From fbccac28dc4a86b1f1b1ea08f4f569c15e828914 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Wed, 14 May 2025 13:07:30 -0400
Subject: [PATCH] Inject truststore earlier

---
 .../jumpstarter_cli_common/oidc.py                     |  9 ---------
 packages/jumpstarter-cli/jumpstarter_cli/__init__.py   | 10 ++++++++++
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/packages/jumpstarter-cli-common/jumpstarter_cli_common/oidc.py b/packages/jumpstarter-cli-common/jumpstarter_cli_common/oidc.py
index cb74b4abb..382b98ec9 100644
--- a/packages/jumpstarter-cli-common/jumpstarter_cli_common/oidc.py
+++ b/packages/jumpstarter-cli-common/jumpstarter_cli_common/oidc.py
@@ -1,12 +1,10 @@
 import json
-import os
 from dataclasses import dataclass
 from functools import wraps
 from typing import ClassVar
 
 import aiohttp
 import click
-import truststore
 from aiohttp import web
 from anyio import create_memory_object_stream
 from anyio.to_thread import run_sync
@@ -14,13 +12,6 @@
 from joserfc.jws import extract_compact
 from yarl import URL
 
-# if we are running in MacOS avoid injecting system certificates to avoid
-# https://github.com/jumpstarter-dev/jumpstarter/issues/362
-# also allow to force the system certificates injection with
-# JUMPSTARTER_FORCE_SYSTEM_CERTS=1
-if os.uname().sysname != "Darwin" or os.environ.get("JUMPSTARTER_FORCE_SYSTEM_CERTS") == "1":
-    truststore.inject_into_ssl()
-
 
 def opt_oidc(f):
     @click.option("--issuer", help="OIDC issuer")
diff --git a/packages/jumpstarter-cli/jumpstarter_cli/__init__.py b/packages/jumpstarter-cli/jumpstarter_cli/__init__.py
index e69de29bb..7f20e4937 100644
--- a/packages/jumpstarter-cli/jumpstarter_cli/__init__.py
+++ b/packages/jumpstarter-cli/jumpstarter_cli/__init__.py
@@ -0,0 +1,10 @@
+import os
+
+import truststore
+
+# if we are running in MacOS avoid injecting system certificates to avoid
+# https://github.com/jumpstarter-dev/jumpstarter/issues/362
+# also allow to force the system certificates injection with
+# JUMPSTARTER_FORCE_SYSTEM_CERTS=1
+if os.uname().sysname != "Darwin" or os.environ.get("JUMPSTARTER_FORCE_SYSTEM_CERTS") == "1":
+    truststore.inject_into_ssl()