Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass CA and client TLS certificates to build subprocesses #13063

Merged
merged 2 commits into from
Dec 14, 2024

Conversation

ichard26
Copy link
Member

@ichard26 ichard26 commented Nov 3, 2024

The _PIP_STANDALONE_CERT environment variable hack is no longer required as pip doesn't run a zip archive of itself to provision build dependencies these days (which due to a CPython bug would leave behind temporary certifi files).

Fixes #5502.

The _PIP_STANDALONE_CERT environment variable hack is no longer required
as pip doesn't run a zip archive of itself to provision build
dependencies these days (which due to a CPython bug would leave behind
temporary certifi files).
@ichard26 ichard26 changed the title Pass HTTPS and client TLS certificates to build subprocesses Pass CA and client TLS certificates to build subprocesses Nov 3, 2024
@ichard26 ichard26 added this to the 25.0 milestone Nov 3, 2024
@ichard26
Copy link
Member Author

ichard26 commented Nov 3, 2024

Thanks for the fast reviews folks!

@ichard26
Copy link
Member Author

ichard26 commented Dec 7, 2024

@jle-pass @AtomBaf given you seem interested in this bugfix, are you interested in testing out this change? It'd be helpful in ensuring that A) it works, and B) it doesn't break in whatever weird enterprise TLS setups that exist in the wild. You can install pip from this branch using pip install https://github.com/ichard26/pip/archive/pass-certs-down.zip.

Thanks!

@ichard26
Copy link
Member Author

ichard26 commented Dec 14, 2024

So apparently people depend on this private environment variable. Given we prefixed it with an underscore, I don't have any problems with breaking such individuals (especially since truststore is enabled by default) but heads up that we may get some bug reports on this.

@ichard26 ichard26 enabled auto-merge (squash) December 14, 2024 21:21
@ichard26
Copy link
Member Author

It's been one week (and one work week) since my call to action for community testing. Given the lack of any response, I am merging this as-is (with a minor tweak to the news entry to call out the envvar removal).

@ichard26 ichard26 merged commit 34fc0e2 into pypa:main Dec 14, 2024
31 checks passed
@ichard26 ichard26 deleted the pass-certs-down branch December 14, 2024 22:27
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 6, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

PEP 518 build dependency installs don't respect --cert command line option
3 participants