Skip to content

Commit

Permalink
CI: Install Root CA certificates to satisfy Python 3.11 on macOS
Browse files Browse the repository at this point in the history
References:

- https://stackoverflow.com/a/44649450
- Unbabel/COMET#29 (comment)
- https://github.com/python/cpython/blob/main/Mac/BuildScript/resources/install_certificates.command

Root cause::

  Error: Error downloading extends for URL https://cdn.crate.io/downloads/releases/cratedb/x64_mac/crate-5.0.1.tar.gz:
  <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)>
  • Loading branch information
amotl committed Sep 29, 2022
1 parent d4f35bf commit 525e162
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ jobs:
- name: Invoke tests
run: |
# Install Root CA certificates
sudo ./devtools/install_certifi.py
# Bootstrap environment.
source bootstrap.sh
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ jobs:
- name: Invoke tests
run: |
# Install Root CA certificates
sudo ./devtools/install_certifi.py
# Bootstrap environment.
source bootstrap.sh
Expand Down
53 changes: 53 additions & 0 deletions devtools/install_certifi.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
#!/usr/bin/env python

# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module. Uses the certificates provided by the certifi package:
# https://pypi.python.org/pypi/certifi
#
# References:
#
# - https://stackoverflow.com/a/44649450
# - https://github.com/Unbabel/COMET/issues/29#issuecomment-945601519
# - https://github.com/python/cpython/blob/main/Mac/BuildScript/resources/install_certificates.command

import os
import os.path
import ssl
import stat
import subprocess
import sys

STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
| stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
| stat.S_IROTH | stat.S_IXOTH )


def main():
openssl_dir, openssl_cafile = os.path.split(
ssl.get_default_verify_paths().openssl_cafile)

print(" -- pip install --upgrade certifi")
subprocess.check_call([sys.executable,
"-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])

import certifi

# change working directory to the default SSL directory
os.chdir(openssl_dir)
relpath_to_certifi_cafile = os.path.relpath(certifi.where())
print(" -- removing any existing file or link")
try:
os.remove(openssl_cafile)
except FileNotFoundError:
pass
print(" -- creating symlink to certifi certificate bundle")
os.symlink(relpath_to_certifi_cafile, openssl_cafile)
print(" -- setting permissions")
os.chmod(openssl_cafile, STAT_0o775)
print(" -- update complete")


if __name__ == '__main__':
main()

0 comments on commit 525e162

Please sign in to comment.