@marcverhagen brought this up when we met yesterday, so I did some investigation.
The problem is that when you build some CLAMS app image, you get some kind of TLS/SSL certificate errors that prevent the image from being built.
After some digging into this rabbit hole, I found that when you run clamsproject/clams-python-based images on Apple silicon, the CA certificates comes with the debian image (basis for clams-python) does not verify your connection to pypi.org or other websites.
(I don't know if the the certificate issue Marc has encountered in the past is the same kind of issue, though.)
Reproduction steps
Run this script;
if type -fP docker 2>/dev/null; then
export dk=docker
else
export dk=podman
fi
printf "\n\n=== %s (%s %s @ %s): %s\n" "$(hostname)" "$(uname -s)" "$(uname -m)" "$(uname -r)" "$($dk --version)"
for i in python:3.8-slim-buster ghcr.io/clamsproject/clams-python:0.5.3 docker.io/clamsproject/clams-python:0.5.2 ; do
$dk rmi $i ; $dk run --rm $i pip install dateutils
done
It will try to install a simple pypi package using three different images, and only one of them (python:3.8-slim-buster) is built for x64 AND arm64. Hence, if you run the script on x64/x86 machines, it'll be okay. But on arm-based machines (such as Apple silicon), the second and third images are either unavailable to pull or failing to run pip install because of SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] ...) errors.
Description
@marcverhagen brought this up when we met yesterday, so I did some investigation.
The problem is that when you build some CLAMS app image, you get some kind of TLS/SSL certificate errors that prevent the image from being built.
After some digging into this rabbit hole, I found that when you run
clamsproject/clams-python
-based images on Apple silicon, the CA certificates comes with the debian image (basis forclams-python
) does not verify your connection to pypi.org or other websites.(I don't know if the the certificate issue Marc has encountered in the past is the same kind of issue, though.)
Reproduction steps
Run this script;
It will try to install a simple pypi package using three different images, and only one of them (
python:3.8-slim-buster
) is built for x64 AND arm64. Hence, if you run the script on x64/x86 machines, it'll be okay. But on arm-based machines (such as Apple silicon), the second and third images are either unavailable to pull or failing to runpip install
because ofSSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] ...)
errors.Expected behavior
No response
Screenshots
Browsers
No response
OS
No response
Additional context
No response