From patchwork Thu Apr 4 05:56:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Efraim Flashner X-Patchwork-Id: 62694 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 244EA27BBE9; Thu, 4 Apr 2024 06:58:29 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3966E27BBE2 for ; Thu, 4 Apr 2024 06:58:27 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsG6p-00031a-DZ; Thu, 04 Apr 2024 01:57:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsG6n-00030r-R2 for guix-patches@gnu.org; Thu, 04 Apr 2024 01:57:58 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsG6n-0004bs-Ii for guix-patches@gnu.org; Thu, 04 Apr 2024 01:57:57 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rsG6s-0008Pz-A9 for guix-patches@gnu.org; Thu, 04 Apr 2024 01:58:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70179] [PATCH v2 1/3] gnu: python-certifi: Use system SSL certificates. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 04 Apr 2024 05:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70179@debbugs.gnu.org Cc: Efraim Flashner Received: via spool by 70179-submit@debbugs.gnu.org id=B70179.171221023332029 (code B ref 70179); Thu, 04 Apr 2024 05:58:02 +0000 Received: (at 70179) by debbugs.gnu.org; 4 Apr 2024 05:57:13 +0000 Received: from localhost ([127.0.0.1]:60226 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG63-0008KE-4P for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:57:12 -0400 Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233]:45522) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG60-0008JG-Rm for 70179@debbugs.gnu.org; Thu, 04 Apr 2024 01:57:10 -0400 Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2d23114b19dso6585841fa.3 for <70179@debbugs.gnu.org>; Wed, 03 Apr 2024 22:57:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712210218; x=1712815018; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=BsUmFl5wRIrloXQi9/mmrAzboUVjZvnv/2oV4ilX5Ug=; b=UFuU30LuBMrOJvFd88Wg+u49sqR4hJ3CEP5ME/dUYHjjWhQO/2RxGyZtnpr/MdBdL8 gzcBJme9RMvlUAQqLTFqmSp1FTXIOiE3AZB9rfJcCQmazvWIBws6L9Rml3efhTwbJt/+ k7LvrQYNBO3/fJz+ysM5afTlmYxt8YJRM6TCtiQWkFR5z38LJk8FsIcMIPpypFBvl1Pv uZwfxVLisz+vS9KqTrGezf0AoNiujwqegeukxzxpA2LkMnrQy/eGzapATPgZY8hLbbre mbbMnDNQyurZWqzYGYFm3fWEWlM55fs8V3raj8wq46ZxOWahRPf5MTtZtMRiqyfIansI eKJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712210218; x=1712815018; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BsUmFl5wRIrloXQi9/mmrAzboUVjZvnv/2oV4ilX5Ug=; b=WRczqZb9hA7DnkIpDnCu2ilgrTaOHeT92tr4dw0CL20Tlv9T+XPxFbTR1tvlZ0kYCe 6gDXChuvmhftjGNVk4fwWE4lfN4Rmx5NhkdcZ4USOWsqgycQvn2vgMGDd/9XDwyTOMb2 3G7qF1qMXwUB9AWXZkmXWcFeB+ve4QcJMILPyr0J+ikIx7gPo90jz7NxDd6oWJP4c8Tv 40xnVM4Qy8piw7evf6boSoqi7wJLzZAw6SwvZlGm+DwXxmXUw21GdW0qzxkcCsJJMcC+ C90LeXfjvZmoAfC30X42z+VTY5KjajoUz5LnjsQe8bJUKYvI9eita4PLOHh1RNVm/rBu IGkQ== X-Gm-Message-State: AOJu0YwSLqcU9sxMkcB7oY0+RHsL12vo/EYuWfR8lsfJDKrabclebMYf B56qOrBjhAL4bwmc5kCMzPPP8K04ljsHKm5KVgczC8/L9fsMNNqPiYU9jZ9XH8E= X-Google-Smtp-Source: AGHT+IG2KaSYwZplddo9KgdmqbSHBISS7fu4152PiLlsO1dgW5CZLqPTv5IDBEw1yBCJsMzCdnsnJQ== X-Received: by 2002:a2e:aa16:0:b0:2d6:8e88:5a6c with SMTP id bf22-20020a2eaa16000000b002d68e885a6cmr1017889ljb.49.1712210217695; Wed, 03 Apr 2024 22:56:57 -0700 (PDT) Received: from localhost ([141.226.11.200]) by smtp.gmail.com with ESMTPSA id p5-20020a05600c358500b0041486a6f9fcsm1354609wmq.37.2024.04.03.22.56.