pool/python-requests
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Use a slightly different approach for bnc#761500, try to use /etc/ssl/certs

Browse Source 
but use /etc/ssl/ca-bundle.pem as a fallback. The previous fix didn't work
  for me as (my) Python ssl module doesn't support cert directories...
- No need to check SUSE versions for python-certifi, it only is/was
  part of openSUSE:Factory for a brief period of time

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=20
This commit is contained in:
Sascha Peilicke 2012-05-23 12:16:00 +00:00 committed by Git OBS Bridge
parent d22ba905da
commit 46275a5a11
4 changed files with 66 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
python-requests.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed May 23 12:09:35 UTC 2012 - saschpe@suse.de
- Use a slightly different approach for bnc#761500, try to use /etc/ssl/certs
but use /etc/ssl/ca-bundle.pem as a fallback. The previous fix didn't work
for me as (my) Python ssl module doesn't support cert directories...
- No need to check SUSE versions for python-certifi, it only is/was
part of openSUSE:Factory for a brief period of time
------------------------------------------------------------------- -------------------------------------------------------------------
Sun May 20 17:44:57 UTC 2012 - jfunk@funktronics.ca Sun May 20 17:44:57 UTC 2012 - jfunk@funktronics.ca

13
python-requests.spec
View File

@ -16,7 +16,6 @@
# #
Name: python-requests Name: python-requests
Version: 0.12.1 Version: 0.12.1
Release: 0 Release: 0
@ -25,21 +24,17 @@ Summary: Awesome Python HTTP Library That's Actually Usable
License: ISC License: ISC
Group: Development/Languages/Python Group: Development/Languages/Python
Source: http://pypi.python.org/packages/source/r/requests/requests-%{version}.tar.gz Source: http://pypi.python.org/packages/source/r/requests/requests-%{version}.tar.gz
# PATCH-FIX-OPENSUSE requests-use_directory_cert_store.patch [bnc#761501] -- Load directory-based cert store in /etc/ssl/certs. Depends on Python patched to allow it # PATCH-FIX-UPSREAM requests-suse_cert_paths.patch [bnc#761501] -- Load directory-based cert store in /etc/ssl/certs. Depends on Python patched to allow it, fall back to /etc/ssl/ca-bundle.pem otherwise
Patch0: requests-use_directory_cert_store.patch Patch0: requests-suse_cert_paths.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: python BuildRequires: python
BuildRequires: python-chardet
BuildRequires: python-devel BuildRequires: python-devel
BuildRequires: python-distribute BuildRequires: python-distribute
BuildRequires: python-chardet
BuildRequires: python-oauthlib BuildRequires: python-oauthlib
Requires: python Requires: python
Requires: python-chardet Requires: python-chardet
Requires: python-oauthlib Requires: python-oauthlib
%if 0%{?suse_version} && 0%{?suse_version} < 1220
BuildRequires: python-certifi
Requires: python-certifi
%endif
%if 0%{?suse_version} && 0%{?suse_version} <= 1110 %if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else %else
@ -72,9 +67,7 @@ Features:
%prep %prep
%setup -q -n requests-%{version} %setup -q -n requests-%{version}
%if 0%{?suse_version} && 0%{?suse_version} >= 1220
%patch0 -p1 %patch0 -p1
%endif
%build %build
python setup.py build python setup.py build

54
requests-suse_cert_paths.patch Normal file
View File

@ -0,0 +1,54 @@
diff -ru a/requests/utils.py b/requests/utils.py
--- a/requests/utils.py 2012-05-08 06:56:28.000000000 +0200
+++ b/requests/utils.py 2012-05-23 14:06:43.728477504 +0200
@@ -14,6 +14,9 @@
import os
import random
import re
+import socket
+import ssl
+import _ssl
import zlib
from netrc import netrc, NetrcParseError
@@ -42,13 +45,26 @@
'/etc/ssl/certs/ca-certificates.crt',
# FreeBSD (provided by the ca_root_nss package):
'/usr/local/share/certs/ca-root-nss.crt',
+ # openSUSE (provided by the ca-certificates package), the 'certs' directory is the
+ # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem'
+ # as a fallback (which is generated from pem files in the 'certs' directory):
+ '/etc/ssl/certs',
+ '/etc/ssl/ca-bundle.pem',
]
def get_os_ca_bundle_path():
"""Try to pick an available CA certificate bundle provided by the OS."""
for path in POSSIBLE_CA_BUNDLE_PATHS:
if os.path.exists(path):
- return path
+ if os.path.isdir(path):
+ try:
+ # Current candidate is a directory, check if SSL module supports that
+ _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, path, None)
+ return path
+ except:
+ pass # No support, let's check the next candidate
+ else:
+ return path
return None
# if certifi is installed, use its CA bundle;
Only in b/requests: .utils.py.swp
diff -ru a/setup.py b/setup.py
--- a/setup.py 2012-05-08 06:56:28.000000000 +0200
+++ b/setup.py 2012-05-23 14:07:30.303478614 +0200
@@ -34,7 +34,7 @@
# On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can
# use the system CA bundle instead; see `requests.utils` for details.
# If your platform is supported, set `requires` to [] instead:
-requires = ['certifi>=0.0.7']
+requires = []
# chardet is used to optimally guess the encodings of pages that don't declare one.
# At this time, chardet is not a required dependency. However, it's sufficiently

45
requests-use_directory_cert_store.patch
View File

@ -1,45 +0,0 @@
Index: requests-0.12.1/requests/utils.py
===================================================================
--- requests-0.12.1.orig/requests/utils.py
+++ requests-0.12.1/requests/utils.py
@@ -14,6 +14,9 @@ import codecs
import os
import random
import re
+import socket
+import ssl
+import _ssl
import zlib
from netrc import netrc, NetrcParseError
@@ -51,9 +54,14 @@ def get_os_ca_bundle_path():
return path
return None
-# if certifi is installed, use its CA bundle;
-# otherwise, try and use the OS bundle
-DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path()
+# If SSL module can load a directory-based store, use that
+try:
+ _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, "/etc/ssl/certs", None)
+ DEFAULT_CA_BUNDLE_PATH = "/etc/ssl/certs"
+except ssl.SSLError:
+ # if certifi is installed, use its CA bundle;
+ # otherwise, try and use the OS bundle
+ DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path()
def dict_to_sequence(d):
"""Returns an internal sequence dictionary update."""
Index: requests-0.12.1/setup.py
===================================================================
--- requests-0.12.1.orig/setup.py
+++ requests-0.12.1/setup.py
@@ -34,7 +34,7 @@ packages = [
# On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can
# use the system CA bundle instead; see `requests.utils` for details.
# If your platform is supported, set `requires` to [] instead:
-requires = ['certifi>=0.0.7']
+requires = []
# chardet is used to optimally guess the encodings of pages that don't declare one.
# At this time, chardet is not a required dependency. However, it's sufficiently