strong-refrigerator-32393
08/26/2022, 8:19 AM./pants package build-recipees/amazon_cancelations/Dockerfile
03:14:35.54 [INFO] Initializing scheduler...
03:14:35.71 [INFO] Scheduler initialized.
03:14:35.75 [WARN] Please either set `enabled = true` in the [anonymous-telemetry] section of pants.toml to enable sending anonymous stats to the Pants project to aid development, or set `enabled = false` to disable it. No telemetry sent for this run. An explicit setting will get rid of this message. See <https://www.pantsbuild.org/v2.12/docs/anonymous-telemetry> for details.
03:14:43.55 [INFO] Completed: Building dockerfile_parser.pex from dockerfile-parser_default.lock
03:14:43.55 [ERROR] 1 Exception encountered:
ProcessExecutionFailure: Process 'Building dockerfile_parser.pex from dockerfile-parser_default.lock' failed with exit code 1.
stdout:
stderr:
Traceback (most recent call last):
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/unzipped_pexes/6059500ace72ed792367231dcc84ab6e7c3b99f0/.bootstrap/pex/pex.py", line 517, in execute
exit_value = self._wrap_coverage(self._wrap_profiling, self._execute)
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/unzipped_pexes/6059500ace72ed792367231dcc84ab6e7c3b99f0/.bootstrap/pex/pex.py", line 422, in _wrap_coverage
return runner(*args)
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/unzipped_pexes/6059500ace72ed792367231dcc84ab6e7c3b99f0/.bootstrap/pex/pex.py", line 453, in _wrap_profiling
return runner(*args)
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/unzipped_pexes/6059500ace72ed792367231dcc84ab6e7c3b99f0/.bootstrap/pex/pex.py", line 576, in _execute
EntryPoint.parse("run = {}".format(self._pex_info.entry_point))
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/unzipped_pexes/6059500ace72ed792367231dcc84ab6e7c3b99f0/.bootstrap/pex/pex.py", line 757, in execute_entry
return self.execute_entry_point(entry_point)
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/unzipped_pexes/6059500ace72ed792367231dcc84ab6e7c3b99f0/.bootstrap/pex/pex.py", line 788, in execute_entry_point
return runner()
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/installed_wheels/6242b902db69f59e1092b406655c0fb1634486c47ce563f5fd27277cf4561822/pex-2.1.90-py2.py3-none-any.whl/pex/bin/pex.py", line 768, in main
env=env,
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/installed_wheels/6242b902db69f59e1092b406655c0fb1634486c47ce563f5fd27277cf4561822/pex-2.1.90-py2.py3-none-any.whl/pex/bin/pex.py", line 788, in do_main
cache=ENV.PEX_ROOT,
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/installed_wheels/6242b902db69f59e1092b406655c0fb1634486c47ce563f5fd27277cf4561822/pex-2.1.90-py2.py3-none-any.whl/pex/bin/pex.py", line 649, in build_pex
max_parallel_jobs=pip_configuration.max_jobs,
File "/Users/gleiryserrano/.cache/pants/named_caches/pex_root/installed_wheels/6242b902db69f59e1092b406655c0fb1634486c47ce563f5fd27277cf4561822/pex-2.1.90-py2.py3-none-any.whl/pex/result.py", line 84, in try_
raise ResultError(error=result)
pex.result.ResultError: There was 1 error downloading required artifacts:
1. dockerfile 3.2 from <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>
enough-analyst-54434
08/26/2022, 12:41 PMThere was 1 error downloading required artifacts:
1. dockerfile 3.2 from <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>
That is a very surprising error since PyPI is used by lots of people and its SSL certificates should ~always be able to be verified.strong-refrigerator-32393
08/26/2022, 2:12 PMenough-analyst-54434
08/26/2022, 3:07 PMcurl -s -D - -O <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
in the same place you run ./pants package build-recipees/amazon_cancelations/Dockerfile
?
