[scl.org] [PATCH] Make rh-python36-python-pip use system ca cert trust (vs embedded)
James Flemer
james.flemer at ndpgroup.com
Fri Apr 17 22:30:13 UTC 2020
Hi All,
I hope this is an appropriate channel for patch submissions. Here is a
patch that mirrors the base "python3-pip" approach to use the system CA
cert trust file, rather than the one that gets embedded into pip via the
Requests/Certifi packages. This is preferable because it lets pip pickup
locally administered CA trust (e.g. certs issued by an internal CA). This
helps immensely when running a private secure pip/pypy repo!
This should be testable by comparing the output of these two commands:
scl enable rh-python36 'python -mpip._vendor.requests.certs'
python3 -mpip._vendor.requests.certs
The output if pip is using bundled certs is something like:
/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/pip/_vendor/requests/cacert.pem
versus system certs:
/etc/pki/tls/certs/ca-bundle.crt
A similar patch could probably be applied to prior SCL python (3.[345]).
But I hope by getting it in 3.6, it will walk forward for 3.7+.
The attached patch is public domain.
attached: 0001-include-patch-from-python-pip-for-system-CA-cert-tru.patch
Regards,
James Flemer
NDP
1909 26th Street, Suite 1E
Boulder, Colorado 80302
Office: 720-897-7334
Cell: 970-217-3204
james.flemer at ndpgroup.com
www.ndpgroup.com
--
Confidential, proprietary, and/or
privileged information may be contained
in, and attached to, this
message. The information transmitted is
intended only for the
individual or entity to which it is addressed. Any
review,
retransmission, dissemination or other use of, or taking of any
action
in reliance upon this information in this transmission by persons
or
entities other than the intended recipient(s) is prohibited. If you
received this transmission in error, please immediately contact the
sender
and delete the material from all computers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20200417/10f94aea/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-include-patch-from-python-pip-for-system-CA-cert-tru.patch
Type: application/x-patch
Size: 2733 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/sclorg/attachments/20200417/10f94aea/attachment.bin>
More information about the SCLorg
mailing list