Hi,
Alexis Simon <[email protected]> writes: > Thanks a lot ! You're right that adding nss-certs and curl to the > environment solves the `pip install` error. > > However I'm completely lost why it works manually inside > `guix shell -L . -C -D mypackage` > > but not when I build the package > `guix build -L . mypackage` > > wherever I put those dependencies in the copy-build-system, > native-inputs or inputs, nss-certs and curl do not seem to be available > in the install phase. Having checked the docs I don't think they should > be missing in the install phase. > I am not sure I follow. Are you trying to pip install inside of a phase during a build of a package? If so: The build environment is isolated, it doesn't have internet access. That is mainly because of reproducibility, you cannot expect files on urls to not change. That is why fixed output derivations are a thing - when obtaining something from the internet, you specify a hash of it as well and then Guix can be sure the thing you downloaded is the same thing you downloaded a week ago. In guix channel, python dependencies are packaged with all dependencies being a package as well. You can use `guix import` for importing a package along with its dependencies. Though it might not work in 100 % of cases. There would be other ways to achieve packaging python without packaging all dependencies, but I am afraid no one made them for Guix. For example you could make a fixed output derivation with pip install, but it could be quite hard to get all cases right and packages would be incompatible if python library versions start mismatching. A fixed output derivation will get ca certificates available inside of its environment. Or am I misunderstanding? Rutherther For the case you're actually not trying to access the internet, but only use pip to use something you already do have available... The thing is that the build environment does not really work like a shell profile. The ca-certificates.crt is not part of nss-certs package. It is built as a profile hook when profile is being built, it's called `ca-certificate-bundle`, you can find it in (guix profiles). nss-certs just provides the inputs for building this ca-certificates bundle. For getting ca-certificates.crt inside of a build, you could include a profile as a dependency... `(profile (content (packages->manifest (list nss-certs))))`, then, you should get the ca-certificates.crt file and I think curl should provide you the search paths that turn into env vars. But I think it will be easier to create a dummy crt file in case you aren't actually trying to access ssl, I don't think using this shell approach makes sense inside of a package. Maybe even empty ca-certificates.crt could work?
