jonatanklosko
commented
2 months ago Hey, you can set BUMBLEBEE_CACERTS_PATH with the custom cert. Let us know if that works :)
Closed randysecrist closed 2 months ago
jonatanklosko
commented
2 months ago Hey, you can set BUMBLEBEE_CACERTS_PATH with the custom cert. Let us know if that works :)
randysecrist
commented
2 months ago Is this just a directory with the .pem file in it?
sidenote; I can see my cert in the system keychain; but not the system root keychain which is what erl looks for
security export -t certs -f pemseq -k /Library/Keychains/System.keychain
vs
https://github.com/erlang/otp/blob/master/lib/public_key/src/pubkey_os_cacerts.erl#L174
jonatanklosko
commented
2 months ago Is this just a directory with the .pem file in it?
It should be the path of the .pem file itself :)
randysecrist
commented
2 months ago hmmm
I've tried:
BUMBLEBEE_CACERTS_PATH=certs
BUMBLEBEE_CACERTS_PATH=certs/*
BUMBLEBEE_CACERTS_PATH=certs/all.pemnone of them actually work
now i'm wondering if I even have the right cert at all
jonatanklosko
commented
2 months ago Are you using an absolute path?
randysecrist
commented
2 months ago I am ... /Users/rsecrist/Downloads/certs/all.pem I just left that prefix part out above
jonatanklosko
commented
2 months ago To double check, you can run a basic request in IEx and use your certs path:
Application.ensure_all_started([:ssl, :inets])
:httpc.request(
:get,
{~c"https://github.com", []},
[
ssl: [
cacertfile: "/etc/ssl/cert.pem",
verify: :verify_peer,
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]
]
],
[]
)If this doesn't work then I suspect the issue is in the cert file itself.
randysecrist
commented
2 months ago yes; that works:
Application.ensure_all_started([:ssl, :inets])
:httpc.request(
:get,
{~c"https://github.com", []},
[
ssl: [
cacertfile: "/Users/rsecrist/Downloads/certs/all.pem",
verify: :verify_peer,
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]
]
],
[]
)
{:ok,
{{~c"HTTP/1.1", 200, ~c"OK"},
[...Ohh, which Bumblebee version are you using? The support for custom certs is only on main. So you need to install as {:bumblebee, github: "elixir-nx/bumblebee"}. We are waiting for a new Axon release, but that's likely to happen soon.
randysecrist
commented
2 months ago ah yes, looks like @josevalim pushed after i cloned yesterday
commit b01e0da989a39b594990f8023bebb3751663fb19 (HEAD -> main, origin/main, origin/HEAD)
Author: Jonatan KÅ‚osko <jonatanklosko@gmail.com>
Date: Fri Sep 20 18:49:08 2024 +0700
Support llama3 checkpoints with tied word embeddings```We added support for BUMBLEBEE_CACERTS_PATH earlier, the new commit adds another common env as a fallback.
But looking at the log speech_to_text.exs, are you running the example in this repo? It installs {:bumblebee, "~> 0.5.0"}, unless you changed it to main manually.
randysecrist
commented
2 months ago I'm running from a fresh clone of the bumblebee repo. Thanks for the tip to update that. 👀
randysecrist
commented
2 months ago yep - updating that dep in the local example file worked. Thanks! I've never seen a complete example like that before in elixir that literally does ... everything. Very cool.
jonatanklosko
commented
2 months ago Great!
I've never seen a complete example like that before in elixir that literally does ... everything
You don't even need the repo, that file is standalone, Mix.install brings the dependencies. And a single-file phoenix app is now even easier with playground/phoenix_playground :)
How do I tell bumblebee to use
verify_nonewhen downloading a model? (When sitting behind a corp vpn)OR
Where should I make sure the cert is added so that erlang picks it up automatically?