Google Maps Travel Time Docker fails to start

lwis commented 8 years ago

Home Assistant release (hass --version): 0.19.1

Python release (python3 --version): 3.4

Component/platform: sensor/google_travel_time

Description of problem: Fails to start due to SSL error.

Problem-relevant configuration.yaml entries and steps to reproduce:

sensor:
    platform: google_travel_time
    api_key: XXXX_XXXXX_XXXXX
    origin: Trondheim, Norway
    destination: Paris, France
    travel_mode: bicycling

Traceback (if applicable):

 16-05-08 14:06:17 INFO (MainThread) [requests.packages.urllib3.connectionpool] Starting new HTTPS connection (1): maps.googleapis.com
 16-05-08 14:06:17 ERROR (MainThread) [homeassistant.components.sensor] Error while setting up platform google_travel_time
 Traceback (most recent call last):
   File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 578, in urlopen
     chunked=chunked)
   File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 351, in _make_request
     self._validate_conn(conn)
   File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 814, in _validate_conn
     conn.connect()
   File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 289, in connect
     ssl_version=resolved_ssl_version)
   File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/util/ssl_.py", line 308, in ssl_wrap_socket
     return context.wrap_socket(sock, server_hostname=server_hostname)
   File "/usr/local/lib/python3.4/ssl.py", line 362, in wrap_socket
     _context=self)
   File "/usr/local/lib/python3.4/ssl.py", line 580, in __init__
     self.do_handshake()
   File "/usr/local/lib/python3.4/ssl.py", line 807, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

 During handling of the above exception, another exception occurred:

 Traceback (most recent call last):
   File "/usr/local/lib/python3.4/site-packages/requests/adapters.py", line 403, in send
     timeout=timeout
   File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 604, in urlopen
     raise SSLError(e)
 requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

 During handling of the above exception, another exception occurred:

 Traceback (most recent call last):
   File "/usr/local/lib/python3.4/site-packages/googlemaps/client.py", line 201, in _get
     resp = requests.get(base_url + authed_url, **requests_kwargs)
   File "/usr/local/lib/python3.4/site-packages/requests/api.py", line 71, in get
     return request('get', url, params=params, **kwargs)
   File "/usr/local/lib/python3.4/site-packages/requests/api.py", line 57, in request
     return session.request(method=method, url=url, **kwargs)
   File "/usr/local/lib/python3.4/site-packages/requests/sessions.py", line 475, in request
     resp = self.send(prep, **send_kwargs)
   File "/usr/local/lib/python3.4/site-packages/requests/sessions.py", line 585, in send
     r = adapter.send(request, **kwargs)
   File "/usr/local/lib/python3.4/site-packages/requests/adapters.py", line 477, in send
     raise SSLError(e, request=request)
 requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

 During handling of the above exception, another exception occurred:

 Traceback (most recent call last):
   File "/usr/src/app/homeassistant/helpers/entity_component.py", line 98, in _setup_platform
     discovery_info)
   File "/usr/src/app/homeassistant/components/sensor/google_travel_time.py", line 48, in setup_platform
     travel_mode, is_metric)
   File "/usr/src/app/homeassistant/components/sensor/google_travel_time.py", line 73, in __init__
     self.update()
   File "/usr/src/app/homeassistant/util/__init__.py", line 289, in wrapper
     result = method(*args, **kwargs)
   File "/usr/src/app/homeassistant/components/sensor/google_travel_time.py", line 117, in update
     traffic_model="optimistic")
   File "/usr/local/lib/python3.4/site-packages/googlemaps/distance_matrix.py", line 130, in distance_matrix
     return client._get("/maps/api/distancematrix/json", params)
   File "/usr/local/lib/python3.4/site-packages/googlemaps/client.py", line 205, in _get
     raise googlemaps.exceptions.TransportError(e)
 googlemaps.exceptions.TransportError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

balloob commented 8 years ago

Are you using docker?

On Sun, May 8, 2016, 07:10 Lewis Juggins notifications@github.com wrote:

Home Assistant release (hass --version): 0.19.1

Python release (python3 --version): 3.4

Component/platform: sensor/google_travel_time

Description of problem: Fails to start due to SSL error.

