search

conda / conda-build

Commands and tools for building conda packages
https://docs.conda.io/projects/conda-build/
Other
381 stars 423 forks source link

Conda Skeleton does not respect SSL_NO_VERIFY #4350

Closed jlynchMicron closed 1 year ago

jlynchMicron commented 2 years ago

Actual Behavior

SSL_NO_VERIFY=1 conda skeleton pypi dohq-artifactory

...

Processing dependencies for dohq-artifactory==0.8.0
Searching for PyJWT
Reading https://pypi.org/simple/PyJWT/
/home/jlynch/miniconda3/envs/personal/conda-bld/skeleton_1641506110553/_h_env_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placeho/lib/python3.9/site-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning:  is an invalid version and will not be supported in a future release
  warnings.warn(
Downloading https://files.pythonhosted.org/packages/2a/4d/67cc66a0c49003dc216fc73db2d05a3b80c7193167fd113da1f2c678ac2a/PyJWT-2.3.0-py3-none-any.whl#sha256=e0c4bb8d9f0af0c7f5b1ec4c5036309617d03d56932877f2f7a0beeb5318322f
error: Download error for https://files.pythonhosted.org/packages/2a/4d/67cc66a0c49003dc216fc73db2d05a3b80c7193167fd113da1f2c678ac2a/PyJWT-2.3.0-py3-none-any.whl#sha256=e0c4bb8d9f0af0c7f5b1ec4c5036309617d03d56932877f2f7a0beeb5318322f: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

Expected Behavior

Conda should be able to download all dependenicies without running into a SSL verification error.

Steps to Reproduce

Run "SSL_NO_VERIFY=1 conda skeleton pypi dohq-artifactory" behind network with corp proxy. Could this be related to my other issue found here: https://github.com/conda/conda/issues/11006

Output of conda info
     active environment : personal
    active env location : /home/jlynch/miniconda3/envs/personal
            shell level : 2
       user config file : /home/jlynch/.condarc
 populated config files : /home/jlynch/.condarc
          conda version : 4.10.3
    conda-build version : not installed
         python version : 3.9.5.final.0
       virtual packages : __linux=3.10.0=0
                          __glibc=2.17=0
                          __unix=0=0
                          __archspec=1=x86_64
       base environment : /home/jlynch/miniconda3  (writable)
      conda av data dir : /home/jlynch/miniconda3/etc/conda
  conda av metadata url : None
           channel URLs : https://conda.anaconda.org/conda-forge/linux-64
                          https://conda.anaconda.org/conda-forge/noarch
                          https://repo.anaconda.com/pkgs/main/linux-64
                          https://repo.anaconda.com/pkgs/main/noarch
                          https://repo.anaconda.com/pkgs/r/linux-64
                          https://repo.anaconda.com/pkgs/r/noarch
          package cache : /home/jlynch/miniconda3/pkgs
                          /home/jlynch/.conda/pkgs
       envs directories : #HIDDING for security
               platform : linux-64
             user-agent : conda/4.10.3 requests/2.25.1 CPython/3.9.5 Linux/3.10.0-1127.19.1.el7.x86_64 centos/7.8.2003 glibc/2.17
                UID:GID : 1173703:1173703
             netrc file : None
           offline mode : False
jlynchMicron commented 2 years ago

Looks like conda skeleton initially is not verifying SSL, but somewhere along the way it stops using this setting. My guess is the transition off to a subprocess or something.

$ SSL_NO_VERIFY=1 conda skeleton pypi dohq-artifactory
/home/jlynch/miniconda3/envs/personal/lib/python3.9/site-packages/urllib3/connectionpool.py:1013: InsecureRequestWarning: Unverified HTTPS request is being made to host 'proxy-web.micron.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
github-actions[bot] commented 1 year ago

Hi there, thank you for your contribution!

This issue has been automatically marked as stale because it has not had recent activity. It will be closed automatically if no further activity occurs.

If you would like this issue to remain open please:

  1. Verify that you can still reproduce the issue at hand
  2. Comment that the issue is still reproducible and include:
    • What OS and version you reproduced the issue on
    • What steps you followed to reproduce the issue

NOTE: If this issue was closed prematurely, please leave a comment.

Thanks!