pyrox.dev
1{ lib
2, buildPythonPackage
3, cacert
4, pythonOlder
5, fetchFromGitHub
6, pytestCheckHook
7}:
8
9buildPythonPackage rec {
10 pname = "certifi";
11 version = "2023.07.22";
12
13 disabled = pythonOlder "3.6";
14
15 src = fetchFromGitHub {
16 owner = pname;
17 repo = "python-certifi";
18 rev = version;
19 hash = "sha256-V3bptJDNMGXlCMg6GHj792IrjfsG9+F/UpQKxeM0QOc=";
20 };
21
22 patches = [
23 # Add support for NIX_SSL_CERT_FILE
24 ./env.patch
25 ];
26
27 postPatch = ''
28 # Use our system-wide ca-bundle instead of the bundled one
29 rm -v "certifi/cacert.pem"
30 ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "certifi/cacert.pem"
31 '';
32
33 propagatedNativeBuildInputs = [
34 # propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE`
35 cacert
36 ];
37
38 nativeCheckInputs = [
39 pytestCheckHook
40 ];
41
42 pythonImportsCheck = [
43 "certifi"
44 ];
45
46 meta = with lib; {
47 homepage = "https://github.com/certifi/python-certifi";
48 description = "Python package for providing Mozilla's CA Bundle";
49 license = licenses.isc;
50 maintainers = with maintainers; [ koral ];
51 };
52}