amordoch opened a new issue, #58966: URL: https://github.com/apache/airflow/issues/58966
### Apache Airflow Provider(s) standard ### Versions of Apache Airflow Providers apache-airflow-providers-standard==1.9.1 ### Apache Airflow version 3.1.3 ### Operating System Debian bookworm ### Deployment Official Apache Airflow Helm Chart ### Deployment details Image customized with corporate CA certs ### What happened In a corporate environment with SSL inspection, venv creation when using the PythonVirtualEnvOperator fails with an SSL validation error. The image has the cert installed but `--native-tls` needs to be passed to `uv` during the initial setup. This step does not appear to take into account any of the options you pass to the operator -- those only get added when running `uv pip install`. There needs to be an option to enable native TLS on venv creation. Happy to be corrected if there is an existing option and I just missed it. ### What you think should happen instead Allow passing `--native-tls` so that `uv` uses the system trust store for contacting PyPI ### How to reproduce Kinda difficult if you don't have an environment with SSL inspection, but create a task with the virtual env operator and `system_site_packages=True`, and see that the venv creation fails. ### Anything else Example logs: ```log [2025-12-02 13:00:48] INFO - Executing cmd: uv venv --allow-existing --seed --python python --system-site-packages /tmp/.airflow-venv-cache/venv-808fda7a source=airflow.utils.process_utils loc=process_utils.py:188 [2025-12-02 13:00:48] INFO - Output: source=airflow.utils.process_utils loc=process_utils.py:192 [2025-12-02 13:00:48] INFO - Using CPython 3.12.12 interpreter at: /usr/python/bin/python source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:48] INFO - Creating virtual environment with seed packages at: /tmp/.airflow-venv-cache/venv-808fda7a source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - error: Failed to install seed packages into virtual environment source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - Caused by: No solution found when resolving: `pip` source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - Caused by: Failed to fetch: `https://pypi.org/simple/pip/` source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - Caused by: Request failed after 3 retries source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - Caused by: error sending request for url (https://pypi.org/simple/pip/) source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - Caused by: client error (Connect) source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] INFO - Caused by: invalid peer certificate: UnknownIssuer source=airflow.utils.process_utils loc=process_utils.py:196 [2025-12-02 13:00:53] ERROR - Task failed with exception source=task loc=task_runner.py:980 ``` ### Are you willing to submit PR? - [x] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
