search

gjcarneiro / yacron

A modern Cron replacement that is Docker-friendly
MIT License
449 stars 38 forks source link

LD_LIBRARY_PATH env var is breaking curl commands to HTTPS url #68

Closed tramdeholl closed 2 years ago

tramdeholl commented 2 years ago

I'm not sure where this env var LD_LIBRARY_PATH is being set but it's causing issues with cURL HTTPS urls. I'm assuming via one of the app dependencies. It seems that curl will reference a certificate from that location but since it's stored in /tmp the certificate is deleted eventually and curl explodes. I'm hoping you might be able to shed some more light on this.

https://curl.se/mail/archive-2003-05/0081.html

Error: curl: (77) error setting certificate verify locations: CApath: /etc/ssl/certs CAfile: /tmp/_MEI6rUB1Z/certifi/cacert.pem

root@6832c8922330:/# yacron -c yacron.yml 
INFO:yacron:Starting job test
INFO:yacron:Job test spawned
[test stdout] HOSTNAME=6832c8922330
[test stdout] SHLVL=1
[test stdout] LD_LIBRARY_PATH=/tmp/_MEI6rUB1Z
[test stdout] HOME=/root
[test stdout] SSL_CERT_FILE=/tmp/_MEI6rUB1Z/certifi/cacert.pem
[test stdout] _=/usr/local/bin/yacron
[test stdout] TERM=xterm
[test stdout] PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[test stdout] DEBIAN_FRONTEND=noninteractive
[test stdout] PWD=/
INFO:yacron:Job test exit code 0; has stdout: true, has stderr: false; fail_reason: None
INFO:yacron:Cron job test: reporting success
^CINFO:yacron:Shutting down (after currently running jobs finish)...
root@6832c8922330:/# cat yacron.yml 
defaults:
  captureStderr: true
  captureStdout: true
  onFailure:
    report:
      sentry:
        dsn:
          fromEnvVar: SENTRY_DSN
  concurrencyPolicy: Forbid

jobs:
  - name: test
    command: env
    schedule: "* * * * *"
root@6832c8922330:/#
gjcarneiro commented 2 years ago

It looks like this LD_LIBRARY_PATH value is being set by PyInstaller, which is the method used to generate self-contained executable for yacron.

As a workaround, try adding this config:

defaults:
  environment:
    - key: LD_LIBRARY_PATH
      value:

Alternatively you would have to install yacron with the Python method (pip or pipx) as documented in the README.

I would like to fix this by default even for the PyInstaller case, but I don't know what is the best solution yet, so I am going to leave this bug open.

On one hand, we could have yacron unconditionally unset LD_LIBRARY_PATH. However there could be conceivably a use case where a user sets LD_LIBRARY_PATH in the environment of the shell that runs yacron and expects this env. var. to propagate to sub-commands.

Ah, I see that when LD_LIBRARY_PATH was defined in the environment before PyInstaller starts, it is saved as LD_LIBRARY_PATH_ORIG, so that we can restore it. Same with LIBPATH and LIBPATH_ORIG. And getattr(sys, 'frozen', False) can be used to determine if we're running under PyInstaller. Reference: https://pyinstaller.org/en/stable/runtime-information.html

gjcarneiro commented 2 years ago

Fixed in 0.17