Add support for system truststore

python-poetry · Oct 28, 2024 · 92a8ca0 · 92a8ca0
1 parent 856e5f4
commit 92a8ca0
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 1 deletion.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -53,6 +53,7 @@ tomli = { version = "^2.0.1", python = "<3.11" }
 tomlkit = ">=0.11.4,<1.0.0"
 # trove-classifiers uses calver, so version is unclamped
 trove-classifiers = ">=2022.5.19"
+truststore = { version = ">=0.10.0,<1.0.0", python = ">=3.10" }
 virtualenv = "^20.26.6"
 xattr = { version = "^1.0.0", markers = "sys_platform == 'darwin'" }
 

diff --git a/src/poetry/config/config.py b/src/poetry/config/config.py
@@ -135,6 +135,7 @@ class Config:
         "keyring": {
             "enabled": True,
         },
+        "system-truststore": True,
     }
 
     def __init__(self, use_environment: bool = True) -> None:
@@ -301,6 +302,7 @@ def _get_normalizer(name: str) -> Callable[[str], Any]:
             "solver.lazy-wheel",
             "system-git-client",
             "keyring.enabled",
+            "system-truststore",
         }:
             return boolean_normalizer
 

diff --git a/src/poetry/console/application.py b/src/poetry/console/application.py
@@ -172,6 +172,8 @@ def _run(self, io: IO) -> int:
 
         self._load_plugins(io)
 
+        self._load_system_truststore()
+
         exit_code: int = super()._run(io)
         return exit_code
 
@@ -342,6 +344,15 @@ def _load_plugins(self, io: IO | None = None) -> None:
 
         self._plugins_loaded = True
 
+    @staticmethod
+    def _load_system_truststore() -> None:
+        from poetry.utils.ssl_truststore import is_truststore_enabled
+
+        if is_truststore_enabled():
+            import truststore
+
+            truststore.inject_into_ssl()
+
     @property
     def _default_definition(self) -> Definition:
         from cleo.io.inputs.option import Option

diff --git a/src/poetry/utils/ssl_truststore.py b/src/poetry/utils/ssl_truststore.py
@@ -0,0 +1,32 @@
+from __future__ import annotations
+
+import logging
+import sys
+
+from poetry.config.config import Config
+
+
+logger = logging.getLogger(__name__)
+
+
+def _is_truststore_available() -> bool:
+    if sys.version_info < (3, 10):
+        logger.debug("Disabling truststore because Python version isn't 3.10+")
+        return False
+
+    try:
+        import ssl  # noqa: F401
+    except ImportError:
+        logger.warning("Disabling truststore since ssl support is missing")
+        return False
+
+    try:
+        import truststore  # noqa: F401
+    except ImportError:
+        logger.warning("Disabling truststore because `truststore` package is missing`")
+        return False
+    return True
+
+
+def is_truststore_enabled() -> bool:
+    return Config.create().get("system-truststore") and _is_truststore_available()