From: sgn <sgn@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [ISSUE] [CLOSED] python3-httplib2 does not have working TLS support because it installs a symlink to /etc/ssl/cert.pem
Date: Thu, 14 Jul 2022 16:52:43 +0200 [thread overview]
Message-ID: <20220714145243.-N9TPTTk2s2cyUqDfRsUWPcwauU22Cl9bRDAcX5Si0M@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-38065@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 2358 bytes --]
Closed issue by oldlaptop on void-packages repository
https://github.com/void-linux/void-packages/issues/38065
Description:
### Is this a new report?
Yes
### System Info
Void 5.15.45_1 x86_64 GenuineIntel uptodate rFFF
### Package(s) Affected
python3-httplib2-0.18.1_3, python3-raven-6.10.0_5
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
N/A
### Expected behaviour
Apparently, no package provides /etc/ssl/cert.pem (as opposed to /etc/ssl/certs.pem) anymore, so presumably nothing should be installing symlinks to it.
### Actual behaviour
python3-httplib2 no longer works with TLS because it can't find the certificates:
```
$ python3
Python 3.10.5 (main, Jun 8 2022, 02:00:39) [GCC 10.2.1 20201203] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from httplib2 import Http
>>> h = Http()
>>> h.request('https://example.com')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/httplib2/__init__.py", line 1820, in request
conn = self.connections[conn_key] = connection_type(
File "/usr/lib/python3.10/site-packages/httplib2/__init__.py", line 1270, in __init__
context = _build_ssl_context(
File "/usr/lib/python3.10/site-packages/httplib2/__init__.py", line 214, in _build_ssl_context
context.load_verify_locations(ca_certs)
FileNotFoundError: [Errno 2] No such file or directory
>>>
```
This appears to be because it's using this symlink as its cert file:
```
$ ls -l /usr/lib/python3.10/site-packages/httplib2/cacerts.txt
lrwxrwxrwx 1 root root 17 Oct 9 2021 /usr/lib/python3.10/site-packages/httplib2/cacerts.txt -> /etc/ssl/cert.pem
```
Creating a (hard|soft) link from cert.pem to certs.pem solves the problem.
Furthermore, it appears one other package installs such a symlink:
```
$ xlocate /etc/ssl/cert.pem
python3-httplib2-0.18.1_3 /usr/lib/python3.10/site-packages/httplib2/cacerts.txt -> /etc/ssl/cert.pem
python3-raven-6.10.0_5 /usr/lib/python3.10/site-packages/raven/data/cacert.pem -> /etc/ssl/cert.pem
```
### Steps to reproduce
Install python3-httplib2 and copy the above interactive python session; alternatively, install python3-httplib2 and observe that it installs a symlink to /etc/ssl/cert.pem.
prev parent reply other threads:[~2022-07-14 14:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 14:23 [ISSUE] " oldlaptop
2022-07-14 14:52 ` sgn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220714145243.-N9TPTTk2s2cyUqDfRsUWPcwauU22Cl9bRDAcX5Si0M@z \
--to=sgn@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).