wave Hi everyone Our development machines are having some i Pants #general

:wave: Hi everyone! Our development machines are ...

limited-apple-72608

07/06/2022, 7:14 PM

👋 Hi everyone! Our development machines are having some issues with SSL verification of endpoints when running pants. I have passed in command line args on other tools to ignore the ssl certs (again just for a local dev sandbox). Does

pants

have an equivalent workaround? I could not find anything in the docs. (machine is a relatively new macbook pro with m1 chip)

Copy code

base) ck185129@WUSCK185129-RH6 ~ % ./pants --version
Bootstrapping Pants using /Users/ck185129/miniforge3/bin/python3.9
Creating the virtualenv PEX.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/virtualenv/

✅ 2

👋 2

curved-television-6568

07/06/2022, 7:22 PM

Hmm.. for downloads post bootstrap, there is the ca_certs_path option https://www.pantsbuild.org/docs/reference-global#section-ca-certs-path Have your tried with

REQUESTS_CA_BUNDLE=/path/to/ca/bundle

happy-kitchen-89482

07/06/2022, 8:05 PM

To elaborate, your error is happening during bootstrapping, in the

pants

script, before pants itself actually runs.

happy-kitchen-89482

07/06/2022, 8:07 PM

That script is running the pex tool directly to create a pex file containing the virtualenv library and its transitive deps.

happy-kitchen-89482

07/06/2022, 8:07 PM

And it looks like that pex invocation is failing

happy-kitchen-89482

07/06/2022, 8:11 PM

Pex uses pip under the covers, and it passes REQUESTS_CA_BUNDLE through, so setting that might help, as Andreas suggests

happy-kitchen-89482

07/06/2022, 8:12 PM

And then once Pants is bootstrapped, setting ca_certs_path is how you do the same thing on Pants itself

limited-apple-72608

07/06/2022, 9:33 PM

Thanks. Will take a stab again. I had tried the BUNDLE env but maybe I need to try again. Let me do that and repost if it still occurs

limited-apple-72608

07/07/2022, 4:47 PM

That resolved our issue. Thanks...

👍 1

🎉 1

8 Views

Open in Slack

Previous Next