Assuming that #90 is merged, we have an issue where install-program may fail due to chezmoi not having downloaded the CA certificate bundle (.local/etc/ssl/curl/cacert.pem) from home/.chezmoiexternal.toml.tmpl.
I was able to replicate this during testing, here's the partial output from install-program which occurs in the ensurePackageManagerAnsible function:
$ pipx install ansible-core
creating virtual environment...
creating shared libraries...
upgrading shared libraries...
ERROR: Could not install packages due to an OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /home/john/.local/share/curl/cacert.pem
Failed to upgrade shared libraries
Traceback (most recent call last):
File "/home/linuxbrew/.linuxbrew/Cellar/pipx/1.2.0/libexec/lib/python3.11/site-packages/pipx/shared_libs.py", line 113, in upgrade
subprocess_post_check(upgrade_process)
File "/home/linuxbrew/.linuxbrew/Cellar/pipx/1.2.0/libexec/lib/python3.11/site-packages/pipx/util.py", line 203, in subprocess_post_check
raise PipxError(
pipx.util.PipxError: '/home/john/.local/pipx/shared/bin/python -m pip --disable-pip-version-check
install --force-reinstall -q --upgrade pip setuptools wheel' failed
installing ansible-core...
Fatal error from pip prevented installation. Full pip output in file:
/home/john/.local/pipx/logs/cmd_2023-08-16_21.18.33_1_pip_errors.log
Some possibly relevant errors from pip install:
ERROR: Could not install packages due to an OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /home/john/.local/share/curl/cacert.pem
Error installing ansible-core.
Error: creating virtual environment...
creating shared libraries...
upgrading shared libraries...
ERROR: Could not install packages due to an OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /home/john/.local/share/curl/cacert.pem
Failed to upgrade shared libraries
Traceback (most recent call last):
File "/home/linuxbrew/.linuxbrew/Cellar/pipx/1.2.0/libexec/lib/python3.11/site-packages/pipx/shared_libs.py", line 113, in upgrade
subprocess_post_check(upgrade_process)
File "/home/linuxbrew/.linuxbrew/Cellar/pipx/1.2.0/libexec/lib/python3.11/site-packages/pipx/util.py", line 203, in subprocess_post_check
raise PipxError(
pipx.util.PipxError: '/home/john/.local/pipx/shared/bin/python -m pip --disable-pip-version-check
install --force-reinstall -q --upgrade pip setuptools wheel' failed
installing ansible-core...
Fatal error from pip prevented installation. Full pip output in file:
/home/john/.local/pipx/logs/cmd_2023-08-16_21.18.33_1_pip_errors.log
Some possibly relevant errors from pip install:
ERROR: Could not install packages due to an OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /home/john/.local/share/curl/cacert.pem
Error installing ansible-core.
at ensurePackageManagerAnsible (file:///home/john/.local/bin/install-program.mjs:857:10)
exit code: 1
I went through chezmoi's reference and user guide but I couldn't find any useful info as to when the externals are exactly downloaded, my current guess is that it happens during or after the scripts are ran, which may require us to move the CA certs out of externals and use an alternate mechanism to download them in advance before the install script is ran.
⏺️ Steps To Reproduce
No response
📒 Relevant Log Output
No response
💡 Possible Solution
A possible solution is to download it in install-program itself if it doesn't exist already.
❔ What are you experiencing an issue with?
Development Issue
❔ Version
https://github.com/TheDcoder/install.doctor/tree/cert-path
🐞 Description
Assuming that #90 is merged, we have an issue where
install-program
may fail due to chezmoi not having downloaded the CA certificate bundle (.local/etc/ssl/curl/cacert.pem
) fromhome/.chezmoiexternal.toml.tmpl
.I was able to replicate this during testing, here's the partial output from
install-program
which occurs in theensurePackageManagerAnsible
function:I went through chezmoi's reference and user guide but I couldn't find any useful info as to when the externals are exactly downloaded, my current guess is that it happens during or after the scripts are ran, which may require us to move the CA certs out of externals and use an alternate mechanism to download them in advance before the install script is ran.
⏺️ Steps To Reproduce
No response
📒 Relevant Log Output
No response
💡 Possible Solution
A possible solution is to download it in
install-program
itself if it doesn't exist already.