From c8279d33273156eceb00518a714d23450d6bb76f Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 4 Nov 2024 10:13:01 -0600 Subject: Define REQUESTS_CA_BUNDLE envvar for python-requests Define the `REQUESTS_CA_BUNDLE` for all applications that make use of python's requests library. The library needs to know the location of valid CA certificates in order to work as expected. Expose the CA certificates bundles by adding them to the applications' environments using the mappings objects. --- genenetwork/services/genenetwork.scm | 50 ++++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 8 deletions(-) (limited to 'genenetwork') diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index 6905686..b4c0806 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -305,6 +305,7 @@ object." (gn2-profile (profile (content (package->development-manifest genenetwork2)) (allow-collisions? #t))) + (gn2-ca-bundle (file-append gn2-profile "/etc/ssl/certs/ca-certificates.crt")) (gn2-conf (computed-file "gn2.conf" (configuration-file-gexp `(("GN2_SECRETS" ,(string-append gn2-secrets "/gn2-secrets.py")) @@ -319,6 +320,10 @@ object." ("PLINK_COMMAND" ,(file-append gn2-profile "/bin/plink2")) ("SQL_URI" ,sql-uri) ("AI_SEARCH_ENABLED" "True"))))) + (gn3-profile (profile + (content (package->development-manifest genenetwork3)) + (allow-collisions? #t))) + (gn3-ca-bundle (file-append gn3-profile "/etc/ssl/certs/ca-certificates.crt")) (gn3-conf (computed-file "gn3.conf" (configuration-file-gexp `(("AUTH_DB" ,auth-db) @@ -330,6 +335,10 @@ object." ("GENOTYPE_FILES" ,genotype-files) ("REAPER_COMMAND" ,(file-append gn2-profile "/bin/qtlreaper")) ("LLM_DB_PATH" ,llm-db-path))))) + (gn-auth-profile (profile + (content (package->development-manifest gn-auth)) + (allow-collisions? #t))) + (gn-auth-ca-bundle (file-append gn-auth-profile "/etc/ssl/certs/ca-certificates.crt")) (gn-auth-conf (computed-file "gn-auth.conf" (configuration-file-gexp `(("GN_AUTH_SECRETS" ,(string-append gn-auth-secrets "/gn-auth-secrets.py")) @@ -357,7 +366,10 @@ object." (value gn2-conf)) (environment-variable (name "HOME") - (value "/tmp")))) + (value "/tmp")) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn2-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source genotype-files) @@ -378,7 +390,10 @@ object." (file-system-mapping (source gn2-secrets) (target source) - (writable? #t)))) + (writable? #t)) + (file-system-mapping + (source gn2-ca-bundle) + (target source)))) (extra-cli-arguments (list "--log-level" (string-upcase (symbol->string log-level))))) @@ -405,7 +420,10 @@ object." (value gn3-secrets)) (environment-variable (name "HOME") - (value "/tmp")))) + (value "/tmp")) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn3-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source gn3-conf) @@ -432,7 +450,10 @@ object." (file-system-mapping (source llm-db-path) (target source) - (writable? #t)))) + (writable? #t)) + (file-system-mapping + (source gn3-ca-bundle) + (target source)))) (extra-cli-arguments (list "--log-level" (string-upcase (symbol->string log-level))))) @@ -452,7 +473,10 @@ object." (value "/tmp")) (environment-variable (name "AUTHLIB_INSECURE_TRANSPORT") - (value "true")))) + (value "true")) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn-auth-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source gn-auth-conf) @@ -464,7 +488,10 @@ object." (file-system-mapping (source gn-auth-secrets) (target source) - (writable? #t))))))))) + (writable? #t)) + (file-system-mapping + (source gn-auth-ca-bundle) + (target source))))))))) (define (genenetwork-nginx-server-blocks config) "Return a list of @code{} records specifying @@ -570,7 +597,8 @@ a @code{} record." ("GN2_SERVER_URL" ,gn2-server-url))))) (gn-uploader-profile (profile (content (package->development-manifest gn-uploader)) - (allow-collisions? #t)))) + (allow-collisions? #t))) + (gn-uploader-ca-bundle (file-append gn-uploader-profile "/etc/ssl/certs/ca-certificates.crt"))) (list (gunicorn-app (name "gn-uploader") (package gn-uploader) @@ -587,7 +615,10 @@ a @code{} record." (value "/tmp")) (environment-variable (name "GN_UPLOADER_ENVIRONMENT") - (value gn-uploader-profile)))) + (value gn-uploader-profile)) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn-uploader-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source gn-uploader-conf) @@ -601,6 +632,9 @@ a @code{} record." (writable? #t)) (file-system-mapping (source gn-uploader-profile) + (target source)) + (file-system-mapping + (source gn-uploader-ca-bundle) (target source)))) (extra-cli-arguments (list "--log-level" -- cgit v1.2.3