Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix cert verify failed #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

Arnie97
Copy link

@Arnie97 Arnie97 commented Apr 26, 2022

This patch exploits the root CA certificates provided by the certifi package (if it is present in the system).

This fixs an error like the following when calling repomd on macOS or inside minimal Docker images:

<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>

<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>
@carlwgeorge
Copy link
Owner

I don't have a mac. What are the steps to reproduce this error inside a minimal container image?

@carlwgeorge
Copy link
Owner

I took a guess at the steps. This works for me, no errors.

[carl@teal:~]$ podman run -it --rm python:3.10 bash
root@ef4eea6c11c3:/# pip install repomd
Collecting repomd
  Downloading repomd-0.2.1-py3-none-any.whl (3.9 kB)
Collecting lxml
  Downloading lxml-4.8.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (7.0 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 7.0/7.0 MB 41.1 MB/s eta 0:00:00
Collecting defusedxml
  Downloading defusedxml-0.7.1-py2.py3-none-any.whl (25 kB)
Installing collected packages: lxml, defusedxml, repomd
Successfully installed defusedxml-0.7.1 lxml-4.8.0 repomd-0.2.1
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
root@ef4eea6c11c3:/# python
Python 3.10.4 (main, Apr 20 2022, 18:21:23) [GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import repomd
>>> repo = repomd.load('https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/')
>>> repo.find('htop')
<Package: "htop-3.1.2-3.el9.x86_64">

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants