From 6de96ee8a5e7517a99fe56330b0d1be502641412 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Fri, 15 Dec 2017 17:26:44 -0500
Subject: [PATCH] Fix the custom cert install process to install to the new
 certifi location, in addition to the old location

Also updates our requirements around requests
---
 conf/init/certs_install.sh | 3 +++
 requirements.txt           | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/conf/init/certs_install.sh b/conf/init/certs_install.sh
index 0db7a5c4d..34f0d4ac3 100755
--- a/conf/init/certs_install.sh
+++ b/conf/init/certs_install.sh
@@ -17,6 +17,7 @@ if [ -d $QUAYCONF/stack/extra_ca_certs ]; then
       echo "Installing extra certificates found in $QUAYCONF/stack/extra_ca_certs directory"
       cp $QUAYCONF/stack/extra_ca_certs/* /usr/local/share/ca-certificates/
       cat $QUAYCONF/stack/extra_ca_certs/* >> venv/lib/python2.7/site-packages/requests/cacert.pem
+      cat $QUAYCONF/stack/extra_ca_certs/* >> venv/lib/python2.7/site-packages/certifi/cacert.pem
   fi
 fi
 
@@ -25,6 +26,7 @@ if [ -f $QUAYCONF/stack/extra_ca_certs ]; then
   echo "Installing extra certificates found in $QUAYCONF/stack/extra_ca_certs file"
   csplit -z -f /usr/local/share/ca-certificates/extra-ca- $QUAYCONF/stack/extra_ca_certs  '/-----BEGIN CERTIFICATE-----/' '{*}'
   cat $QUAYCONF/stack/extra_ca_certs >> venv/lib/python2.7/site-packages/requests/cacert.pem
+  cat $QUAYCONF/stack/extra_ca_certs >> venv/lib/python2.7/site-packages/certifi/cacert.pem
 fi
 
 # Add extra trusted certificates (prefixed)
@@ -33,6 +35,7 @@ do
  echo "Installing extra cert $f"
  cp "$f" /usr/local/share/ca-certificates/
  cat "$f" >> venv/lib/python2.7/site-packages/requests/cacert.pem
+ cat "$f" >> venv/lib/python2.7/site-packages/certifi/cacert.pem
 done
 
 # Update all CA certificates.
diff --git a/requirements.txt b/requirements.txt
index 62e159747..588ada58e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,7 +25,7 @@ blinker==1.4
 boto==2.46.1
 boto3==1.4.7
 cachetools==1.1.6
-certifi==2017.4.17
+certifi==2017.11.5
 cffi==1.10.0
 click==6.7
 contextlib2==0.5.4
@@ -117,7 +117,7 @@ redis==2.10.5
 redlock==1.2.0
 reportlab==2.7
 requests-oauthlib==0.8.0
-requests[security]==2.13.0
+requests[security]==2.18.4
 rfc3986==0.4.1
 semantic-version==2.6.0
 six==1.10.0