[MERGE][0.15] Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH

John Arbash Meinel john at arbash-meinel.com
Mon Feb 26 21:03:03 GMT 2007 

Alexander Belchenko wrote:
> John Arbash Meinel ?8H5B:
>> Alexander Belchenko wrote:
>>> John Arbash Meinel ?8H5B:
>>>> John Arbash Meinel has voted +1 (conditional).
>>>> Status is now: Conditionally approved
>>>> Comment:
>>>> I don't think it should search in cwd, since that is where people are
>>>> writing code. It can be in the dir of 'bzr' or in the dir of 'bzrlib',
>>>> but shouldn't ever look in '.'
>>>> Otherwise, +1.
>> Remember the issues we've had when bzr accidentally imports code from
>> the current working directory because of bugs in python's default path.
> 
>> This is a similar issue. Your current working directory should not
>> affect your ability to connect to https hosts.
> 
> New version. I make some check to exclude empty string from $PATH list.
> Unfortunately, I cannot write test to ensure bzr cannot look in cwd,
> because os.path.realpath('bzr') == os.path.join(os.getcwd(),'bzr')
> 

Well we do have TestCase.get_bzr_path() which does its best to find the
real 'bzr' that is being used to run the test suite.

...

+    # NOTES:
+    #   bialix: Windows directories usually listed in PATH env variable
+    #   j-a-meinel: bzr should not look in current working dir
+
+    path = os.environ.get('CURL_CA_BUNDLE')
+    if not path and sys.platform == 'win32':
+        dirs = [os.path.realpath(os.path.dirname(sys.argv[0]))]     #
app dir
+        paths = os.environ.get('PATH')
+        if paths:

A comment here about why you are doing this might be good. Or maybe even
doing:

# don't include the cwd in the search
[p for p in paths.split(os.pathsep)
 if p not in ('', '.')]


+            paths = [i for i in paths.split(os.pathsep) if i]
+            dirs.extend(paths)
+        for d in dirs:
+            fname = os.path.join(d, "curl-ca-bundle.crt")
+            if os.path.isfile(fname):
+                path = fname
+                break

Otherwise, +1 from me.

Does this mean you will be bundling a ca cert file for the bzr 0.15
installer?

John
=:->

More information about the bazaar mailing list