Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error during precompile stage of building v1.6.1 - GitError(Code:ERROR, Class:SSL, failed to load CA certificates... #41019

Open
Fatmice opened this issue May 31, 2021 · 2 comments

Comments

@Fatmice
Copy link

Fatmice commented May 31, 2021

I git checkout v1.6.1 and attempted a build. It went mostly smoothly until the precompile stage.

Several notable errors

Generating REPL precompile statements... 16/29
ERROR: MethodError: no method matching f(::Int64, ::Int64)

Generating REPL precompile statements... 17/29
ERROR: BoundsError: attempt to access 0-element Vector{Any} at index [1]

Generating REPL precompile statements... 20/29
ERROR: GitError(Code:ERROR, Class:SSL, failed to load CA certificates: 0xffffde80 - X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected)

Generating REPL precompile statements... 22/29
ERROR: failed to clone from https://github.com/JuliaRegistries/General.git, error: GitError(Code:ERROR, Class:SSL, failed to load CA certificates: 0xffffde80 - X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected)
caused by: GitError(Code:ERROR, Class:SSL, failed to load CA certificates: 0xffffde80 - X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected)

Generating REPL precompile statements... 23/29
ERROR: Dev path `TestPkg.jl` does not exist.

Below is a more complete log
https://gist.github.com/Fatmice/4a68a43611d9721f5d29225d5fd51007
Others have reported something similar at #40185
What do to now? I did not have this problem with git checkout v1.5.3

@IanButterworth
Copy link
Member

(As discussed on slack) This is #39289 but popping up during build, which is unfortunate.

I don't know how valid it is, but a slightly inelegant workaround is to install a prebuilt julia binary and set the env var JULIA_SSL_CA_ROOTS_PATH to the output of this from the prebuilt binary

import NetworkOptions
NetworkOptions.bundled_ca_roots()

Taken from #39289 (comment)

Then the fix in that comment can be used once built, and the prebuilt binary removed

@IanButterworth IanButterworth changed the title Precompile errors on v1.6.1 Error during precompile stage of building v1.6.1 - GitError(Code:ERROR, Class:SSL, failed to load CA certificates... May 31, 2021
@Fatmice
Copy link
Author

Fatmice commented Jun 1, 2021

Okay I've managed to get the build working by passing the path to valid certificate bundle with the right heading BEGIN CERTIFICATE to the environmental variable JULIA_SSL_CA_ROOTS_PATH. It must be of the form JULIA_SSL_CA_ROOTS_PATH=<full_path> make as defining it in Make.user has no effect. This variable must be passed during build, test, and install.

On Fedora 32, there are two locations where the certs are stored. /etc/ssl/certs and /etc/pki/. The /etc/ssl/certs stores symlinks to ca bundles within /etc/pki/ca-trust/extracted, which contain certificates in both openssl and non-openssl formats.

Furthermore, unless I am wrong, the build specifically look for ca-certificates.crt within /etc/ssl/certs. So if the format of this file is wrong, then the precompile stage for Pkg will error out and abort the build.

Once built and installed, modify the global, or local Julia startup file or invoking julia -L <startupfile.jl with content, as advised from #39289 (comment).

@eval Module() begin
    import NetworkOptions
    ENV["JULIA_SSL_CA_ROOTS_PATH"] = NetworkOptions.bundled_ca_roots()
end

This will force Julia to use the bundled CA certs under <julia_install_path>/share/julia/cert.pem> if you do not care for an on-site CA certs

Just for referrence, another mention of this issue
https://discourse.julialang.org/t/problem-installing-julia-1-6/59151/2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants