Replace complex certifi patch with a more targetted requests patch

This should have the same final functionality, with a cleaner patch to requests instead of an exception-based complex patch to certifi.
pypa · Oct 14, 2022 · 2a0552a · 2a0552a
1 parent 8375281
commit 2a0552a
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 49 deletions.
diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
@@ -8,21 +8,7 @@
 import types
 from typing import Union
 
-
-class _PipPatchedCertificate(Exception):
-    pass
-
-
 try:
-    # Return a certificate file on disk for a standalone pip zipapp running in
-    # an isolated build environment to use. Passing --cert to the standalone
-    # pip does not work since requests calls where() unconditionally on import.
-    _PIP_STANDALONE_CERT = os.environ.get("_PIP_STANDALONE_CERT")
-    if _PIP_STANDALONE_CERT:
-        def where():
-            return _PIP_STANDALONE_CERT
-        raise _PipPatchedCertificate()
-
     from importlib.resources import path as get_path, read_text
 
     _CACERT_CTX = None
@@ -52,8 +38,6 @@ def where() -> str:
 
         return _CACERT_PATH
 
-except _PipPatchedCertificate:
-    pass
 
 except ImportError:
     Package = Union[types.ModuleType, str]
@@ -81,4 +65,4 @@ def where() -> str:
 
 
 def contents() -> str:
-    return read_text("certifi", "cacert.pem", encoding="ascii")
+    return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
diff --git a/src/pip/_vendor/requests/certs.py b/src/pip/_vendor/requests/certs.py
@@ -11,7 +11,14 @@
 environment, you can change the definition of where() to return a separately
 packaged CA bundle.
 """
-from pip._vendor.certifi import where
+
+import os
+
+if "_PIP_STANDALONE_CERT" not in os.environ:
+    from pip._vendor.certifi import where
+else:
+    def where():
+        return os.environ["_PIP_STANDALONE_CERT"]
 
 if __name__ == "__main__":
     print(where())
diff --git a/tools/vendoring/patches/certifi.patch b/tools/vendoring/patches/certifi.patch
@@ -1,41 +1,19 @@
 diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
-index 497d938..f34045b 100644
+index 497d938d0..60ad982c6 100644
 --- a/src/pip/_vendor/certifi/core.py
 +++ b/src/pip/_vendor/certifi/core.py
-@@ -8,7 +8,21 @@ import os
- import types
- from typing import Union
-
-+
-+class _PipPatchedCertificate(Exception):
-+    pass
-+
-+
- try:
-+    # Return a certificate file on disk for a standalone pip zipapp running in
-+    # an isolated build environment to use. Passing --cert to the standalone
-+    # pip does not work since requests calls where() unconditionally on import.
-+    _PIP_STANDALONE_CERT = os.environ.get("_PIP_STANDALONE_CERT")
-+    if _PIP_STANDALONE_CERT:
-+        def where():
-+            return _PIP_STANDALONE_CERT
-+        raise _PipPatchedCertificate()
-+
-     from importlib.resources import path as get_path, read_text
-
-     _CACERT_CTX = None
-@@ -33,11 +47,13 @@ try:
+@@ -33,7 +33,7 @@ def where() -> str:
              # We also have to hold onto the actual context manager, because
              # it will do the cleanup whenever it gets garbage collected, so
              # we will also store that at the global level as well.
 -            _CACERT_CTX = get_path("certifi", "cacert.pem")
 +            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
              _CACERT_PATH = str(_CACERT_CTX.__enter__())
- 
+
          return _CACERT_PATH
- 
-+except _PipPatchedCertificate:
-+    pass
-
- except ImportError:
-     Package = Union[types.ModuleType, str]
+@@ -65,4 +65,4 @@ def where() -> str:
+
+
+ def contents() -> str:
+-    return read_text("certifi", "cacert.pem", encoding="ascii")
++    return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
diff --git a/tools/vendoring/patches/requests.patch b/tools/vendoring/patches/requests.patch
@@ -123,3 +123,23 @@ index 8fbcd656..c5e9c19e 100644
 
  try:
      import chardet
+diff --git a/src/pip/_vendor/requests/certs.py b/src/pip/_vendor/requests/certs.py
+index 2743144b9..38696a1fb 100644
+--- a/src/pip/_vendor/requests/certs.py
++++ b/src/pip/_vendor/requests/certs.py
+@@ -11,7 +11,14 @@
+ environment, you can change the definition of where() to return a separately
+ packaged CA bundle.
+ """
+-from certifi import where
++
++import os
++
++if "_PIP_STANDALONE_CERT" not in os.environ:
++    from certifi import where
++else:
++    def where():
++        return os.environ["_PIP_STANDALONE_CERT"]
+
+ if __name__ == "__main__":
+     print(where())