tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom

Merge pull request #225294 from gador/kodiPackages.certifi_add_cacert_support

kodiPackages.certifi: add support for system-wide cacert

authored by

Martin Weinelt and committed by
GitHub 789bb04f 4b4e4c3e

+102 -1
+16 -1
pkgs/applications/video/kodi/addons/certifi/default.nix
··· 1 - { lib, buildKodiAddon, fetchzip, addonUpdateScript }: 1 + { lib, buildKodiAddon, fetchzip, addonUpdateScript, cacert }: 2 2 buildKodiAddon rec { 3 3 pname = "certifi"; 4 4 namespace = "script.module.certifi"; ··· 8 8 url = "https://mirrors.kodi.tv/addons/nexus/${namespace}/${namespace}-${version}.zip"; 9 9 sha256 = "sha256-kIPGEjmnHlgVb11W2RKBlrMy3/+kUOcQZiLCcnHCcno="; 10 10 }; 11 + 12 + patches = [ 13 + # Add support for NIX_SSL_CERT_FILE 14 + ./env.patch 15 + ]; 16 + 17 + postPatch = '' 18 + # Use our system-wide ca-bundle instead of the bundled one 19 + ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "lib/certifi/cacert.pem" 20 + ''; 21 + 22 + propagatedNativeBuildInputs = [ 23 + # propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE` 24 + cacert 25 + ]; 11 26 12 27 passthru = { 13 28 pythonPath = "lib";
+86
pkgs/applications/video/kodi/addons/certifi/env.patch
··· 1 + diff --git a/lib/certifi/core.py b/lib/certifi/core.py 2 + index de02898..c033d20 100644 3 + --- a/lib/certifi/core.py 4 + +++ b/lib/certifi/core.py 5 + @@ -4,15 +4,25 @@ certifi.py 6 + 7 + This module returns the installation location of cacert.pem or its contents. 8 + """ 9 + +import os 10 + import sys 11 + 12 + 13 + +def get_cacert_path_from_environ(): 14 + + path = os.environ.get("NIX_SSL_CERT_FILE", None) 15 + + 16 + + if path == "/no-cert-file.crt": 17 + + return None 18 + + 19 + + return path 20 + + 21 + + 22 + if sys.version_info >= (3, 11): 23 + 24 + from importlib.resources import as_file, files 25 + 26 + _CACERT_CTX = None 27 + - _CACERT_PATH = None 28 + + _CACERT_PATH = get_cacert_path_from_environ() 29 + 30 + def where() -> str: 31 + # This is slightly terrible, but we want to delay extracting the file 32 + @@ -39,14 +49,16 @@ if sys.version_info >= (3, 11): 33 + return _CACERT_PATH 34 + 35 + def contents() -> str: 36 + - return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii") 37 + + if _CACERT_PATH is not None: 38 + + return open(_CACERT_PATH, encoding="utf-8").read() 39 + + return files("certifi").joinpath("cacert.pem").read_text(encoding="utf-8") 40 + 41 + elif sys.version_info >= (3, 7): 42 + 43 + from importlib.resources import path as get_path, read_text 44 + 45 + _CACERT_CTX = None 46 + - _CACERT_PATH = None 47 + + _CACERT_PATH = get_cacert_path_from_environ() 48 + 49 + def where() -> str: 50 + # This is slightly terrible, but we want to delay extracting the 51 + @@ -74,7 +86,9 @@ elif sys.version_info >= (3, 7): 52 + return _CACERT_PATH 53 + 54 + def contents() -> str: 55 + - return read_text("certifi", "cacert.pem", encoding="ascii") 56 + + if _CACERT_PATH is not None: 57 + + return open(_CACERT_PATH, encoding="utf-8").read() 58 + + return read_text("certifi", "cacert.pem", encoding="utf-8") 59 + 60 + else: 61 + import os 62 + @@ -84,6 +98,8 @@ else: 63 + Package = Union[types.ModuleType, str] 64 + Resource = Union[str, "os.PathLike"] 65 + 66 + + _CACERT_PATH = get_cacert_path_from_environ() 67 + + 68 + # This fallback will work for Python versions prior to 3.7 that lack the 69 + # importlib.resources module but relies on the existing `where` function 70 + # so won't address issues with environments like PyOxidizer that don't set 71 + @@ -102,7 +118,14 @@ else: 72 + def where() -> str: 73 + f = os.path.dirname(__file__) 74 + 75 + + if _CACERT_PATH is not None: 76 + + return _CACERT_PATH 77 + + 78 + return os.path.join(f, "cacert.pem") 79 + 80 + def contents() -> str: 81 + - return read_text("certifi", "cacert.pem", encoding="ascii") 82 + + if _CACERT_PATH is not None: 83 + + with open(_CACERT_PATH, encoding="utf-8") as data: 84 + + return data.read() 85 + + 86 + + return read_text("certifi", "cacert.pem", encoding="utf-8")