I have a

constraints.txt

file that poetry has generated for me, and it includes the our private index url, like so:

$ cat constraints.txt 
--index-url <https://pypi.xxx.se/simple>

attrs==21.2.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0"
backoff==1.11.1; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0")
...

However, regardless if I use

REQUESTS_CA_BUNDLE

env var or not, it fails with:

File "/Users/aadt/.cache/pants/setup/bootstrap-Darwin-x86_64/pants.v9lj4t/install/lib/python3.9/site-packages/pants/engine/internals/scheduler.py", line 501, in _raise_on_error
    raise ExecutionError(

Exception message: 1 Exception encountered:

  ProcessExecutionFailure: Process 'Building flake8.pex with 3 requirements: flake8>=3.9.2,<4.0, setuptools; python_version > '2.7', setuptools<45; python_full_version == '2.7.*'' failed with exit code 1.
stdout:

stderr:
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/flake8/  [repeats x 5]
ERROR: Could not find a version that satisfies the requirement flake8<4.0,>=3.9.2
ERROR: No matching distribution found for flake8<4.0,>=3.9.2
pid 54546 -> /Users/aadt/.cache/pants/named_caches/pex_root/venvs/7862918fbb6656dd8d7eff1dd55ba13dcb07002e/24c964c00add511df98351239d3d6f06cedf58dc/pex --disable-pip-version-check --no-python-version-warning --exists-action a --isolated -q --cache-dir /Users/aadt/.cache/pants/named_caches/pex_root --log /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionPb46tL/.tmp/tmpl4higd85/pip.log download --dest /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionPb46tL/.tmp/tmplkf0ftlp/usr.local.Cellar.python@3.9.3.9.6.Frameworks.Python.framework.Versions.3.9.bin.python3.9 --constraint constraints.txt flake8>=3.9.2,<4.0 setuptools; python_version > '2.7' setuptools<45; python_full_version == '2.7.*' --index-url <https://pypi.org/simple/> --retries 5 --timeout 15 exited with 1 and STDERR:
None

Any way to specify a cert bundle to use, when resolving dependencies?

I also notice the index url at the end for the pip command there is refering to pypi.org, but in fact it attempts to talk to our private pypi registry (verified by disconnecting my VPN connection, and I then get this instead)

WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x10640d3a0>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known')': /simple/flake8/


ERROR: Could not find a version that satisfies the requirement flake8<4.0,>=3.9.2
ERROR: No matching distribution found for flake8<4.0,>=3.9.2
pid 54848 -> /Users/aadt/.cache/pants/named_caches/pex_root/venvs/7862918fbb6656dd8d7eff1dd55ba13dcb07002e/24c964c00add511df98351239d3d6f06cedf58dc/pex --disable-pip-version-check --no-python-version-warning --exists-action a --isolated -q --cache-dir /Users/aadt/.cache/pants/named_caches/pex_root --log /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionRbtBth/.tmp/tmpvj833t3p/pip.log download --dest /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionRbtBth/.tmp/tmpbfo6p40k/usr.local.Cellar.python@3.9.3.9.6.Frameworks.Python.framework.Versions.3.9.bin.python3.9 --constraint constraints.txt flake8>=3.9.2,<4.0 setuptools; python_version > '2.7' setuptools<45; python_full_version == '2.7.*' --index-url <https://pypi.org/simple/> --retries 5 --timeout 15 exited with 1 and STDERR:
None

A bit hidden, as it is not directly related to proxies in my case. However I searched for “certificate” I’m almost certain, but must have overlooked the proxies chapter, as it does show up now…