I am getting SSL errors when trying to use pants i...
# generalg
gentle-flower-25372
08/27/2024, 4:07 PMI am getting SSL errors when trying to use pants in redhat's ubi image. I verified ca-certificates is installed and I even tried setting
PANTS_CA_CERTS_PATH=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt Copy code
[root@5f98fadda99d monorepo]# pants test
Failed to determine release URL for Pants: 2.21.0: pants.2.21.0-cp39-linux_aarch64.pex: URL check failed: <https://github.com/pantsbuild/pants/releases/download/release_2.21.0/pants.2.21.0-cp39-linux_aarch64.pex>: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>
If this is unexpected (you are using a known good Pants version), try upgrading scie-pants first.
It may also be that the platform linux_aarch64 isn't supported for this version of Pants, or some other intermittent network/service issue.
To get help, please visit: <https://www.pantsbuild.org/community/getting-help>
Error: Failed to establish atomic directory /root/.cache/nce/f4a11f9bb68736c1c58003a35df7d459dab771227cb6777ec70921f83e0cb95d/locks/configure-09f4e5d0669495f41545c9cc8ae3be1606f524d5879c81cc605f230c000ec330. Population of work directory failed: Boot binding command failed: exit status: 1h
happy-kitchen-89482
08/27/2024, 8:37 PMGah! This is the kind of thing that will be hard to debug without a repro. What is a minimal way to reproduce this?
g
gentle-flower-25372
08/27/2024, 8:41 PM Copy code
$ docker run --rm -it registry.access.redhat.com/ubi8/ubi:8.10-1054 bash
$$ export PATH="$HOME/.local/bin:$PATH"
$$ curl --proto '=https' --tlsv1.2 -fsSL <https://static.pantsbuild.org/setup/get-pants.sh> | bash
$$ mkdir new
$$ cd new
$$ dnf install git -y
$$ git init .
$$ pants initgentle-flower-25372
08/27/2024, 8:41 PMrepro^^
h
happy-kitchen-89482
08/28/2024, 12:50 AMThanks - can you open an issue for this at https://github.com/pantsbuild/pants/issues ?
happy-kitchen-89482
08/28/2024, 12:51 AMI can reproduce it, but I want to preserve all this for posterity
g
gentle-flower-25372
08/28/2024, 1:11 AMyep, you got it.
gentle-flower-25372
08/28/2024, 1:11 AMshould this go in scie or pants repo?
h
happy-kitchen-89482
08/28/2024, 1:18 AMAh, you’re right, it’s https://github.com/pantsbuild/scie-pants/issues/
happy-kitchen-89482
08/28/2024, 1:18 AMI believe the underlying issue is https://github.com/indygreg/PyOxidizer/issues/283
happy-kitchen-89482
08/28/2024, 1:19 AMActually, there is already an issue that I suspect is the same one: https://github.com/pantsbuild/scie-pants/issues/403
happy-kitchen-89482
08/28/2024, 1:19 AMCan you verify and add your case there if so?
happy-kitchen-89482
08/28/2024, 3:49 AMSetting
SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crtg
gentle-flower-25372
08/28/2024, 3:33 PM@happy-kitchen-89482 thanks for the workaround! I was trying to use pants settings and didn't know what to set.