@@ -41,6 +41,28 @@ def __init__(self, path):
4141 self .lib_dirs = get_prefixed_libs (path )
4242
4343
44+ _CERTIFI_WHERE_PATCH = """
45+ from pip._vendor import certifi
46+ certifi.where = lambda: {pem!r}
47+ """
48+
49+
50+ def _format_main_py (source : pathlib .Path ) -> bytes :
51+ """Create a patched pip/__main__.py for the standalone pip.
52+
53+ The default ``certifi.where()`` relies on the certificate bundle being a
54+ real physical file on-disk, so we monkey-patch it to return the one used
55+ by this process instead.
56+
57+ Passing ``--cert`` to the standalone pip does not work, since ``requests``
58+ calls ``where()`` unconditionally on import.
59+ """
60+ with source .open ("rb" ) as f :
61+ content = f .read ()
62+ patch = _CERTIFI_WHERE_PATCH .format (pem = where ()).encode ("utf-8" )
63+ return patch + content
64+
65+
4466@contextlib .contextmanager
4567def _create_standalone_pip () -> Iterator [str ]:
4668 """Create a zip file containing specified pip installation."""
@@ -49,8 +71,11 @@ def _create_standalone_pip() -> Iterator[str]:
4971 pip_zip = os .path .join (tmp_dir .path , "pip.zip" )
5072 with zipfile .ZipFile (pip_zip , "w" ) as zf :
5173 for child in source .rglob ("*" ):
52- arcname = child .relative_to (source .parent )
53- zf .write (child , arcname .as_posix ())
74+ arcname = child .relative_to (source .parent ).as_posix ()
75+ if arcname == "pip/__main__.py" :
76+ zf .writestr (arcname , _format_main_py (child ))
77+ else :
78+ zf .write (child , arcname )
5479 yield os .path .join (pip_zip , "pip" )
5580
5681
@@ -197,7 +222,7 @@ def _install_requirements(
197222 args = [
198223 sys .executable , standalone_pip , 'install' ,
199224 '--ignore-installed' , '--no-user' , '--prefix' , prefix .path ,
200- '--no-warn-script-location' , '--cert' , where (),
225+ '--no-warn-script-location' ,
201226 ] # type: List[str]
202227 if logger .getEffectiveLevel () <= logging .DEBUG :
203228 args .append ('-v' )
0 commit comments