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 22:56:57 -0700 (PDT) From: Efraim Flashner Date: Thu, 4 Apr 2024 08:56:44 +0300 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/python-crypto.scm (python-certifi)[replacement]: New field. (python-certifi/fixed): Provide a python-certifi which only offers to use the system's SSL certificates. Change-Id: Ie1871be42988dff3cccfe24bca626149fee0f371 --- gnu/packages/python-crypto.scm | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm index 3e1472a6c9..05b6c82fd9 100644 --- a/gnu/packages/python-crypto.scm +++ b/gnu/packages/python-crypto.scm @@ -469,6 +469,7 @@ (define-public python-certifi (package (name "python-certifi") (version "2022.6.15") + (replacement python-certifi/fixed) (source (origin (method url-fetch) (uri (pypi-uri "certifi" version)) @@ -484,6 +485,39 @@ (define-public python-certifi is used by the Requests library to verify HTTPS requests.") (license license:asl2.0))) +(define python-certifi/fixed + (package + (inherit python-certifi) + (source (origin + (inherit (package-source python-certifi)) + (snippet + #~(begin + (delete-file "certifi/cacert.pem") + (delete-file "certifi/core.py") + (with-output-to-file "certifi/core.py" + (lambda _ + (display "\"\"\" +certifi.py +~~~~~~~~~~ +This module returns the installation location of SSL_CERT_FILE or +/etc/ssl/certs/ca-certificates.crt, or its contents. +\"\"\" +import os + +_CA_CERTS = None + +try: + _CA_CERTS = os.environ [\"SSL_CERT_FILE\"] +except: + _CA_CERTS = os.path.join(\"/etc\", \"ssl\", \"certs\", \"ca-certificates.crt\") + +def where() -> str: + return _CA_CERTS + +def contents() -> str: + with open(where(), \"r\", encoding=\"ascii\") as data: + return data.read()"))))))))) + (define-public python-cryptography-vectors (package (name "python-cryptography-vectors") From patchwork Thu Apr 4 05:56:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Efraim Flashner X-Patchwork-Id: 62692 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2428627BBEA; Thu, 4 Apr 2024 06:58:16 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C3DCE27BBE9 for ; Thu, 4 Apr 2024 06:58:15 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsG6q-00031o-No; Thu, 04 Apr 2024 01:58:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsG6o-000317-C1 for guix-patches@gnu.org; Thu, 04 Apr 2024 01:57:58 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsG6o-0004by-1w for guix-patches@gnu.org; Thu, 04 Apr 2024 01:57:58 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rsG6s-0008Q7-Q5 for guix-patches@gnu.org; Thu, 04 Apr 2024 01:58:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70179] [PATCH v2 2/3] gnu: python-pip: Use system SSL certificates. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 04 Apr 2024 05:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70179@debbugs.gnu.org Cc: Efraim Flashner Received: via spool by 70179-submit@debbugs.gnu.org id=B70179.171221023632062 (code B ref 70179); Thu, 04 Apr 2024 05:58:02 +0000 Received: (at 70179) by debbugs.gnu.org; 4 Apr 2024 05:57:16 +0000 Received: from localhost ([127.0.0.1]:60229 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG67-0008L3-Sg for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:57:16 -0400 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]:45453) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG62-0008JZ-9f for 70179@debbugs.gnu.org; Thu, 04 Apr 2024 01:57:10 -0400 Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-4162ae2a0e4so1047575e9.3 for <70179@debbugs.gnu.org>; Wed, 03 Apr 2024 22:57:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712210219; x=1712815019; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=ekAXT9ZOJT6Nt9fVZMsjmxxSkyM/Zt3Jx52VUOyAQdY=; b=krNyTkVleoxwlvOqzmWsrkwRwmIKWRlSvM6V7zlIRYG1gMZh7JJCf0SSJxyXpFo8Xs OnD7CwyncqmpZ4I3iDF+dcYj2TNNF+cb97HReu182xibEqvw79IyyNSWStQjSbj17DuD Gjk3hgwhAtDHe47OUwcLfoukaxfS1wSRY0rqljKEfk6nLfUS3dP0piMeW1zlm01FFK9N tGW6U4jkg+HfkRzTqjMpT35ntD+V3hBjWMXOLCg/2a5rdhGU+sMyHc0bdP+QGlnA15hP 9bkA147kjjtpaksJpvAJj5QusAGUxKelOLeMDXYliCzG6+Q8NBt0gbQKDkofuUwatgSp iNQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712210219; x=1712815019; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ekAXT9ZOJT6Nt9fVZMsjmxxSkyM/Zt3Jx52VUOyAQdY=; b=ozkvWv5z/VJXwMeDTK/6jtTdMx442yXBFd8LCBrE+eSM2j4qjSztxjR1PDW/bN1nD2 7Xp8wc8SniMLJlvGzcvvNhPdVmpJ7cDN4E1nKEzIa81nHDoN10PwEMvZ1rMZu//ZgzFt Z7t85RU2piGnQKv+SxhAHtKyGQ49M36hOy1BtFu07dwj8yLnsFcdvogVBPQuxEpN6wIH KLJGwYBHn1pfX+Zmsy29w45FwgLhr41eBGKN500hxqpAsVF6v7V6/sMIcuI8SYzTOSkE FpmQfaTBzJ7wH9plsM43FT2w51iNcV3FEVX5pnPGoxV7LRORO5LE+KQ+VKLv4cyOc3me xdGw== X-Gm-Message-State: AOJu0YwidXwKfqomO8SoPsJftWzvJ5BrRpgy/Rq/66qOCao0df+kwd1K UBEnrOJ73LmVvQPlchyTc5qdUIsAVBJ6KAOrGUwM+o+IqWHPGH0jjYwDstzg0H0= X-Google-Smtp-Source: AGHT+IFlILSVZQCXQl1mHdb/kDWdL8EEITnIk5CiH8/H5pm04PXKKWLxnwVkHBQahOAeffj1wGelKw== X-Received: by 2002:a05:600c:48a4:b0:414:8c5:42ce with SMTP id j36-20020a05600c48a400b0041408c542cemr1204450wmp.19.1712210219363; Wed, 03 Apr 2024 22:56:59 -0700 (PDT) Received: from localhost ([141.226.11.200]) by smtp.gmail.com with ESMTPSA id m10-20020a05600c4f4a00b0041562a58b75sm1359148wmq.13.2024.04.03.22.56.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 22:56:59 -0700 (PDT) From: Efraim Flashner Date: Thu, 4 Apr 2024 08:56:45 +0300 Message-ID: <6426f336e0f7547880b312dd8712998546397d84.1712210069.git.efraim@flashner.co.il> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/python-build.scm (python-pip)[replacement]: New field. (python-pip/fixed): Provide a python-pip with a patched python-certifi which only offers to use the system's SSL certificates. Change-Id: Icea0769b881dc8d760562f0405fa8ea8167a4bd4 --- gnu/packages/python-build.scm | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/gnu/packages/python-build.scm b/gnu/packages/python-build.scm index 2ea457cdba..5b71d1502e 100644 --- a/gnu/packages/python-build.scm +++ b/gnu/packages/python-build.scm @@ -260,6 +260,7 @@ (define-public python-pip (package (name "python-pip") (version "23.1") + (replacement python-pip/fixed) (source (origin (method url-fetch) @@ -277,6 +278,39 @@ (define-public python-pip Python Package Index (PyPI).") (license license:expat))) +(define python-pip/fixed + (package + (inherit python-pip) + (source (origin + (inherit (package-source python-pip)) + (snippet + #~(begin + (delete-file "src/pip/_vendor/certifi/cacert.pem") + (delete-file "src/pip/_vendor/certifi/core.py") + (with-output-to-file "src/pip/_vendor/certifi/core.py" + (lambda _ + (display "\"\"\" +certifi.py +~~~~~~~~~~ +This module returns the installation location of SSL_CERT_FILE or +/etc/ssl/certs/ca-certificates.crt, or its contents. +\"\"\" +import os + +_CA_CERTS = None + +try: + _CA_CERTS = os.environ [\"SSL_CERT_FILE\"] +except: + _CA_CERTS = os.path.join(\"/etc\", \"ssl\", \"certs\", \"ca-certificates.crt\") + +def