https://pantsbuild.org/ logo
#general
Title
# general
c

curved-television-6568

08/27/2021, 3:36 PM
Issue with private pypi registry with self-signed SSL cert…
I have a
constraints.txt
file that poetry has generated for me, and it includes the our private index url, like so:
Copy code
$ cat constraints.txt 
--index-url <https://pypi.xxx.se/simple>

attrs==21.2.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0"
backoff==1.11.1; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0")
...
However, regardless if I use
REQUESTS_CA_BUNDLE
env var or not, it fails with:
Copy code
File "/Users/aadt/.cache/pants/setup/bootstrap-Darwin-x86_64/pants.v9lj4t/install/lib/python3.9/site-packages/pants/engine/internals/scheduler.py", line 501, in _raise_on_error
    raise ExecutionError(

Exception message: 1 Exception encountered:

  ProcessExecutionFailure: Process 'Building flake8.pex with 3 requirements: flake8>=3.9.2,<4.0, setuptools; python_version > '2.7', setuptools<45; python_full_version == '2.7.*'' failed with exit code 1.
stdout:

stderr:
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))': /simple/flake8/  [repeats x 5]
ERROR: Could not find a version that satisfies the requirement flake8<4.0,>=3.9.2
ERROR: No matching distribution found for flake8<4.0,>=3.9.2
pid 54546 -> /Users/aadt/.cache/pants/named_caches/pex_root/venvs/7862918fbb6656dd8d7eff1dd55ba13dcb07002e/24c964c00add511df98351239d3d6f06cedf58dc/pex --disable-pip-version-check --no-python-version-warning --exists-action a --isolated -q --cache-dir /Users/aadt/.cache/pants/named_caches/pex_root --log /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionPb46tL/.tmp/tmpl4higd85/pip.log download --dest /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionPb46tL/.tmp/tmplkf0ftlp/usr.local.Cellar.python@3.9.3.9.6.Frameworks.Python.framework.Versions.3.9.bin.python3.9 --constraint constraints.txt flake8>=3.9.2,<4.0 setuptools; python_version > '2.7' setuptools<45; python_full_version == '2.7.*' --index-url <https://pypi.org/simple/> --retries 5 --timeout 15 exited with 1 and STDERR:
None
Any way to specify a cert bundle to use, when resolving dependencies?
I also notice the index url at the end for the pip command there is refering to pypi.org, but in fact it attempts to talk to our private pypi registry (verified by disconnecting my VPN connection, and I then get this instead)
Copy code
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x10640d3a0>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known')': /simple/flake8/


ERROR: Could not find a version that satisfies the requirement flake8<4.0,>=3.9.2
ERROR: No matching distribution found for flake8<4.0,>=3.9.2
pid 54848 -> /Users/aadt/.cache/pants/named_caches/pex_root/venvs/7862918fbb6656dd8d7eff1dd55ba13dcb07002e/24c964c00add511df98351239d3d6f06cedf58dc/pex --disable-pip-version-check --no-python-version-warning --exists-action a --isolated -q --cache-dir /Users/aadt/.cache/pants/named_caches/pex_root --log /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionRbtBth/.tmp/tmpvj833t3p/pip.log download --dest /private/var/folders/8j/c8jf_msj009947wyw82xvdkw0000gn/T/process-executionRbtBth/.tmp/tmpbfo6p40k/usr.local.Cellar.python@3.9.3.9.6.Frameworks.Python.framework.Versions.3.9.bin.python3.9 --constraint constraints.txt flake8>=3.9.2,<4.0 setuptools; python_version > '2.7' setuptools<45; python_full_version == '2.7.*' --index-url <https://pypi.org/simple/> --retries 5 --timeout 15 exited with 1 and STDERR:
None
h

hundreds-father-404

08/27/2021, 3:49 PM
💯 1
👍 1
🎯 1
c

curved-television-6568

08/27/2021, 5:26 PM
Ah, there it was. I tried searching the docs for relevant information, but failed to find it. https://www.pantsbuild.org/docs/proxies?#setting-up-a-certificate-authority Thanks, that solved it. 😆
❤️ 1
A bit hidden, as it is not directly related to proxies in my case. However I searched for “certificate” I’m almost certain, but must have overlooked the proxies chapter, as it does show up now…
5 Views