[Bug 1879310] Re: python package does not depend on ca-certificates

Mon, 09 Nov 2020 00:46:19 -0800 

Latest Ubuntu release is still broken:

$ cat Dockerfile.ubuntu-groovy 
FROM ubuntu:groovy
RUN apt update && \
    apt upgrade -y && \
    apt install -y python3 && \
    apt clean

RUN python3 -c 'from urllib.request import urlopen;
urlopen("https://www.pypi.org";)'

$ podman build -f Dockerfile.ubuntu-groovy 
STEP 1: FROM ubuntu:groovy
STEP 2: RUN apt update &&     apt upgrade -y &&     apt install -y python3 &&   
  apt clean
--> Using cache 199e6b47bba512fbf9ffe7b308da61d7d0262c741d624ebfacea6b277cef2fbd
--> 199e6b47bba
STEP 3: RUN python3 -c 'from urllib.request import urlopen; 
urlopen("https://www.pypi.org";)'
Traceback (most recent call last):
  File "/usr/lib/python3.8/urllib/request.py", line 1350, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.8/http/client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
    self.send(msg)
  File "/usr/lib/python3.8/http/client.py", line 950, in send
    self.connect()
  File "/usr/lib/python3.8/http/client.py", line 1424, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed: unable to get local issuer certificate (_ssl.c:1124)


The issue can be fixed with a simple one-line change to debian/control to 
install ca-certificates by default. curl has the same recommends stanza.

    Package: python3.8
    ...
    Recommends: ca-certificates

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1879310

Title:
  python package does not depend on ca-certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.6/+bug/1879310/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to