where() -> str: + return _CA_CERTS + +def contents() -> str: + with open(where(), \"r\", encoding=\"ascii\") as data: + return data.read()"))))))))) + (define-public python-setuptools (package (name "python-setuptools") From patchwork Thu Apr 4 05:56:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Efraim Flashner X-Patchwork-Id: 62693 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8DBA227BBEA; Thu, 4 Apr 2024 06:58:16 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7AD8D27BBE2 for ; Thu, 4 Apr 2024 06:58:14 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsG6q-00031p-VT; Thu, 04 Apr 2024 01:58:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsG6o-00031L-QU for guix-patches@gnu.org; Thu, 04 Apr 2024 01:57:58 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsG6o-0004cL-Hk for guix-patches@gnu.org; Thu, 04 Apr 2024 01:57:58 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rsG6t-0008QE-9I for guix-patches@gnu.org; Thu, 04 Apr 2024 01:58:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70179] [PATCH v2 3/3] gnu: python: Use system SSL certificates. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 04 Apr 2024 05:58:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70179@debbugs.gnu.org Cc: Efraim Flashner Received: via spool by 70179-submit@debbugs.gnu.org id=B70179.171221023732069 (code B ref 70179); Thu, 04 Apr 2024 05:58:03 +0000 Received: (at 70179) by debbugs.gnu.org; 4 Apr 2024 05:57:17 +0000 Received: from localhost ([127.0.0.1]:60231 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG68-0008L5-Iq for submit@debbugs.gnu.org; Thu, 04 Apr 2024 01:57:17 -0400 Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334]:53519) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsG63-0008Js-Ub for 70179@debbugs.gnu.org; Thu, 04 Apr 2024 01:57:14 -0400 Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-415523d9824so5512385e9.3 for <70179@debbugs.gnu.org>; Wed, 03 Apr 2024 22:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712210221; x=1712815021; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=sk+eV9aSlXtCBeerCb+NtAcafzPRNpDMrvVbBOu5+ZI=; b=CuV79kJUzECe3KxUyY6awKoUyToNiKa9K07WjFPye/gAxIeX6I/UzLUhfbl1xb7++q 4TP0agWfQXCXKaAlC/7xg1/JT5tpTdtn3DhbPBiOrcJ9goXScHpkSmmTYb5hAJ+ZBPOZ Pnau5Bk+Au71Ft1W0O5H1y/PK8Kl88GWh/wVAK0oz4S5TEv0pIl/4/fpF+lxglA1d0q5 uso3N08epg74YZe4gUcDJnoSbRTC6Tz+8t/yqMiwC9obDVyqLsEFR+FcBjGe0DVGg++P gc4TH90x5tcGWV/JFfZA/DW3kPiFJl2U2+BfBOkmxVEg/ZBuzhWJ0fKMIhrUIYR+LKso b5vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712210221; x=1712815021; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=sk+eV9aSlXtCBeerCb+NtAcafzPRNpDMrvVbBOu5+ZI=; b=W+NXK8gJ1yKb1JhHrANwnFrXwg0cfZ3FxqtYUsAWrHDhuZ8MLqE5j3JTKl6kD2PkY8 hX4XZzOWq4SZBEItXajGXlhcb4LSQnwHr/G2UlcjpsbdRVOaFKa8MHoHAvH660gqwTKA fzjKJT7WYIA6M7x0r/66rBDWKLgEnkU1BhvdFUHmnVLnM2w72pVWbLGQfiF7ZIapLhSf P1h0m3bmMy/EtREG3tlL9HuVHoShdjE6EYTsvAOjPrPSc6xQRuH6bGPmH+/OJyApOGzy B6cLpKqeTxZNnyUIdtL+pcu5yz7aPuLcKTF0DfTu5FXVEUno2vxwofclpS2JQgLQnRNU fU6A== X-Gm-Message-State: AOJu0YxkAngbjZ3D5BD88yjU1RyKJvfUibfJ6OPnO4AgVb+yGo5yMaMw rd/TXcLmMMnspgDs2OBbNqoRodODC0ugQ/lShrN7UeFN0AvurWoyJBc++LtATRk= X-Google-Smtp-Source: AGHT+IFJ4fGhDeOkdLh73Uqe6FRP2b103t0HEAxTwS0PR/3E1HKBwca4LGYFgM/2GDvI1OmZU+2mEA== X-Received: by 2002:a05:600c:6a92:b0:413:feed:b309 with SMTP id jl18-20020a05600c6a9200b00413feedb309mr1150469wmb.6.1712210221076; Wed, 03 Apr 2024 22:57:01 -0700 (PDT) Received: from localhost ([141.226.11.200]) by smtp.gmail.com with ESMTPSA id t10-20020a05600c198a00b004156afd6843sm1368919wmq.18.2024.04.03.22.57.