search

sethmlarson / truststore

Verify certificates using OS trust stores
https://truststore.readthedocs.io
MIT License
150 stars 18 forks source link

does the --use-feature=truststore option work recursively accross all subcommands executed by pip? #141

Closed KirannBhavaraju closed 1 month ago

KirannBhavaraju commented 2 months ago

NOTE: also a SO ticket. https://stackoverflow.com/q/78612281/7317733

My organisation recently updated certificates on my pc after which pip stopped working. I cannot get to any pypi package. I get the following error

SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))

One workaround i found was to use the --use-feature=truststore option which is currently Experimental on pip. This fails as well because most of the subsequent setup commands that pip uses to install dependencies of a package still fail with the same error.

example: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)'))': /simple/setuptools/

Can someone please assist me on how i can ask pip to use the default certificates on my Windows(11) PC ?

I took a look at relavant questions on this community, but nothing actually helped but this (partly).. https://pip.pypa.io/en/stable/topics/https-certificates/#

Also I can ping pypi.python.org enter image description here image

sethmlarson commented 2 months ago

Can you include the full set of commands that you're running and which dependency you're trying to install?

sethmlarson commented 2 months ago

Going to close this issue as there's been no additional information provided. Will reopen if you provide the requested information.

KirannBhavaraju commented 2 months ago

@sethmlarson sorry for the late response.

The requirements file looks like the following. 

Django==4.0
django-filter==22.1
djangorestframework==3.13.1
Markdown==3.4.1
huggingface-hub==0.8.1
sentence_transformers
pandas
nltk==3.7
django-lrucache-backend==4.0.0
drf-yasg
gunicorn==20.1.0
whitenoise==6.2.0

the config i use: 

pip 24.0
Python 3.12.4

and i run the following pip install -r requirements.txt --use-feature=truststore.

The error occurs when pip tries to install dependencies, at different packages. I have seen it for setuptools.

davidhamann commented 1 month ago

I had a similar issue (trust store only being referenced for the primary package, not for its dependencies) and could resolve it by setting the use-feature flag in the (venv's) config file such that it's respected for every install:

pip config set --site global.use-feature truststore

(I assume that passing the flag directly as an option to the install command only works for the package specified in the command, not for subsequent installations of dependencies)

sethmlarson commented 1 month ago

Now that pip v24.2 has been released, I believe this issue can be closed. Truststore gets used for all requests in pip :)