Skip to content

Commit b1cde69

Browse files
SecrusSecrus
committed
Add support for system truststore
1 parent 029685c commit b1cde69

6 files changed

Lines changed: 67 additions & 3 deletions

File tree

poetry.lock

Lines changed: 15 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ dependencies = [
2424
"tomlkit (>=0.11.4,<1.0.0)",
2525
# trove-classifiers uses calver, so version is unclamped
2626
"trove-classifiers (>=2022.5.19)",
27+
"truststore (>=0.10.0,<1.0.0)",
2728
"virtualenv (>=20.26.6)",
2829
"xattr (>=1.0.0,<2.0.0) ; sys_platform == 'darwin'",
2930
"findpython (>=0.6.2,<0.8.0)",

src/poetry/config/config.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,8 @@ class Config:
179179
"keyring": {
180180
"enabled": True,
181181
},
182+
# TODO: Flip to default True on the next release after dropping Python 3.9
183+
"system-truststore": False,
182184
}
183185

184186
def __init__(self, use_environment: bool = True) -> None:
@@ -389,6 +391,7 @@ def _get_normalizer(name: str) -> Callable[[str], Any]:
389391
"solver.lazy-wheel",
390392
"system-git-client",
391393
"keyring.enabled",
394+
"system-truststore",
392395
}:
393396
return boolean_normalizer
394397

src/poetry/console/application.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,6 +250,7 @@ def _run(self, io: IO) -> int:
250250
# the options --directory or --project, configuring the options here allow cleo to trap and
251251
# display the error cleanly unless the user uses verbose or debug
252252
self._configure_global_options(io)
253+
self._load_system_truststore()
253254

254255
with directory(self._working_directory):
255256
self._load_plugins(io)
@@ -637,6 +638,15 @@ def _load_plugins(self, io: IO) -> None:
637638

638639
self._plugins_loaded = True
639640

641+
@staticmethod
642+
def _load_system_truststore() -> None:
643+
from poetry.utils.ssl_truststore import is_truststore_enabled
644+
645+
if is_truststore_enabled():
646+
import truststore
647+
648+
truststore.inject_into_ssl()
649+
640650

641651
def main() -> int:
642652
exit_code: int = Application().run()

src/poetry/utils/ssl_truststore.py

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
from __future__ import annotations
2+
3+
import logging
4+
import sys
5+
6+
from poetry.config.config import Config
7+
8+
9+
logger = logging.getLogger(__name__)
10+
11+
12+
def _is_truststore_available() -> bool:
13+
if sys.version_info < (3, 10):
14+
logger.debug("Disabling truststore because Python version isn't 3.10+")
15+
return False
16+
17+
try:
18+
import ssl # noqa: F401
19+
except ImportError:
20+
logger.warning("Disabling truststore since ssl support is missing")
21+
return False
22+
23+
try:
24+
import truststore # noqa: F401
25+
except ImportError:
26+
logger.warning("Disabling truststore because `truststore` package is missing`")
27+
return False
28+
return True
29+
30+
31+
def is_truststore_enabled() -> bool:
32+
return Config.create().get("system-truststore") and _is_truststore_available()

tests/console/commands/test_config.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ def test_list_displays_default_value_if_not_set(
7676
requests.max-retries = 0
7777
solver.lazy-wheel = true
7878
system-git-client = false
79+
system-truststore = false
7980
virtualenvs.create = true
8081
virtualenvs.in-project = null
8182
virtualenvs.options.always-copy = false
@@ -111,6 +112,7 @@ def test_list_displays_set_get_setting(
111112
requests.max-retries = 0
112113
solver.lazy-wheel = true
113114
system-git-client = false
115+
system-truststore = false
114116
virtualenvs.create = false
115117
virtualenvs.in-project = null
116118
virtualenvs.options.always-copy = false
@@ -167,6 +169,7 @@ def test_unset_setting(
167169
requests.max-retries = 0
168170
solver.lazy-wheel = true
169171
system-git-client = false
172+
system-truststore = false
170173
virtualenvs.create = true
171174
virtualenvs.in-project = null
172175
virtualenvs.options.always-copy = false
@@ -201,6 +204,7 @@ def test_unset_repo_setting(
201204
requests.max-retries = 0
202205
solver.lazy-wheel = true
203206
system-git-client = false
207+
system-truststore = false
204208
virtualenvs.create = true
205209
virtualenvs.in-project = null
206210
virtualenvs.options.always-copy = false
@@ -336,6 +340,7 @@ def test_list_displays_set_get_local_setting(
336340
requests.max-retries = 0
337341
solver.lazy-wheel = true
338342
system-git-client = false
343+
system-truststore = false
339344
virtualenvs.create = false
340345
virtualenvs.in-project = null
341346
virtualenvs.options.always-copy = false
@@ -380,6 +385,7 @@ def test_list_must_not_display_sources_from_pyproject_toml(
380385
requests.max-retries = 0
381386
solver.lazy-wheel = true
382387
system-git-client = false
388+
system-truststore = false
383389
virtualenvs.create = true
384390
virtualenvs.in-project = null
385391
virtualenvs.options.always-copy = false

0 commit comments

Comments
 (0)