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 22:57:00 -0700 (PDT) From: Efraim Flashner Date: Thu, 4 Apr 2024 08:56:46 +0300 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/python.scm (python)[replacement]: New field. (python/fixed): Provide a python with a patched python-certifi which only offers to use the system's SSL certificates. Change-Id: Ic5bcfb6b32282a7e0628232b1dc4cd60f3f2da52 --- gnu/packages/python.scm | 67 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 12a5148cb1..3ad4c5d5e7 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -96,6 +96,7 @@ (define-module (gnu packages python) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix search-paths) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) @@ -424,6 +425,7 @@ (define-public python-3.10 (inherit python-2) (name "python") (version "3.10.7") + (replacement python-3.10/fixed) (source (origin (method url-fetch) (uri (string-append "https://www.python.org/ftp/python/" @@ -590,6 +592,7 @@ (define-public python-3.10 inputs))) (native-search-paths (list (guix-pythonpath-search-path version) + $SSL_CERT_FILE ;; Used to locate tzdata by the zoneinfo module introduced in ;; Python 3.9. (search-path-specification @@ -982,6 +985,70 @@ (define-public python-3.12 (properties '((cpe-name . "python"))) (license license:psfl))) +(define python-3.10/fixed + (package + (inherit python-3.10) + (arguments + (substitute-keyword-arguments (package-arguments python-3.10) + ((#:phases phases) + #~(modify-phases #$phases + ;; Also remove the bundled CA certificates. + ;; TODO: Rename this phase when merging back into python. + (replace 'remove-windows-binaries + (lambda _ + ;; Delete .exe from embedded .whl (zip) files + (for-each + (lambda (whl) + (let ((dir "whl-content") + (circa-1980 (* 10 366 24 60 60))) + (mkdir-p dir) + (with-directory-excursion dir + (let ((whl (string-append "../" whl))) + (invoke "unzip" whl) + (for-each delete-file + (find-files "." "\\.exe$")) + (delete-file whl) + + ;; Search for cacert.pem, delete it, and rewrite the + ;; file which directs python to look for it. + (let ((cacert (find-files "." "cacert\\.pem"))) + (unless (null? cacert) + (let ((certifi (dirname (car cacert)))) + (delete-file (string-append certifi "/cacert.pem")) + (delete-file (string-append certifi "/core.py")) + (with-output-to-file (string-append certifi "/core.py") + (lambda _ + (display "\"\"\" +certifi.py +~~~~~~~~~~ +This module returns the installation location of SSL_CERT_FILE or +/etc/ssl/certs/ca-certificates.crt, or its contents. +\"\"\" +import os + +_CA_CERTS = None + +try: + _CA_CERTS = os.environ [\"SSL_CERT_FILE\"] +except: + _CA_CERTS = os.path.join(\"/etc\", \"ssl\", \"certs\", \"ca-certificates.crt\") + +def where() -> str: + return _CA_CERTS + +def contents() -> str: + with open(where(), \"r\", encoding=\"ascii\") as data: + return data.read()")))))) + + ;; Reset timestamps to prevent them from ending + ;; up in the Zip archive. + (ftw "." (lambda (file stat flag) + (utime file circa-1980 circa-1980) + #t)) + (apply invoke "zip" "-X" whl + (find-files "." #:directories? #t)))) + (delete-file-recursively dir))) + (find-files "Lib/ensurepip" "\\.whl$")))))))))) ;; Next 3.x version. (define-public python-next python-3.12)