[gimp-macos-build] circleci: update SSL certificates used by Python code.



commit 47683dbe5e15e08ec335d59e3ca312c95cf6a1d8
Author: Jehan <jehan girinstud io>
Date:   Sat Oct 9 15:50:47 2021 +0200

    circleci: update SSL certificates used by Python code.
    
    Though certs seem to be well recognized in curl commands, they are not
    in meson-fallback downloads, such as when download pcre 8.37 from
    https://ftp.pcre.org (the file is present, I verified, and I could also
    download it on the remote build machine with curl, after connecting
    through SSH). The error was:
    
    > Looking for a fallback subproject for the dependency libpcre because:
    > Use of fallback dependencies is forced.
    > Downloading libpcre source from https://ftp.pcre.org/pub/pcre/pcre-8.37.tar.bz2
    > <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer 
certificate (_ssl.c:1129)>
    > A fallback URL could be specified using source_fallback_url key in the wrap file
    > could not get https://ftp.pcre.org/pub/pcre/pcre-8.37.tar.bz2 is the internet available?
    > Subproject  libpcre is buildable: NO (disabling)
    > Dependency libpcre from subproject libpcre found: NO (subproject failed to configure)
    
    This is probably linked to the recent fiasco for Let's Encrypt root
    certificates not updated on time on various systems (this web server
    does use Let's Encrypt after verifying).
    
    After some web search, I found this command to update the certs used by
    Python. It seemed to work fine when re-running the configuration through
    SSH.
    
    Also updating Python.

 .circleci/config.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 20aafbb..62d6434 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -16,8 +16,12 @@ jobs:
             name: Setup Python3
             command: |
               cd ~/
-              curl -L 'https://www.python.org/ftp/python/3.6.8/python-3.6.8-macosx10.9.pkg' > 
python-3.6.8-macosx10.9.pkg
-              sudo installer -pkg python-3.6.8-macosx10.9.pkg -target /
+              curl -L 'https://www.python.org/ftp/python/3.9.7/python-3.9.7-macos11.pkg' > 
python-3.9.7-macosx11.pkg
+              sudo installer -pkg python-3.9.7-macosx11.pkg -target /
+              # Certificates are outdated, most likely after the recent
+              # Let's Encrypt root certs fiasco. This fixes it by
+              # updating the certs.
+              open /Applications/Python\ 3.9/Install\ Certificates.command
         - run:
             name: Setup 10.12 SDK
             command: |


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]