Problem-relevant configuration.yaml entries and steps to reproduce:

sensor: platform: google_travel_time api_key: XXXX_XXXXX_XXXXX origin: Trondheim, Norway destination: Paris, France travel_mode: bicycling

Traceback (if applicable):

16-05-08 14:06:17 INFO (MainThread) [requests.packages.urllib3.connectionpool] Starting new HTTPS connection (1): maps.googleapis.com 16-05-08 14:06:17 ERROR (MainThread) [homeassistant.components.sensor] Error while setting up platform google_travel_time Traceback (most recent call last): File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 578, in urlopen chunked=chunked) File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 351, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 814, in _validate_conn conn.connect() File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 289, in connect ssl_version=resolved_sslversion) File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/util/ssl.py", line 308, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.4/ssl.py", line 362, in wrap_socket _context=self) File "/usr/local/lib/python3.4/ssl.py", line 580, in init self.do_handshake() File "/usr/local/lib/python3.4/ssl.py", line 807, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.4/site-packages/requests/adapters.py", line 403, in send timeout=timeout File "/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 604, in urlopen raise SSLError(e) requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.4/site-packages/googlemaps/client.py", line 201, in _get resp = requests.get(base_url + authed_url, _requests_kwargs) File "/usr/local/lib/python3.4/site-packages/requests/api.py", line 71, in get return request('get', url, params=params, _kwargs) File "/usr/local/lib/python3.4/site-packages/requests/api.py", line 57, in request return session.request(method=method, url=url, _kwargs) File "/usr/local/lib/python3.4/site-packages/requests/sessions.py", line 475, in request resp = self.send(prep, _send_kwargs) File "/usr/local/lib/python3.4/site-packages/requests/sessions.py", line 585, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.4/site-packages/requests/adapters.py", line 477, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/src/app/homeassistant/helpers/entity_component.py", line 98, in _setup_platform discovery_info) File "/usr/src/app/homeassistant/components/sensor/google_travel_time.py", line 48, in setup_platform travel_mode, is_metric) File "/usr/src/app/homeassistant/components/sensor/google_travel_time.py", line 73, in init self.update() File "/usr/src/app/homeassistant/util/init.py", line 289, in wrapper result = method(_args, *_kwargs) File "/usr/src/app/homeassistant/components/sensor/google_travel_time.py", line 117, in update traffic_model="optimistic") File "/usr/local/lib/python3.4/site-packages/googlemaps/distance_matrix.py", line 130, in distance_matrix return client._get("/maps/api/distancematrix/json", params) File "/usr/local/lib/python3.4/site-packages/googlemaps/client.py", line 205, in _get raise googlemaps.exceptions.TransportError(e) googlemaps.exceptions.TransportError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/home-assistant/home-assistant/issues/2009

lwis commented 8 years ago

@balloob I am, yes.

balloob commented 8 years ago

This is an issue with docker / python / requests. I'm not sure about a fix.

On Sun, May 8, 2016, 08:00 Lewis Juggins notifications@github.com wrote:

@balloob https://github.com/balloob I am, yes.

— You are receiving this because you were mentioned.

Reply to this email directly or view it on GitHub https://github.com/home-assistant/home-assistant/issues/2009#issuecomment-217725330

lwis commented 8 years ago

@balloob looks like it's related to this;

https://github.com/certifi/python-certifi/issues/26

Which appears to be due to Jessie being on OpenSSL 1.0.1k, 1.0.2 fixes the issue.

Nasty workarounds;

Pin an old version of certifi==2015.4.28, which contains the weak certs.
Set $REQUESTS_CA_BUNDLE to the old, weak certs.

I've just had a look, and it would appear that Alpine has OpenSSL 1.0.2h in v3.3, I believe that moving to Alpine would be the cleanest solution.

Does the project have any ties to Debian?

balloob commented 8 years ago

No ties - we are now basing our image on the Python 3.4 image provided by Docker.

lwis commented 8 years ago

@balloob Just had a look;

nmap - Check, https://pkgs.alpinelinux.org/packages?name=nmap net-tools - Check, https://pkgs.alpinelinux.org/packages?name=net-tools cython3 - No cython3, but cython 0.23.4 exists https://pkgs.alpinelinux.org/packages?name=cython libudev-dev - Potentially one of these? https://pkgs.alpinelinux.org/packages?name=udev sudo - Check, https://pkgs.alpinelinux.org/packages?name=sudo libglib2.0-dev - Potentially one of these? https://pkgs.alpinelinux.org/packages?name=glib

I'm not sure if all those packages are still required if using https://pkgs.alpinelinux.org/packages?name=*openzwave* - I'm unfamilar with zwave, or its requirements.

Rest looks to be relatively straight forward, potentially quite an easy transition (and a smaller image!).

balloob commented 8 years ago

I wonder if it wouldn't be easier to either uninstall certifi (means older certificates / not sure which package installed it to begin with) or install OpenSSL 1.0.2 inside Docker.

home-assistant / core

Google Maps Travel Time Docker fails to start #2009