summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--issues/genenetwork/python-requests-error-in-container.gmi141
1 files changed, 141 insertions, 0 deletions
diff --git a/issues/genenetwork/python-requests-error-in-container.gmi b/issues/genenetwork/python-requests-error-in-container.gmi
index 2517af1..d691660 100644
--- a/issues/genenetwork/python-requests-error-in-container.gmi
+++ b/issues/genenetwork/python-requests-error-in-container.gmi
@@ -25,3 +25,144 @@ Possible fixes suggested are to set up correct envvars for the requests library,
See
=> https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
+
+### Troubleshooting Logs
+
+Try reproducing the issue locally:
+
+```
+$ guix --version
+hint: Consider installing the `glibc-locales' package and defining `GUIX_LOCPATH', along these lines:
+
+ guix install glibc-locales
+ export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
+
+See the "Application Setup" section in the manual, for more info.
+
+guix (GNU Guix) 2394a7f5fbf60dd6adc0a870366adb57166b6d8b
+Copyright (C) 2024 the Guix authors
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+$
+$ guix shell --container --network python python-requests coreutils
+[env]$ ls "${GUIX_ENVIRONMENT}/etc"
+ld.so.cache profile
+```
+
+We see from the above that there are no certificates in the environment with just python and python-requests.
+
+Okay. Now let's write a simple python script to test things out with:
+
+```
+import requests
+
+resp = requests.get("https://github.com")
+print(resp)
+```
+
+and run it!
+
+```
+$ guix shell --container --network python python-requests coreutils -- python3 test.py
+Traceback (most recent call last):
+ File "/tmp/test.py", line 1, in <module>
+ import requests
+ File "/gnu/store/b6ny4p29f32rrnnvgx7zz1nhsms2zmqk-profile/lib/python3.10/site-packages/requests/__init__.py", line 164, in <module>
+ from .api import delete, get, head, options, patch, post, put, request
+ File "/gnu/store/b6ny4p29f32rrnnvgx7zz1nhsms2zmqk-profile/lib/python3.10/site-packages/requests/api.py", line 11, in <module>
+ from . import sessions
+ File "/gnu/store/b6ny4p29f32rrnnvgx7zz1nhsms2zmqk-profile/lib/python3.10/site-packages/requests/sessions.py", line 15, in <module>
+ from .adapters import HTTPAdapter
+ File "/gnu/store/b6ny4p29f32rrnnvgx7zz1nhsms2zmqk-profile/lib/python3.10/site-packages/requests/adapters.py", line 81, in <module>
+ _preloaded_ssl_context.load_verify_locations(
+FileNotFoundError: [Errno 2] No such file or directory
+```
+
+Uhmm, what is this new error?
+
+Add `nss-certs` and try again.
+
+```
+$ guix shell --container --network python python-requests nss-certs coreutils
+[env]$ ls ${GUIX_ENVIRONMENT}/etc/ssl/
+certs
+[env]$ python3 test.py
+Traceback (most recent call last):
+ File "/tmp/test.py", line 1, in <module>
+ import requests
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/__init__.py", line 164, in <module>
+ from .api import delete, get, head, options, patch, post, put, request
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/api.py", line 11, in <module>
+ from . import sessions
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/sessions.py", line 15, in <module>
+ from .adapters import HTTPAdapter
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/adapters.py", line 81, in <module>
+ _preloaded_ssl_context.load_verify_locations(
+FileNotFoundError: [Errno 2] No such file or directory
+[env]$
+[env]$ export REQUESTS_CA_BUNDLE="${GUIX_ENVIRONMENT}/etc/ssl/certs/ca-certificates.crt"
+[env]$ $ python3 test.py
+Traceback (most recent call last):
+ File "/tmp/test.py", line 1, in <module>
+ import requests
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/__init__.py", line 164, in <module>
+ from .api import delete, get, head, options, patch, post, put, request
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/api.py", line 11, in <module>
+ from . import sessions
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/sessions.py", line 15, in <module>
+ from .adapters import HTTPAdapter
+ File "/gnu/store/17dw8qczqqz9fmj2kxzsbfqn730frqd7-profile/lib/python3.10/site-packages/requests/adapters.py", line 81, in <module>
+ _preloaded_ssl_context.load_verify_locations(
+FileNotFoundError: [Errno 2] No such file or directory
+```
+
+Welp! Looks like this error is a whole different thing.
+
+Let us try with the genenetwork2 package.
+
+```
+$ guix shell --container --network genenetwork2 coreutils
+[env]$ ls "${GUIX_ENVIRONMENT}/etc"
+bash_completion.d jupyter ld.so.cache profile
+```
+
+This does not seem to have the certificates in place either, so let's add nss-certs
+
+```
+$ guix shell --container --network genenetwork2 coreutils nss-certs
+[env]$ ls "${GUIX_ENVIRONMENT}/etc"
+bash_completion.d jupyter ld.so.cache profile ssl
+[env]$ python3 test.py
+Traceback (most recent call last):
+ File "/tmp/test.py", line 3, in <module>
+ resp = requests.get("https://github.com")
+ File "/gnu/store/qigjz4i0dckbsjbd2has0md2dxwsa7ry-profile/lib/python3.10/site-packages/requests/api.py", line 73, in get
+ return request("get", url, params=params, **kwargs)
+ File "/gnu/store/qigjz4i0dckbsjbd2has0md2dxwsa7ry-profile/lib/python3.10/site-packages/requests/api.py", line 59, in request
+ return session.request(method=method, url=url, **kwargs)
+ File "/gnu/store/qigjz4i0dckbsjbd2has0md2dxwsa7ry-profile/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
+ resp = self.send(prep, **send_kwargs)
+ File "/gnu/store/qigjz4i0dckbsjbd2has0md2dxwsa7ry-profile/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
+ r = adapter.send(request, **kwargs)
+ File "/gnu/store/qigjz4i0dckbsjbd2has0md2dxwsa7ry-profile/lib/python3.10/site-packages/requests/adapters.py", line 460, in send
+ self.cert_verify(conn, request.url, verify, cert)
+ File "/gnu/store/qigjz4i0dckbsjbd2has0md2dxwsa7ry-profile/lib/python3.10/site-packages/requests/adapters.py", line 263, in cert_verify
+ raise OSError(
+OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/ssl/certs/ca-certificates.crt
+```
+
+We get the expected certificates error! This is good. Now define the envvar and try again.
+
+```
+[env]$ export REQUESTS_CA_BUNDLE="${GUIX_ENVIRONMENT}/etc/ssl/certs/ca-certificates.crt"
+[env]$ python3 test.py
+<Response [200]>
+```
+
+Success!!!
+
+Adding nss-certs and setting the `REQUESTS_CA_BUNDLE` fixes things. We'll need to do the same for the container, for both the genenetwork2 and genenetwork3 packages (and any other packages that use requests library).
+
+### Fixes
+
generated by cgit v1.2.3 (git 2.46.2) at 2025-01-31 17:44:39 +0000