Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SSL root certificates missing on GHA/macOS/Python 3.11
See original GitHub issueHi there,
first things first: Thanks a stack for conceiving and maintaining this excellent GHA recipe. It always worked flawlessly for us, but we just ran into a little issue we wanted to share with you. Thank you already for looking into it.
With kind regards, Andreas.
Description:
We started observing a problem, which is apparently caused by a missing root certificate bundle on GHA/macos-latest, when adding Python 3.11 (3.11-dev) to the test matrix. It still works on any other operating system or Python version. @andyfaff also observed probably the same issue when trying to build wheels for cp311-macosx_x86_64 on GHA, and reported it at https://github.com/pypa/cibuildwheel/issues/1277 the other day. /cc @joerick, @henryiii, @mayeut
Specifically, it looks like the install_certificates.command provisioning program did not get invoked or failed within the installation process. Based on suggestions from others, we have been able to work around the problem by vendoring the program into the repository and running it before anything else, see https://github.com/crate/crate-python/commit/243820d1.
Might https://github.com/actions/python-versions/pull/184 be related?
References
- https://github.com/pypa/cibuildwheel/issues/1277
- https://github.com/Unbabel/COMET/issues/29#issuecomment-945601519
- https://github.com/hellysmile/fake-useragent/issues/131
- https://github.com/matteyeux/autodecrypt/issues/2
- https://stackoverflow.com/a/44649450
- https://developer.shotgridsoftware.com/e9d994eb/
Action version:
actions/setup-python@v4
Platform:
- Ubuntu
- macOS
- Windows
Runner type:
- Hosted
- Self-hosted
Tools version:
- Python 3.11
Repro steps:
https://github.com/crate/crate-python/pull/450 (already includes a workaround to install the root certificates manually)
Expected behavior:
When downloading resources from https:// URLs using the urllib.request module, Python should not croak.
Actual behavior: Python croaks like:
Error: Error downloading extends for URL https://cdn.crate.io/downloads/releases/cratedb/x64_mac/crate-5.0.1.tar.gz:
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)>
Error: Process completed with exit code 1.
– https://github.com/crate/crate-python/actions/runs/3152435065/jobs/5127728530#step:4:240
Issue Analytics
- State:
- Created a year ago
- Reactions:4
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi again,
we can confirm the test run of https://github.com/crate/crate-python/pull/450 just succeeded ^1 without errors after reverting the temporary workaround. Thanks a stack for the super-quick fix, @mayeut. 💯
With kind regards, Andreas.
Can also confirm it works here in a non-cibuildwheel context: https://github.com/scikit-hep/uproot5/pull/743 😃