Merge pull request #225294 from gador/kodiPackages.certifi_add_cacert_support

{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:

{ lib, buildKodiAddon, fetchzip, addonUpdateScript, cacert }:

buildKodiAddon rec {

  pname = "certifi";

  namespace = "script.module.certifi";

    sha256 = "sha256-kIPGEjmnHlgVb11W2RKBlrMy3/+kUOcQZiLCcnHCcno=";

  };

  patches = [

    # Add support for NIX_SSL_CERT_FILE

    ./env.patch

  ];

  postPatch = ''

    # Use our system-wide ca-bundle instead of the bundled one

    ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "lib/certifi/cacert.pem"

  '';

  propagatedNativeBuildInputs = [

    # propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE`

    cacert

  ];

  passthru = {

    pythonPath = "lib";

    updateScript = addonUpdateScript {

diff --git a/lib/certifi/core.py b/lib/certifi/core.py

index de02898..c033d20 100644

--- a/lib/certifi/core.py

+++ b/lib/certifi/core.py

@@ -4,15 +4,25 @@ certifi.py

 This module returns the installation location of cacert.pem or its contents.

 """

+import os

 import sys

+def get_cacert_path_from_environ():

+    path = os.environ.get("NIX_SSL_CERT_FILE", None)

+

+    if path == "/no-cert-file.crt":

+        return None

+

+    return path

+

+

 if sys.version_info >= (3, 11):

     from importlib.resources import as_file, files

     _CACERT_CTX = None

-    _CACERT_PATH = None

+    _CACERT_PATH = get_cacert_path_from_environ()

     def where() -> str:

         # This is slightly terrible, but we want to delay extracting the file

@@ -39,14 +49,16 @@ if sys.version_info >= (3, 11):

         return _CACERT_PATH

     def contents() -> str:

-        return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")

+        if _CACERT_PATH is not None:

+            return open(_CACERT_PATH, encoding="utf-8").read()

+        return files("certifi").joinpath("cacert.pem").read_text(encoding="utf-8")

 elif sys.version_info >= (3, 7):

     from importlib.resources import path as get_path, read_text

     _CACERT_CTX = None

-    _CACERT_PATH = None

+    _CACERT_PATH = get_cacert_path_from_environ()

     def where() -> str:

         # This is slightly terrible, but we want to delay extracting the

@@ -74,7 +86,9 @@ elif sys.version_info >= (3, 7):

         return _CACERT_PATH

     def contents() -> str:

-        return read_text("certifi", "cacert.pem", encoding="ascii")

+        if _CACERT_PATH is not None:

+            return open(_CACERT_PATH, encoding="utf-8").read()

+        return read_text("certifi", "cacert.pem", encoding="utf-8")

 else:

     import os

@@ -84,6 +98,8 @@ else:

     Package = Union[types.ModuleType, str]

     Resource = Union[str, "os.PathLike"]

+    _CACERT_PATH = get_cacert_path_from_environ()

+

     # This fallback will work for Python versions prior to 3.7 that lack the

     # importlib.resources module but relies on the existing `where` function

     # so won't address issues with environments like PyOxidizer that don't set

@@ -102,7 +118,14 @@ else:

     def where() -> str:

         f = os.path.dirname(__file__)

+        if _CACERT_PATH is not None:

+            return _CACERT_PATH

+

         return os.path.join(f, "cacert.pem")

     def contents() -> str:

-        return read_text("certifi", "cacert.pem", encoding="ascii")

+        if _CACERT_PATH is not None:

+            with open(_CACERT_PATH, encoding="utf-8") as data:

+                return data.read()

+

+        return read_text("certifi", "cacert.pem", encoding="utf-8")