https://pantsbuild.org/ logo
#general
Title
# general
l

limited-apple-72608

07/06/2022, 7:14 PM
👋 Hi everyone! Our development machines are having some issues with SSL verification of endpoints when running pants. I have passed in command line args on other tools to ignore the ssl certs (again just for a local dev sandbox). Does
pants
have an equivalent workaround? I could not find anything in the docs. (machine is a relatively new macbook pro with m1 chip)
Copy code
base) ck185129@WUSCK185129-RH6 ~ % ./pants --version
Bootstrapping Pants using /Users/ck185129/miniforge3/bin/python3.9
Creating the virtualenv PEX.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
2
👋 2
c

curved-television-6568

07/06/2022, 7:22 PM
Hmm.. for downloads post bootstrap, there is the ca_certs_path option https://www.pantsbuild.org/docs/reference-global#section-ca-certs-path Have your tried with
REQUESTS_CA_BUNDLE=/path/to/ca/bundle
?
h

happy-kitchen-89482

07/06/2022, 8:05 PM
To elaborate, your error is happening during bootstrapping, in the
pants
script, before pants itself actually runs.
That script is running the pex tool directly to create a pex file containing the virtualenv library and its transitive deps.
And it looks like that pex invocation is failing
Pex uses pip under the covers, and it passes REQUESTS_CA_BUNDLE through, so setting that might help, as Andreas suggests
And then once Pants is bootstrapped, setting ca_certs_path is how you do the same thing on Pants itself
l

limited-apple-72608

07/06/2022, 9:33 PM
Thanks. Will take a stab again. I had tried the BUNDLE env but maybe I need to try again. Let me do that and repost if it still occurs
That resolved our issue. Thanks...
👍 1
🎉 1
8 Views