From 91c4775552b93791fa5d7aa86c08f592bffa438747a397619178a2d00491ca3c Mon Sep 17 00:00:00 2001 From: Denisart Benjamin Date: Thu, 25 Jul 2013 12:57:44 +0000 Subject: [PATCH] Accepting request 184317 from home:vuntz:branches:devel:languages:python - Add no-default-cacert.patch: completely ignore the internal CA bundle and point to /etc/ssl/certs/. This works because we patched python to do the right thing when a directory is used there instead of a file. - Manually remove requests/cacert.pem (better than doing that in the patch, since it's big) too. OBS-URL: https://build.opensuse.org/request/show/184317 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=38 --- no-default-cacert.patch | 53 +++++++++++++++++++++++++++++++++++++++++ python-requests.changes | 10 ++++++++ python-requests.spec | 4 ++++ 3 files changed, 67 insertions(+) create mode 100644 no-default-cacert.patch diff --git a/no-default-cacert.patch b/no-default-cacert.patch new file mode 100644 index 0000000..df5168c --- /dev/null +++ b/no-default-cacert.patch @@ -0,0 +1,53 @@ +Index: requests-1.2.3/requests/adapters.py +=================================================================== +--- requests-1.2.3.orig/requests/adapters.py ++++ requests-1.2.3/requests/adapters.py +@@ -129,9 +129,6 @@ class HTTPAdapter(BaseAdapter): + if not cert_loc: + cert_loc = DEFAULT_CA_BUNDLE_PATH + +- if not cert_loc: +- raise Exception("Could not find a suitable SSL CA certificate bundle.") +- + conn.cert_reqs = 'CERT_REQUIRED' + conn.ca_certs = cert_loc + else: +Index: requests-1.2.3/requests/certs.py +=================================================================== +--- requests-1.2.3.orig/requests/certs.py ++++ requests-1.2.3/requests/certs.py +@@ -18,7 +18,7 @@ import os.path + def where(): + """Return the preferred certificate bundle.""" + # vendored bundle inside Requests +- return os.path.join(os.path.dirname(__file__), 'cacert.pem') ++ return '/etc/ssl/certs/' + + if __name__ == '__main__': + print(where()) +Index: requests-1.2.3/MANIFEST.in +=================================================================== +--- requests-1.2.3.orig/MANIFEST.in ++++ requests-1.2.3/MANIFEST.in +@@ -1 +1 @@ +-include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt requests/cacert.pem ++include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt +Index: requests-1.2.3/requests.egg-info/SOURCES.txt +=================================================================== +--- requests-1.2.3.orig/requests.egg-info/SOURCES.txt ++++ requests-1.2.3/requests.egg-info/SOURCES.txt +@@ -10,7 +10,6 @@ requests/__init__.py + requests/adapters.py + requests/api.py + requests/auth.py +-requests/cacert.pem + requests/certs.py + requests/compat.py + requests/cookies.py +@@ -79,4 +78,4 @@ requests/packages/urllib3/contrib/pyopen + requests/packages/urllib3/packages/__init__.py + requests/packages/urllib3/packages/ordered_dict.py + requests/packages/urllib3/packages/six.py +-requests/packages/urllib3/packages/ssl_match_hostname/__init__.py +\ No newline at end of file ++requests/packages/urllib3/packages/ssl_match_hostname/__init__.py diff --git a/python-requests.changes b/python-requests.changes index 9348bf8..c7af38b 100644 --- a/python-requests.changes +++ b/python-requests.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Jul 25 11:40:02 UTC 2013 - vuntz@suse.com + +- Add no-default-cacert.patch: completely ignore the internal CA + bundle and point to /etc/ssl/certs/. This works because we + patched python to do the right thing when a directory is used + there instead of a file. +- Manually remove requests/cacert.pem (better than doing that in + the patch, since it's big) too. + ------------------------------------------------------------------- Mon May 27 10:36:36 UTC 2013 - dmueller@suse.com diff --git a/python-requests.spec b/python-requests.spec index 60ed283..a52272c 100644 --- a/python-requests.spec +++ b/python-requests.spec @@ -25,6 +25,8 @@ License: Apache-2.0 and LGPL-2.1+ and MIT Group: Development/Languages/Python #TODO/FIXME: Maybe split out charade and urllib3 into sub-packages to simplify: Source: http://pypi.python.org/packages/source/r/requests/requests-%{version}.tar.gz +# PATCH-FIX-OPENSUSE no-default-cacert.patch -- completely ignore the internal CA bundle +Patch0: no-default-cacert.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: python BuildRequires: python-devel @@ -64,6 +66,8 @@ Features: %setup -q -n requests-%{version} # For rpmlint warning: remove shebang from python library: sed -i '/^#!/d' ./requests/certs.py +%patch0 -p1 +rm ./requests/cacert.pem %build python setup.py build