pip-system-certs dependency

[jacobfelknor]

This is going to be a highly system dependent issue, so please bear with me....

Is there a specific reason for including the pip-system-certs dependency in this project?

I've traced an issue creating my virtual environment to this dependency in some of my environments where the system certificate store could very well be insufficient to rely on. I do have a custom pypi source defined in my Pipfile whose certificate was issued by Let's Encrypt. My project is using pipenv, and if I do a dirty hack and remove the pip-system-certs entry from Pipfile.lock, everything appears to work.

I know this will highly depend on the system you run it on, but in my opinion that is part of the problem.

Here is a minimal Pipfile example where I could reproduce the issue

[[source]]
# internal pypi server whose cert was issued by Let's Encrypt
url = "https://pypi.example.com/simple/" 
verify_ssl = true
name = "internal-pypi"

[packages]
inventree = "*"

[dev-packages]
black = "*"
bump2version = "*"
flake8 = "*"

And I could reproduce with

1. pipenv lock --dev
2. pipenv sync --dev
3. Observe failure
4. Preform dirty hack and remove the pip-system-certs entry from Pipfile.lock
5. pipenv sync --dev
6. Observer successful environment creation

[matmair]

pip-system-certs is needed for deployment in bigger windows-server environments with their own PKI

[jacobfelknor]

Fair enough.... I'll continue looking for a workaround on my end. I may suggest added this as an optional extra rather than making it required, but ultimately that is up to you

[jacobfelknor]

I ran into this again today, this time when trying to do an editable install of my project which depends on this project, inventree-python within a python:3.11-alpine3.18 container

# pip install -e my-custom-project/
Obtaining file:///my-custom-project
  Installing build dependencies ... done
  Checking if build backend supports build_editable ... error
  error: subprocess-exited-with-error

  × Checking if build backend supports build_editable did not run successfully.
  │ exit code: 1
  ╰─> [37 lines of output]
      pip_system_certs: ERROR: truststore not available
....
....
....

Key line there is pip_system_certs: ERROR: truststore not available which triggers the exception

[jacobfelknor]

To clarify, this works on the first attempt to install, because pip-system-certs is not yet installed. On subsequent attempts, however, it fails. I work around by manually uninstalling pip-system-certs before rerunning my editable installs.

Will you consider making this an optional dependency? Something like pip install inventree[system-certs]? I'm happy to author a PR

[SchrodingersGat]

@jacobfelknor if you can provide a PR for this, as well as clear documentation on how users who need it can install it, I'd be happy with that

[jacobfelknor]

Sounds good. I'll draft something up tomorrow.

[jacobfelknor]

@SchrodingersGat, just opened #278