Open jmelahman opened 1 month ago
I think this is fundamentally the same issue as https://github.com/psf/requests/issues/5994 which was marked as won't fix.
Happy to contribute a fix if there is a satisfactory solution. In my case, the file permissions less of the issue and more so this file is not guaranteed to be owned by the current user. Possible solutions I see include:
/tmp/cacert.pem
becomes /tmp/jamison_cacert.pem
. Not foolproof, but simple and resolves my issue./tmp/cacert.pem
with a random temporary file (similar to what certifi
would do). I'm not sure how long this file would need to live on disk, but maybe now with preloading the certs, this file can be removed after this initial load.
If it is necessary to extract the certs from a zip file, they'll be written to somewhere like
/tmp/cacert.pem
. This is problematic for subsequent users who may not have have permission to access this/tmp/cacert.pem
Seems related to https://github.com/psf/requests/pull/6667
Note, this issue was not present with version
2.31.0
Expected Result
two users should be able to extract zipped certs on the same filesystem without issue
Actual Result
Reproduction Steps
The full end-to-end steps are a bit involved. A,
__main__,py
as a standalone zip executable is enough to repro (though I haven't been able to repro with executables that unarchive themselves such as
zipapp
-- in this case, we're using something similar to google's subpar).System Information