. UTC

Lars-Dominik Braun <lars@6xq.net> writes:

>> If there are things that aren't essential to change when changing the
>> version, they're fine to have in subsequent commits/patches.
> the patches do not depend on each other. The second patch merely
> contains quality of life improvements that work with or without bumping
> the version. But I though I just send them in one go.

Fair enough, the version upgrade works fine for me.

Regarding the second patch:

++    if not os.path.exists(odir):
++        odir = None
+ 
+     # OpenSSL didn't supply the goods. Try some other options
+     for f in certFiles:

@@ -793,7 +806,12 @@ ease from the desktop to a microcontroller or embedded system.")
                                         ; attribute 'IntFlag'
                         (invoke "python2" "package.py"
                                 "--archive-name" "pypy-dist"
-                                "--builddir" (getcwd)))))
+                                "--builddir" (getcwd))
+                        ;; install pip and setuptools into the dist directory.
+                        ;; XXX: Breaks virtualenv, because it does not set +w
+                        ;; on files copied from the store.
+                        ;(invoke "pypy-dist/bin/pypy3" "-m" "ensurepip")
+                        )))
                   (replace 'check
                     (lambda* (#:key tests? #:allow-other-keys)
                       (if tests?

I'm not quite sure what this would do if it's commented back in.

Comments

Lars-Dominik Braun Nov. 17, 2020, 9:38 a.m. UTC | #1

Hi Chris,

> I'm not sure about removing these bits. pypy3 from Guix may be used on
> Debian or Fedora, and maybe using certificates from those systems would
> be appropriate then?
I disagree, because then pypy might behave differently on Guix System
vs. foreign distros. A question up for discussion however is whether
it should depend on nss-certs at all.

> +                        ;; install pip and setuptools into the dist directory.
> +                        ;; XXX: Breaks virtualenv, because it does not set +w
> +                        ;; on files copied from the store.
> +                        ;(invoke "pypy-dist/bin/pypy3" "-m" "ensurepip")
> I'm not quite sure what this would do if it's commented back in.
It would install pip into the same output. Currently our python package
has pip built in and this change would change pypy3 to do the same.
Unfortunately it does not work well on foreign distros, thus I’m leaving
it commented out as future work.

Cheers,
Lars

diff --git a/gnu/packages/patches/pypy3-7.3.1-ssl-paths.patch b/gnu/packages/patches/pypy3-7.3.1-ssl-paths.patch
new file mode 100644
index 0000000000..d21133b4ae
--- /dev/null
+++ b/gnu/packages/patches/pypy3-7.3.1-ssl-paths.patch
@@ -0,0 +1,41 @@ 
+Fix default certificate search path, still allowing the user to override it
+with environment variables.
+
+--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
++++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+@@ -1679,20 +1679,9 @@ def get_default_verify_paths():
+      https://golang.org/src/crypto/x509/root_linux.go (for the files)
+     '''
+     certFiles = [
+-        "/etc/ssl/certs/ca-certificates.crt",                # Debian/Ubuntu/Gentoo etc.
+-        "/etc/pki/tls/certs/ca-bundle.crt",                  # Fedora/RHEL 6
+-        "/etc/ssl/ca-bundle.pem",                            # OpenSUSE
+-        "/etc/pki/tls/cacert.pem",                           # OpenELEC
+-        "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
+-        "/etc/ssl/cert.pem",                                 # Alpine Linux
+     ]
+     certDirectories = [
+-        "/etc/ssl/certs",               # SLES10/SLES11
+-        "/system/etc/security/cacerts", # Android
+-        "/usr/local/share/certs",       # FreeBSD
+-        "/etc/pki/tls/certs",           # Fedora/RHEL
+-        "/etc/openssl/certs",           # NetBSD
+-        "/var/ssl/certs",               # AIX
++        "@GUIX_CERT_PATH@",
+     ]

I'm not sure about removing these bits. pypy3 from Guix may be used on
Debian or Fedora, and maybe using certificates from those systems would
be appropriate then?

+ 
+     # optimization: reuse the values from a local varaible
+@@ -1707,9 +1696,10 @@ def get_default_verify_paths():
+     ofile = _cstr_decode_fs(lib.X509_get_default_cert_file())
+     odir = _cstr_decode_fs(lib.X509_get_default_cert_dir())
+ 
+-    if os.path.exists(ofile) and os.path.exists(odir):
+-        get_default_verify_paths.retval = (ofile_env, ofile, odir_env, odir)
+-        return get_default_verify_paths.retval
++    if not os.path.exists(ofile):
++        ofile = None

[bug#44656] Upgrade pypy3

Checks

Commit Message

Comments

Patch