I need to run a script to trust some additional ca certs before tests/running binaries will work. Is there a recommended way to do that? Currently I’m building a few conda envs (so I have working Pythons of the correct version), putting these on my path and running the script against their envs roots, which seems to cause those certificates to get brought into the test-time environment. Does that make sense, first as a question and second as an approach?
12/15/2021, 12:59 AM
where “env” here is a virtualenv?
Pants creates private virtualenvs to run tests or build binaries in
so to affect what it does, you’ll need to use pants’ settings
Hmm, it seems like this isn’t quite what I need - the python packages I’m installing bundle their own CA certs and don’t always give me a way to override, so what I’d like to do is add some additional certs to those bundles’ cacert.pems. That’s what the script does. Setting ca_certs_path doesn’t seem to affect the bundled certs, but does mean I have to put all certs I want to trust in there.
solved, thanks for the help - I realized I wasn’t forwarding an environment variable where I set the cert. This let to a different library than expected complaining about the certificate, but all is ok now.