pyrox.dev
1{
2 lib,
3 buildPythonPackage,
4 cacert,
5 pythonOlder,
6 fetchFromGitHub,
7 setuptools,
8 pytestCheckHook,
9}:
10
11buildPythonPackage rec {
12 pname = "certifi";
13 version = "2025.07.14";
14 pyproject = true;
15
16 disabled = pythonOlder "3.7";
17
18 src = fetchFromGitHub {
19 owner = "certifi";
20 repo = "python-certifi";
21 rev = version;
22 hash = "sha256-TSqBca42i7i59ERTrnPN0fLdLWToYMCq5cfFFsgZm5U=";
23 };
24
25 patches = [
26 # Add support for NIX_SSL_CERT_FILE
27 ./env.patch
28 ];
29
30 postPatch = ''
31 # Use our system-wide ca-bundle instead of the bundled one
32 rm -v "certifi/cacert.pem"
33 ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "certifi/cacert.pem"
34 '';
35
36 nativeBuildInputs = [ setuptools ];
37
38 propagatedNativeBuildInputs = [
39 # propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE`
40 cacert
41 ];
42
43 nativeCheckInputs = [ pytestCheckHook ];
44
45 pythonImportsCheck = [ "certifi" ];
46
47 meta = with lib; {
48 homepage = "https://github.com/certifi/python-certifi";
49 description = "Python package for providing Mozilla's CA Bundle";
50 license = licenses.isc;
51 maintainers = with maintainers; [ koral ];
52 };
53}