https://pantsbuild.org/ logo
#general
Title
# general
h

hundreds-raincoat-83920

12/15/2021, 12:57 AM
I need to run a script to trust some additional ca certs before tests/running binaries will work. Is there a recommended way to do that? Currently I’m building a few conda envs (so I have working Pythons of the correct version), putting these on my path and running the script against their envs roots, which seems to cause those certificates to get brought into the test-time environment. Does that make sense, first as a question and second as an approach?
w

witty-crayon-22786

12/15/2021, 12:59 AM
where “env” here is a virtualenv?
Pants creates private virtualenvs to run tests or build binaries in
so to affect what it does, you’ll need to use pants’ settings
h

hundreds-raincoat-83920

12/15/2021, 1:06 AM
ah cool, I’ll try that out - thanks 🙂
Hmm, it seems like this isn’t quite what I need - the python packages I’m installing bundle their own CA certs and don’t always give me a way to override, so what I’d like to do is add some additional certs to those bundles’ cacert.pems. That’s what the script does. Setting ca_certs_path doesn’t seem to affect the bundled certs, but does mean I have to put all certs I want to trust in there.
solved, thanks for the help - I realized I wasn’t forwarding an environment variable where I set the cert. This let to a different library than expected complaining about the certificate, but all is ok now.
👍 3
5 Views