Add py3-certifi

packages.txt

@@ -102,6 +102,7 @@ py3-docutils
 py3-pygments
 py3-magic
 py3-babel
+py3-certifi
 libedit
 tiff
 pcre2

py3-certifi.yaml

@@ -0,0 +1,44 @@
+package:
+  name: py3-certifi
+  version: 2023.5.7
+  epoch: 0
+  description: "Python3 package for providing Mozilla's CA Bundle"
+  copyright:
+    - license: MPL-2.0
+  dependencies:
+    runtime:
+      - python3
+      - ca-certificates-bundle
+
+environment:
+  contents:
+    packages:
+      - wolfi-base
+      - busybox
+      - ca-certificates-bundle
+      - build-base
+      - python3
+      - py3-setuptools
+
+pipeline:
+  - uses: fetch
+    with:
+      uri: https://files.pythonhosted.org/packages/source/c/certifi/certifi-${{package.version}}.tar.gz
+      expected-sha256: 0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7
+
+  - uses: patch
+    with:
+      patches: use-alpine-system-certs.patch
+
+  - runs: |
+      python3 setup.py build
+
+  - runs: |
+      python3 setup.py install --prefix=/usr --root="${{targets.destdir}}"
+
+  - uses: strip
+
+update:
+  enabled: true
+  release-monitor:
+    identifier: 7995

py3-certifi/use-alpine-system-certs.patch

@@ -0,0 +1,68 @@
+# originated from https://git.alpinelinux.org/aports/tree/main/py3-certifi/use-alpine-system-certs.patch
+
+NEVER EVER REMOVE THIS PATCH
+REBASE IT ON TOP OF THE VERSION YOU'RE UPGRADING
+
+This makes py3-certifi use the system certificates provided by Alpine Linux
+instead of the ones provided with py3-certifi instead, this allows us to add
+this package as a dependency for other packages without worries.
+
+This is based on the patch used by Debian
+
+diff --git a/certifi/core.py b/certifi/core.py
+index de02898..9c0235f 100644
+--- a/certifi/core.py
++++ b/certifi/core.py
+@@ -6,13 +6,13 @@ This module returns the installation location of cacert.pem or its contents.
+ """
+ import sys
+
++ALPINE_CA_CERTS_PATH = '/etc/ssl/certs/ca-certificates.crt'
+
+ if sys.version_info >= (3, 11):
+
+     from importlib.resources import as_file, files
+
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
++    _CACERT_PATH = ALPINE_CA_CERTS_PATH
+
+     def where() -> str:
+         # This is slightly terrible, but we want to delay extracting the file
+@@ -45,8 +45,7 @@ elif sys.version_info >= (3, 7):
+
+     from importlib.resources import path as get_path, read_text
+
+-    _CACERT_CTX = None
+-    _CACERT_PATH = None
++    _CACERT_PATH = ALPINE_CA_CERTS_PATH
+
+     def where() -> str:
+         # This is slightly terrible, but we want to delay extracting the
+@@ -71,10 +70,11 @@ elif sys.version_info >= (3, 7):
+             _CACERT_CTX = get_path("certifi", "cacert.pem")
+             _CACERT_PATH = str(_CACERT_CTX.__enter__())
+
+-        return _CACERT_PATH
++        return ALPINE_CA_CERTS_PATH
+
+     def contents() -> str:
+-        return read_text("certifi", "cacert.pem", encoding="ascii")
++        with open(where(), "r", encoding="ascii") as data:
++            return data.read()
+
+ else:
+     import os
+@@ -100,9 +100,7 @@ else:
+     # If we don't have importlib.resources, then we will just do the old logic
+     # of assuming we're on the filesystem and munge the path directly.
+     def where() -> str:
+-        f = os.path.dirname(__file__)
+-
+-        return os.path.join(f, "cacert.pem")
+-
++        return ALPINE_CA_CERTS_PATH
+     def contents() -> str:
+-        return read_text("certifi", "cacert.pem", encoding="ascii")
++        with open(where(), "r", encoding="ascii") as data:
++            return data.read()