search

mirage / ca-certs

Detect root CA certificates from the operating system
ISC License
14 stars 12 forks source link

macOS in opam sandbox: empty certificates errors - suggestion: use the macOS API #20

Open samoht opened 2 years ago

samoht commented 2 years ago

From https://opam.ci.ocaml.org/github/ocaml/opam-repository/commit/5dabe051724f251b15da92cd9a9133442ab9cd19/variant/opam-2.0,distributions,macos-homebrew,irmin-http.2.10.0,tests

/cc @patricoferris

Processing  1/2: [irmin-http: dune build]
+ /Users/mac705/.opam/opam-init/hooks/sandbox.sh "build" "dune" "build" "-p" "irmin-http" "-j" "11" (CWD=/Users/mac705/.opam/default/.opam-switch/build/irmin-http.2.10.0)
Processing  1/2: [irmin-http: dune runtest]
+ /Users/mac705/.opam/opam-init/hooks/sandbox.sh "build" "dune" "runtest" "-p" "irmin-http" "-j" "11" (CWD=/Users/mac705/.opam/default/.opam-switch/build/irmin-http.2.10.0)
-     ocamlopt test/irmin-http/test.exe
- ld: warning: directory not found for option '-L/opt/local/lib'
-         test alias test/irmin-http/runtest (exit 2)
- (cd _build/default && test/irmin-http/test.exe -q --color=always)
- +21100us bos             [EXEC:90639] ['uname' '-s']
- +22444us bos             [EXEC:90646] ['security' 'find-certificate' '-a'
-                                        '-p'
-                                        '/System/Library/Keychains/SystemRootCertificates.keychain']
- Fatal error: exception (Failure
-    "ca-certs: empty trust anchors.\
-   \nPlease report an issue at https://github.com/mirage/ca-certs, including:\
-   \n- the output of uname -s\
-   \n- the distribution you use\
-   \n- the location of default trust anchors (if known)\
-   \n")
[ERROR] The compilation of irmin-http failed at "/Users/mac705/.opam/opam-init/hooks/sandbox.sh build dune runtest -p irmin-http -j 11".
hannesm commented 2 years ago

I guess this is a duplicate of https://github.com/ocaml/opam/issues/4389 -- and https://github.com/mirage/ca-certs/issues/13

I suspect macOS has some API to retrieve the trust anchors, without using a command line utility. Someone with a macOS at their hands could dive into that and propose a PR here.

hannesm commented 2 years ago

This is how certstore in go does it: https://github.com/github/certstore/blob/main/certstore_darwin.go