I get:
$ curl -D - -s -O <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
HTTP/2 200
last-modified: Sun, 12 Sep 2021 20:14:54 GMT
etag: "ddaffd905a75838b219c0c626f9df484"
x-goog-generation: 1631477694589562
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1887934
content-type: application/octet-stream
x-goog-hash: crc32c=zMKhvA==
x-goog-hash: md5=3a/9kFp1g4shnAxib530hA==
server: UploadServer
cache-control: max-age=365000000, immutable, public
accept-ranges: bytes
date: Fri, 26 Aug 2022 15:06:10 GMT
age: 2047963
x-served-by: cache-bfi-krnt7300088-BFI, cache-sna10729-LGB
x-cache: HIT, HIT
x-cache-hits: 2, 1
x-timer: S1661526370.198481,VS0,VE5
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-robots-header: noindex
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 1887934
$ zipinfo dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl | head -5
Archive: dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl
Zip file size: 1887934 bytes, number of entries: 7
-rw-r--r-- 2.0 unx 2190 b- defN 21-Sep-12 20:11 dockerfile.abi3.h
-rw-r--r-- 2.0 unx 5710236 b- defN 21-Sep-12 20:11 dockerfile.abi3.so
-rw-r--r-- 2.0 unx 1059 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/LICENSE
strong-refrigerator-32393
08/26/2022, 5:13 PM$ curl -s -D - -O <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
HTTP/2 200
last-modified: Sun, 12 Sep 2021 20:14:54 GMT
etag: "ddaffd905a75838b219c0c626f9df484"
x-goog-generation: 1631477694589562
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1887934
content-type: application/octet-stream
x-goog-hash: crc32c=zMKhvA==
x-goog-hash: md5=3a/9kFp1g4shnAxib530hA==
server: UploadServer
cache-control: max-age=365000000, immutable, public
accept-ranges: bytes
date: Fri, 26 Aug 2022 17:08:07 GMT
age: 2055280
x-served-by: cache-bfi-krnt7300088-BFI, cache-dfw-kdfw8210062-DFW
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1661533688.513945,VS0,VE4
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-robots-header: noindex
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 1887934
$ zipinfo dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl
Archive: dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl
Zip file size: 1887934 bytes, number of entries: 7
-rw-r--r-- 2.0 unx 2190 b- defN 21-Sep-12 20:11 dockerfile.abi3.h
-rw-r--r-- 2.0 unx 5710236 b- defN 21-Sep-12 20:11 dockerfile.abi3.so
-rw-r--r-- 2.0 unx 1059 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/LICENSE
-rw-r--r-- 2.0 unx 3646 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/METADATA
-rw-r--r-- 2.0 unx 110 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/WHEEL
-rw-r--r-- 2.0 unx 11 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/top_level.txt
?rw-rw-r-- 2.0 unx 554 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/RECORD
7 files, 5717806 bytes uncompressed, 1886962 bytes compressed: 67.0%
gleiryserrano@MacBook-Pro-de-Gleiry:~$ zipinfo dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl | head -5
Archive: dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl
Zip file size: 1887934 bytes, number of entries: 7
-rw-r--r-- 2.0 unx 2190 b- defN 21-Sep-12 20:11 dockerfile.abi3.h
-rw-r--r-- 2.0 unx 5710236 b- defN 21-Sep-12 20:11 dockerfile.abi3.so
-rw-r--r-- 2.0 unx 1059 b- defN 21-Sep-12 20:11 dockerfile-3.2.0.dist-info/LICENSE
strong-refrigerator-32393
08/26/2022, 5:14 PMenough-analyst-54434
08/26/2022, 5:20 PMcurl -vvv -s -O <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
That will reveal where curl reads you cert store from and more details about the SSL handshake.strong-refrigerator-32393
08/26/2022, 5:22 PMcurl -vvv -s -O <https://files.pythonhosted.org/packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl>
* Trying 2a04:4e42:8a::319...
* TCP_NODELAY set
* Connected to <http://files.pythonhosted.org|files.pythonhosted.org> (2a04:4e42:8a::319) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [236 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2881 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.<http://pythonhosted.org|pythonhosted.org>
* start date: Dec 24 19:42:31 2021 GMT
* expire date: Jan 25 19:42:30 2023 GMT
* subjectAltName: host "<http://files.pythonhosted.org|files.pythonhosted.org>" matched cert's "*.<http://pythonhosted.org|pythonhosted.org>"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2 2021
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x13100aa00)
> GET /packages/9e/19/0f56ebd6d535832bfbe7c4f16c983c08ab8e01927fe9ae15e1afcfa88996/dockerfile-3.2.0-cp36-abi3-macosx_10_14_x86_64.whl HTTP/2
> Host: <http://files.pythonhosted.org|files.pythonhosted.org>
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< last-modified: Sun, 12 Sep 2021 20:14:54 GMT
< etag: "ddaffd905a75838b219c0c626f9df484"
< x-goog-generation: 1631477694589562
< x-goog-metageneration: 1
< x-goog-stored-content-encoding: identity
< x-goog-stored-content-length: 1887934
< content-type: application/octet-stream
< x-goog-hash: crc32c=zMKhvA==
< x-goog-hash: md5=3a/9kFp1g4shnAxib530hA==
< server: UploadServer
< cache-control: max-age=365000000, immutable, public
< accept-ranges: bytes
< date: Fri, 26 Aug 2022 17:21:25 GMT
< age: 2056077
< x-served-by: cache-bfi-krnt7300088-BFI, cache-dfw-kdfw8210038-DFW
< x-cache: HIT, HIT
< x-cache-hits: 1, 1
< x-timer: S1661534485.002076,VS0,VE4
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-frame-options: deny
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< x-robots-header: noindex
< access-control-allow-methods: GET, OPTIONS
< access-control-allow-headers: Range
< access-control-allow-origin: *
< content-length: 1887934
<
{ [1370 bytes data]
* Connection #0 to host <http://files.pythonhosted.org|files.pythonhosted.org> left intact
* Closing connection 0
enough-analyst-54434
08/26/2022, 5:27 PMPANTS_CA_CERTS_PATH=/etc/ssl/cert.pem ./pants ...
help?strong-refrigerator-32393
08/26/2022, 5:36 PMenough-analyst-54434
08/26/2022, 5:41 PM[GLOBAL]
ca_certs_path = "/etc/ssl/cert.pem"
See:
+ https://www.pantsbuild.org/docs/reference-global#section-ca-certs-path
+ https://www.pantsbuild.org/docs/restricted-internet-access#setting-up-a-certificate-authorityenough-analyst-54434
08/26/2022, 5:41 PMenough-analyst-54434
08/26/2022, 5:42 PM