gnu: python-certifi: Use system SSL certificates.

* gnu/packages/python-crypto.scm (python-certifi)[replacement]: New field. (python-certifi/fixed): Provide a python-certifi which only offers to use the system's SSL certificates. Change-Id: Ie1871be42988dff3cccfe24bca626149fee0f371
2025-01-31 06:46:50 +01:00 · 2023-11-28 12:34:18 +02:00 · 2023-11-28 12:34:18 +02:00 · d020191ed9
commit d020191ed9
parent 12f02c9bb8
1 changed files with 36 additions and 0 deletions
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@ -469,6 +469,7 @@ (define-public python-certifi
  (package
    (name "python-certifi")
    (version "2022.6.15")
+    (replacement python-certifi/fixed)
    (source (origin
              (method url-fetch)
              (uri (pypi-uri "certifi" version))
@ -484,6 +485,41 @@ (define-public python-certifi
 is used by the Requests library to verify HTTPS requests.")
    (license license:asl2.0)))

+(define python-certifi/fixed
+  (package
+    (inherit python-certifi)
+    (source (origin
+              (inherit (package-source python-certifi))
+              (snippet
+               #~(begin
+                   (delete-file "certifi/cacert.pem")
+                   (delete-file "certifi/core.py")
+                   (with-output-to-file "certifi/core.py"
+                     (lambda _
+                       (display "\"\"\"
+certifi.py
+~~~~~~~~~~
+This file is a Guix-specific version of core.py.
+
+This module returns the installation location of SSL_CERT_FILE or
+/etc/ssl/certs/ca-certificates.crt, or its contents.
+\"\"\"
+import os
+
+_CA_CERTS = None
+
+try:
+    _CA_CERTS = os.environ [\"SSL_CERT_FILE\"]
+except:
+    _CA_CERTS = os.path.join(\"/etc\", \"ssl\", \"certs\", \"ca-certificates.crt\")
+
+def where() -> str:
+    return _CA_CERTS
+
+def contents() -> str:
+    with open(where(), \"r\", encoding=\"ascii\") as data:
+        return data.read()")))))))))
+
 (define-public python-cryptography-vectors
  (package
    (name "python-cryptography-vectors")