Update: I found that using nss-certs-for-test in native-inputs serves
this purpose and is sufficient to all pip install to work in the build
environment!
Thanks again
Alexis
On 12/10/2025 19:26, Alexis Simon wrote:
On 12/10/2025 18:35, Rutherther wrote:
For the case you're actually not trying to access the internet, but only
use pip to use something you already do have available... The thing is
that the build environment does not really work like a shell profile.
The ca-certificates.crt is not part of nss-certs package. It is built as
a profile hook when profile is being built, it's called
`ca-certificate-bundle`, you can find it in (guix profiles).
nss-certs just provides the inputs for building this ca-certificates
bundle.
For getting ca-certificates.crt inside of a build, you could include a
profile as a dependency... `(profile (content (packages->manifest (list
nss-certs))))`, then, you should get the ca-certificates.crt file and I
think curl should provide you the search paths that turn into env
vars. But
I think it will be easier to create a dummy crt file in case you aren't
actually trying to access ssl, I don't think using this shell approach
makes sense inside of a package.
Maybe even empty ca-certificates.crt could work?
Yes I'm actually in that case. Thanks a lot for those ideas, I'll give
it a go. I understand way better why this is failing now.
Sorry for not having been more specific. I wish I could build those
python packages as usual, but they are npm dependent ones (panel and
hvplot) and I got stuck on it.
So I resorted to using the wheels from pypi, the copy-build-system, and
a new pip-install phase. This was working nicely until recently.
Alexis
