NEVER EVER REMOVE THIS PATCH REBASE IT ON TOP OF THE VERSION YOU'RE UPGRADING This makes py3-certifi use the system certificates provided by Alpine Linux instead of the ones provided with py3-certifi instead, this allows us to add this package as a dependency for other packages without worries. This is based on the patch used by Debian diff --git a/certifi/core.py b/certifi/core.py index de02898..9c0235f 100644 --- a/certifi/core.py +++ b/certifi/core.py @@ -6,13 +6,13 @@ This module returns the installation location of cacert.pem or its contents. """ import sys +ALPINE_CA_CERTS_PATH = '/etc/ssl/certs/ca-certificates.crt' if sys.version_info >= (3, 11): from importlib.resources import as_file, files - _CACERT_CTX = None - _CACERT_PATH = None + _CACERT_PATH = ALPINE_CA_CERTS_PATH def where() -> str: # This is slightly terrible, but we want to delay extracting the file @@ -45,8 +45,7 @@ elif sys.version_info >= (3, 7): from importlib.resources import path as get_path, read_text - _CACERT_CTX = None - _CACERT_PATH = None + _CACERT_PATH = ALPINE_CA_CERTS_PATH def where() -> str: # This is slightly terrible, but we want to delay extracting the @@ -71,10 +70,11 @@ elif sys.version_info >= (3, 7): _CACERT_CTX = get_path("certifi", "cacert.pem") _CACERT_PATH = str(_CACERT_CTX.__enter__()) - return _CACERT_PATH + return ALPINE_CA_CERTS_PATH def contents() -> str: - return read_text("certifi", "cacert.pem", encoding="ascii") + with open(where(), "r", encoding="ascii") as data: + return data.read() else: import os @@ -100,9 +100,7 @@ else: # If we don't have importlib.resources, then we will just do the old logic # of assuming we're on the filesystem and munge the path directly. def where() -> str: - f = os.path.dirname(__file__) - - return os.path.join(f, "cacert.pem") - + return ALPINE_CA_CERTS_PATH def contents() -> str: - return read_text("certifi", "cacert.pem", encoding="ascii") + with open(where(), "r", encoding="ascii") as data: + return data.read()