callahad
commented
3 days ago @thresheek Would it be possible for SysEng to bump our Python language versions without a Unit release, or would that be a bit of a pain? 🙏
Open Stafox opened 5 days ago
callahad
commented
3 days ago @thresheek Would it be possible for SysEng to bump our Python language versions without a Unit release, or would that be a bit of a pain? 🙏
ac000
commented
3 days ago @thresheek Would it be possible for SysEng to bump our Python language versions without a Unit release, or would that be a bit of a pain? 🙏
Not sure how that relates to this issue...
callahad
commented
3 days ago Oops, wrong tab! That was supposed to be on #1453 - moving the comment over there.
callahad
commented
3 days ago @Stafox Looks like the base image changed from php:8.3-cli-bullseye to php:8.3-cli-bookworm when we released 1.33. At first glance, I don't see any other relevant changes between the Dockerfiles used for 1.32.1 and 1.33.0. This might be an issue with Debian?
What are the permissions on /root/, /root/.postgresql/ and /root/.postgresql.crt in each version of the image for you? How are you writing the client cert into the container?
Stafox
commented
1 day ago This might be an issue with Debian? not sure
the problem definetely does not connected to permissions. i have tried all possible, as well, as providing the file. no luck.
the main problem that it shoud not request the cerificate at all, in case your connection is made with sslmode=require (what is default mode)
as i mentioned, after rolling back to previous version the problem has gone
thresheek
commented
1 day ago What docker version you're running and on what OS? What's the libseccomp version on your host OS?
Thinks kinda sorta looks like another case of https://github.com/docker-library/official-images/issues/16829
Stafox
commented
1 day ago the problem was reproduced on Ubuntu 24.04 (Docker version 27.3.1, build ce12230) and macos (Docker version 27.2.0, build 3ab4256).
dpkg -l | grep libseccomp
ii libseccomp2:amd64 2.5.5-1ubuntu3.1 amd64 high level interface to Linux seccomp filterThat's recent enough! So probably my idea was a miss.
Looking at https://gitlab.alpinelinux.org/alpine/aports/-/issues/14565 and https://github.com/psycopg/psycopg2/issues/1535 it looks like it's coming up from an updated libpq library - with some ideas to try in https://github.com/psycopg/psycopg2/issues/1535#issuecomment-1385845916 and https://github.com/psycopg/psycopg2/issues/1535#issuecomment-1385857647
After update to this version I started to experience problem with connection to remote postgres databases (have tried Google Cloud SQL and Digital Ocean Managed DB). It does not allow to establish connection due to error with certificate.
connection to server at "****" (xxx.xxx.xx.xxx), port 25060 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied.After switching back to 1.32.1-php8.3 the error has gone.