a19cd4ffb1
This reverts commit65a333600d. This wasn't tested for correctness with something like fodwatch [0], and should not have been (self-)merged so quickly, especially without further review. It also resulted in the breakage of at least one package [1] (and that's the one we know of and was caught). A few packages that were updated in between this commit and this revert were not reverted back to using `rev`, but other than that, this is a 1:1 revert. [0]: https://codeberg.org/raphaelr/fodwatch [1]: https://github.com/NixOS/nixpkgs/pull/396904 /758551e458
54 lines
1.1 KiB
Nix
54 lines
1.1 KiB
Nix
{
|
|
lib,
|
|
buildPythonPackage,
|
|
cacert,
|
|
pythonOlder,
|
|
fetchFromGitHub,
|
|
setuptools,
|
|
pytestCheckHook,
|
|
}:
|
|
|
|
buildPythonPackage rec {
|
|
pname = "certifi";
|
|
version = "2025.01.31";
|
|
pyproject = true;
|
|
|
|
disabled = pythonOlder "3.6";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = pname;
|
|
repo = "python-certifi";
|
|
rev = version;
|
|
hash = "sha256-LHoFI9+vrrrRzyhWNchQYp4AAiFcQwZHdeNzMjTJ8jk=";
|
|
};
|
|
|
|
patches = [
|
|
# Add support for NIX_SSL_CERT_FILE
|
|
./env.patch
|
|
];
|
|
|
|
postPatch = ''
|
|
# Use our system-wide ca-bundle instead of the bundled one
|
|
rm -v "certifi/cacert.pem"
|
|
ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "certifi/cacert.pem"
|
|
'';
|
|
|
|
nativeBuildInputs = [ setuptools ];
|
|
|
|
propagatedNativeBuildInputs = [
|
|
# propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE`
|
|
cacert
|
|
];
|
|
|
|
nativeCheckInputs = [ pytestCheckHook ];
|
|
|
|
pythonImportsCheck = [ "certifi" ];
|
|
|
|
meta = with lib; {
|
|
homepage = "https://github.com/certifi/python-certifi";
|
|
description = "Python package for providing Mozilla's CA Bundle";
|
|
license = licenses.isc;
|
|
maintainers = with maintainers; [ koral ];
|
|
};
|
|
}
|