Merge pull request #11514 from pradyunsg/certifi-update

Update certifi and replace complex certifi patch with a more targetted requests patch

2 files changed, 49 insertions, 28 deletions

diff --git a/tools/vendoring/patches/certifi.patch b/tools/vendoring/patches/certifi.patch
index 31554505c..4f03c62fb 100644
--- a/tools/vendoring/patches/certifi.patch
+++ b/tools/vendoring/patches/certifi.patch
@@ -1,30 +1,24 @@
 diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
-index 497d938..f34045b 100644
+index de028981b..c3e546604 100644
 --- a/src/pip/_vendor/certifi/core.py
 +++ b/src/pip/_vendor/certifi/core.py
-@@ -8,7 +8,21 @@ import os
- import types
- from typing import Union
- 
-+
-+class _PipPatchedCertificate(Exception):
-+    pass
-+
-+
- try:
-+    # Return a certificate file on disk for a standalone pip zipapp running in
-+    # an isolated build environment to use. Passing --cert to the standalone
-+    # pip does not work since requests calls where() unconditionally on import.
-+    _PIP_STANDALONE_CERT = os.environ.get("_PIP_STANDALONE_CERT")
-+    if _PIP_STANDALONE_CERT:
-+        def where():
-+            return _PIP_STANDALONE_CERT
-+        raise _PipPatchedCertificate()
-+
-     from importlib.resources import path as get_path, read_text
- 
-     _CACERT_CTX = None
-@@ -33,11 +47,13 @@ try:
+@@ -33,13 +33,13 @@ def where() -> str:
+             # We also have to hold onto the actual context manager, because
+             # it will do the cleanup whenever it gets garbage collected, so
+             # we will also store that at the global level as well.
+-            _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem"))
++            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
+             _CACERT_PATH = str(_CACERT_CTX.__enter__())
+ 
+         return _CACERT_PATH
+ 
+     def contents() -> str:
+-        return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")
++        return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
+ 
+ elif sys.version_info >= (3, 7):
+ 
+@@ -68,13 +68,13 @@ def where() -> str:
              # We also have to hold onto the actual context manager, because
              # it will do the cleanup whenever it gets garbage collected, so
              # we will also store that at the global level as well.
@@ -34,8 +28,15 @@ index 497d938..f34045b 100644
  
          return _CACERT_PATH
  
-+except _PipPatchedCertificate:
-+    pass
+     def contents() -> str:
+-        return read_text("certifi", "cacert.pem", encoding="ascii")
++        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+ 
+ else:
+     import os
+@@ -105,4 +105,4 @@ def where() -> str:
+         return os.path.join(f, "cacert.pem")
  
- except ImportError:
-     Package = Union[types.ModuleType, str]
+     def contents() -> str:
+-        return read_text("certifi", "cacert.pem", encoding="ascii")
++        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
diff --git a/tools/vendoring/patches/requests.patch b/tools/vendoring/patches/requests.patch
index f9c722dfe..596b729c0 100644
--- a/tools/vendoring/patches/requests.patch
+++ b/tools/vendoring/patches/requests.patch
@@ -123,3 +123,23 @@ index 8fbcd656..c5e9c19e 100644
  
  try:
      import chardet
+diff --git a/src/pip/_vendor/requests/certs.py b/src/pip/_vendor/requests/certs.py
+index 2743144b9..38696a1fb 100644
+--- a/src/pip/_vendor/requests/certs.py
++++ b/src/pip/_vendor/requests/certs.py
+@@ -11,7 +11,14 @@
+ environment, you can change the definition of where() to return a separately
+ packaged CA bundle.
+ """
+-from certifi import where
++
++import os
++
++if "_PIP_STANDALONE_CERT" not in os.environ:
++    from certifi import where
++else:
++    def where():
++        return os.environ["_PIP_STANDALONE_CERT"]
+
+ if __name__ == "__main__":
+     print(where())