From d691c614ac287983beab6a3611e47f8b4cb09968 Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Thu, 30 Oct 2025 20:19:16 -0700 Subject: [PATCH] Cleanup --- .../safe-chain/src/packagemanager/pip/runPipCommand.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js index 4e12282..552749a 100644 --- a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js +++ b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js @@ -2,16 +2,14 @@ import { ui } from "../../environment/userInteraction.js"; import { safeSpawn } from "../../utils/safeSpawn.js"; import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js"; import { getCombinedCaBundlePath } from "./utils/pipCaBundle.js"; -// Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots) -// so that any network request made by pip, including those outside explicit CLI args, -// validates correctly under both MITM'd and tunneled HTTPS. export async function runPip(command, args) { try { const env = mergeSafeChainProxyEnvironmentVariables(process.env); - // Always set Python CA env vars to a combined bundle that includes Safe Chain CA, - // Mozilla roots (certifi), and Node built-in root CAs. + // Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots) + // so that any network request made by pip, including those outside explicit CLI args, + // validates correctly under both MITM'd and tunneled HTTPS. const combinedCaPath = getCombinedCaBundlePath(); env.REQUESTS_CA_BUNDLE = combinedCaPath; env.SSL_CERT_FILE = combinedCaPath;