I need to run a script to trust some additional ca...
# generalh
hundreds-raincoat-83920
12/15/2021, 12:57 AMI need to run a script to trust some additional ca certs before tests/running binaries will work. Is there a recommended way to do that? Currently I’m building a few conda envs (so I have working Pythons of the correct version), putting these on my path and running the script against their envs roots, which seems to cause those certificates to get brought into the test-time environment. Does that make sense, first as a question and second as an approach?
w
witty-crayon-22786
12/15/2021, 12:59 AMwhere “env” here is a virtualenv?
witty-crayon-22786
12/15/2021, 12:59 AMPants creates private virtualenvs to run tests or build binaries in
witty-crayon-22786
12/15/2021, 12:59 AMso to affect what it does, you’ll need to use pants’ settings
witty-crayon-22786
12/15/2021, 12:59 AMin this case, possibly https://www.pantsbuild.org/docs/proxies#setting-up-a-certificate-authority …?
h
hundreds-raincoat-83920
12/15/2021, 1:06 AMah cool, I’ll try that out - thanks 🙂
hundreds-raincoat-83920
12/15/2021, 1:28 AMHmm, it seems like this isn’t quite what I need - the python packages I’m installing bundle their own CA certs and don’t always give me a way to override, so what I’d like to do is add some additional certs to those bundles’ cacert.pems. That’s what the script does. Setting ca_certs_path doesn’t seem to affect the bundled certs, but does mean I have to put all certs I want to trust in there.
hundreds-raincoat-83920
12/15/2021, 2:22 AMsolved, thanks for the help - I realized I wasn’t forwarding an environment variable where I set the cert. This let to a different library than expected complaining about the certificate, but all is ok now.
👍 3
5 Views