search

bazelbuild / bazel

a fast, scalable, multi-language and extensible build system
https://bazel.build
Apache License 2.0
22.99k stars 4.03k forks source link

[bazel.build] unable to find valid certification path behind proxy #16915

Open saw235 opened 1 year ago

saw235 commented 1 year ago

I am seeing issue with bazel build whenever I am running behind company's VPN even with http_proxy and https_proxy being set. It is unclear to me what is happening here as https://github.com/bazelbuild/bazel/issues/5741#issuecomment-418071387 the workaround here doesn't work as well.

Unsetting the http_proxy and https_proxy, and getting out of VPN helps but will be unable to run CICD properly. 

ERROR: An error occurred during the fetch of repository 'org_pcre_ftp':
   Traceback (most recent call last):
        File "/home/vscode/.cache/bazel/_bazel_vscode/d384688eb617fe7d4be16f77150b3156/external/bazel_tools/tools/build_defs/repo/http.bzl", line 125, column 45, in _http_archive_impl
                download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://ftp.exim.org/pub/pcre/pcre-8.44.tar.gz] to /home/vscode/.cache/bazel/_bazel_vscode/d384688eb617fe7d4be16f77150b3156/external/org_pcre_ftp/temp3322144077550984114/pcre-8.44.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested tar
meteorcloudy commented 1 year ago

@saw235 Is it possible to provide a minimal reproduce case?

sgowroji commented 1 year ago

Hello @saw235, Could you please provide minimal reproduce information for the above issue. Thanks!

gd197 commented 1 year ago

same error for me as well behind a proxy with authentication: http_proxy and https_proxy env is correctly set. [user@host devel]$ git clone https://github.com/bazelbuild/examples Cloning into 'examples'... remote: Enumerating objects: 1995, done. remote: Counting objects: 100% (600/600), done. remote: Compressing objects: 100% (402/402), done. remote: Total 1995 (delta 226), reused 452 (delta 155), pack-reused 1395 Receiving objects: 100% (1995/1995), 541.50 KiB | 3.26 MiB/s, done. Resolving deltas: 100% (770/770), done. [user@host stage1]$ ../../../bazel build //main:hello-world Starting local Bazel server and connecting to it... INFO: Repository rules_cc instantiated at: /DEFAULT.WORKSPACE.SUFFIX:414:6: in /home/user/.cache/bazel/_bazel_user/9616e4f6502a4aa8d1189950f7bf200e/external/bazel_tools/tools/build_defs/repo/utils.bzl:233:18: in maybe Repository rule http_archive defined at: /home/user/.cache/bazel/_bazel_user/9616e4f6502a4aa8d1189950f7bf200e/external/bazel_tools/tools/build_defs/repo/http.bzl:372:31: in WARNING: Download from https://github.com/bazelbuild/rules_cc/releases/download/0.0.2/rules_cc-0.0.2.tar.gz failed: class javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ERROR: An error occurred during the fetch of repository 'rules_cc':

to be noticed that the proxy require a self-signed certificate which is added in the system and as well in the java keystore. using RHEL8 and cacerts updated with the update-ca-trust command at your disposal if you need additional information

gd197 commented 1 year ago

In addition, configuring WORKSPACE with (note the http protocol, not https): load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "rules_cc", urls = ["http://github.com/bazelbuild/rules_cc/releases/download/0.0.2/rules_cc-0.0.2.tar.gz"], sha256 = "58bff40957ace85c2de21ebfc72e53ed3a0d33af8cc20abd0ceec55c63be7de2", ) lead to the same error certificate path error tested with bazel 7.0.0-pre.20230215.2

SKRahulSK commented 1 year ago

I am having the same issue with rules_cc. I am running bazel build on Windows with jdk11. Even after disabling the VPN, setting http_proxy and https_proxy, I am seeing the same error

Any update on the workaround?

rpoenaru commented 1 year ago

I get the same issue when I'm trying to build the glog project. It complains while trying to fetch "https://github.com/bazelbuild/rules_cc/releases/download/0.0.2/rules_cc-0.0.2.tar.gz". Any updates ?

personball commented 4 months ago

When I build mediapipe behind http_proxy, http_archive in WORKSPACE works well, but http_file in third_party/external_files.bzl failed, are they different impl?

Finally, I Fix this by set powershell env ( on windows) :

 $env:HTTPS_PROXY="http://****"
 $env:HTTP_PROXY="http://****"

By doc of bazel, I was think it will use the proxy settings in msys2 .bash_profile. It also use powershell env proxy settings..