From d8a3a2cd8c4f6aa08825f0ffbce34231ea8dcad1 Mon Sep 17 00:00:00 2001 From: nilfoer <60221153+nilfoer@users.noreply.github.com> Date: Sun, 25 Feb 2024 00:14:37 +0100 Subject: [PATCH] Fix: SSL error in bundled/frozen application Depending on the packaged libcrypto on Unix systems the cacerts default paths might differ (see: https://github.com/pyinstaller/pyinstaller/issues/7229). To get an actually portable solution we use certifi's bundled cacerts (CAs approved by Mozilla). Since that is not what users may want and the bundled cacerts might be outdated we added a config option for this, so a user can set the environment variable `SSL_CERT_FILE` themselves --- gwaripper/cli.py | 17 +++++++++++++++++ gwaripper/config.py | 1 + requirements.txt | 1 + setup.py | 5 +++-- 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/gwaripper/cli.py b/gwaripper/cli.py index 751fb2e..885e686 100755 --- a/gwaripper/cli.py +++ b/gwaripper/cli.py @@ -6,6 +6,7 @@ import logging import praw +import certifi from typing import List, Optional @@ -274,6 +275,7 @@ def main(): args = parser.parse_args() if root_dir: + setup_cacerts() # set selected ignore-banned option in config if args.ignore_banned: @@ -294,6 +296,21 @@ def main(): "\"C:\\absolute\\path\" to specify where the files will be downloaded to") +def setup_cacerts() -> None: + # depending on the packaged libcrypto on Unix systems the cacerts default + # paths might differ + # (see: https://github.com/pyinstaller/pyinstaller/issues/7229) + # to get an actually portable solution we use certifi's bundled cacerts + # (CAs approved by Mozilla) + # since that is not what users may want and the bundled cacerts might + # be outdated we added a config option for this, so a user can + # set the environment variable `SSL_CERT_FILE` themselve + import config + if config.config["Settings"].get("set_ssl_cert_file", True): + cacerts_path = certifi.where() + os.environ["SSL_CERT_FILE"] = cacerts_path + + def download_all_links(urls: List[str], args: argparse.Namespace) -> None: with GWARipper( download_duplicates=args.download_duplicates, diff --git a/gwaripper/config.py b/gwaripper/config.py index e69c6a7..d33b7e0 100755 --- a/gwaripper/config.py +++ b/gwaripper/config.py @@ -74,6 +74,7 @@ "set_missing_reddit": "True", "only_one_mirror": "False", "host_priority": "0,5,4", + "set_ssl_cert_file": "True", }, "Time": { "last_db_bu": str(time.time()), diff --git a/requirements.txt b/requirements.txt index fcbb317..bba6e2d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ praw>=7.5,<8 flask>=2.2.5,<4 music-tag>=0.4,<0.5 typing-extensions>=3.7.4 +certifi diff --git a/setup.py b/setup.py index 3a98b12..30f2f66 100755 --- a/setup.py +++ b/setup.py @@ -19,7 +19,7 @@ setuptools.setup( name="GWARipper", - version="0.7.2", + version="0.8.0", description="A script that downloads audio files from the gonewildaudio subreddit.", long_description=long_description, long_description_content_type="text/markdown", @@ -29,11 +29,12 @@ license="MIT", keywords="script reddit gonewildaudio download scraping", packages=setuptools.find_packages(exclude=['tests*']), - python_requires='>=3.6', + python_requires='>=3.8', install_requires=["pyperclip>=1.5.25,<=1.7.0", "praw>=7.5,<8", "beautifulsoup4>=4.5.3,<=4.6.3", "flask>=3,<4", "music-tag>=0.4,<0.5", + "certifi", # 3.7.2 would be enough but mypy 0.782 uses >=3.7.4 "typing-extensions>=3.7.4"],