From b5988e19c1ae7b9721c9df0b91c9bcd18e7300ae Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Thu, 23 Oct 2025 13:11:51 -0700 Subject: [PATCH] Some more cleanup --- packages/safe-chain/src/registryProxy/registryProxy.js | 5 ++++- test/e2e/pip.e2e.spec.js | 9 +++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/safe-chain/src/registryProxy/registryProxy.js b/packages/safe-chain/src/registryProxy/registryProxy.js index 2dfb1b5..ebb315b 100644 --- a/packages/safe-chain/src/registryProxy/registryProxy.js +++ b/packages/safe-chain/src/registryProxy/registryProxy.js @@ -34,7 +34,10 @@ function getSafeChainProxyEnvironmentVariables() { GLOBAL_AGENT_HTTP_PROXY: `http://localhost:${state.port}`, NODE_EXTRA_CA_CERTS: getCaCertPath(), - // Following env vars point pip and Python's requests/urllib at a CA bundle file. + // Following env vars point pip and Python's requests/urllib at a CA Cert file. + // pip checks PIP_CERT first + // If pip uses requests library internally, it needs REQUESTS_CA_BUNDLE + // Other Python packages or pip's fallback SSL code may use SSL_CERT_FILE PIP_CERT: getCaCertPath(), REQUESTS_CA_BUNDLE: getCaCertPath(), SSL_CERT_FILE: getCaCertPath(), diff --git a/test/e2e/pip.e2e.spec.js b/test/e2e/pip.e2e.spec.js index 50619ff..767c8fb 100644 --- a/test/e2e/pip.e2e.spec.js +++ b/test/e2e/pip.e2e.spec.js @@ -2,8 +2,6 @@ import { describe, it, before, beforeEach, afterEach } from "node:test"; import { DockerTestContainer } from "./DockerTestContainer.js"; import assert from "node:assert"; -// Note: These tests require Docker. If Docker isn't available locally, -// they will be skipped by the runner or fail to build the image. describe("E2E: pip coverage", () => { let container; @@ -28,7 +26,7 @@ describe("E2E: pip coverage", () => { } }); - it(`safe-chain successfully installs safe packages with pip3`, async () => { + it(`successfully installs known safe packages with pip3`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand("pip3 install requests"); @@ -38,7 +36,7 @@ describe("E2E: pip coverage", () => { ); }); - it(`pip3 download works with safe-chain proxy`, async () => { + it(`pip3 download`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand("pip3 download requests"); @@ -48,7 +46,7 @@ describe("E2E: pip coverage", () => { ); }); - it(`pip3 wheel works with safe-chain proxy`, async () => { + it(`pip3 .whl`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand("pip3 wheel requests"); @@ -62,7 +60,6 @@ describe("E2E: pip coverage", () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand("pip3 install --dry-run requests"); - // Scanner intentionally skips when --dry-run is present for install assert.ok( result.output.includes("no malicious packages found."), `Output did not include expected text. Output was:\n${result.output}`