hundreds-father-404
09/26/2022, 9:20 PMremote_ca_certs_path
a distinct option from ca_certs_path
?hundreds-father-404
09/26/2022, 9:20 PMhundreds-father-404
09/26/2022, 9:23 PMwitty-crayon-22786
09/26/2022, 9:25 PMhundreds-father-404
09/26/2022, 9:25 PMremote_ca_certs_path
4 years ago, and then @happy-kitchen-89482 added ca_certs_path
as a separate option: https://github.com/pantsbuild/pants/pull/10757witty-crayon-22786
09/26/2022, 9:28 PMhundreds-father-404
09/26/2022, 9:30 PMDownloadFile
, which currently always happens on local host, regardless of RE and Docker
Those should not support environment targets. It would be convenient, e.g. macOS vs Linux paths may differ, but I don't think we can due to chicken and egg. So, if users need to override, they do so the old way via env vars, cli args, or pants.rc
But for subprocesses, like Pex and Twine, we can support an environment-aware option that env targets can safely overridehundreds-father-404
09/26/2022, 9:31 PMca_certs_path_engine (or download_files)
ca_certs_path_remote
ca_certs_path_subprocesses
Chris pointed out maybe we can combine those first two optionsaverage-vr-56795
09/26/2022, 9:47 PMaverage-vr-56795
09/26/2022, 9:48 PMhundreds-father-404
09/26/2022, 9:50 PMand we should ferry around those certs to any execution environment we end up using?Oh that's an interesting point. Thank you. Can you think of why it would be useful for the certs used to connect to the RE server to be different than what we use for
DownloadFile
and subprocesses?
cc @curved-television-6568, do you remember why you added [twine].ca_certs_path
rather than always using [GLOBAL].ca_certs_path
?average-vr-56795
09/26/2022, 10:13 PMCan you think of why it would be useful for the certs used to connect to the RE server to be different than what we use forI don't have any good reason, curious if anyone else doe 🙂and subprocesses?DownloadFile
hundreds-father-404
09/26/2022, 10:56 PMcurved-television-6568
09/27/2022, 12:05 AMcc @curved-television-6568, do you remember why you addedAccording to https://github.com/pantsbuild/pants/pull/13593 my reasoning was that you’d likely don’t need to use the twine option which defaults to the global one, but I added it in case the two cert bundles would differ. Maybe overkill/premature feature..?rather than always using[twine].ca_certs_path
? (edited)[GLOBAL].ca_certs_path
hundreds-father-404
09/27/2022, 4:26 PMcurved-television-6568
09/27/2022, 4:28 PM