Ubuntu
python3.9 package

Bug #1879310
Comment #1

Comment 1 for bug 1879310

Revision history for this message

Christian Heimes (heimes) wrote on 2020-11-09:

Latest Ubuntu release is still broken:

$ cat Dockerfile.ubuntu-groovy
FROM ubuntu:groovy
RUN apt update && \
    apt upgrade -y && \
    apt install -y python3 && \
    apt clean

RUN python3 -c 'from urllib.request import urlopen; urlopen("https://www.pypi.org")'

$ podman build -f Dockerfile.ubuntu-groovy
STEP 1: FROM ubuntu:groovy
STEP 2: RUN apt update && apt upgrade -y && apt install -y python3 && apt clean
--> Using cache 199e6b47bba512fbf9ffe7b308da61d7d0262c741d624ebfacea6b277cef2fbd
--> 199e6b47bba
STEP 3: RUN python3 -c 'from urllib.request import urlopen; urlopen("https://www.pypi.org")'
Traceback (most recent call last):
  File "/usr/lib/python3.8/urllib/request.py", line 1350, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.8/http/client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
    self.send(msg)
  File "/usr/lib/python3.8/http/client.py", line 950, in send
    self.connect()
  File "/usr/lib/python3.8/http/client.py", line 1424, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)

The issue can be fixed with a simple one-line change to debian/control to install ca-certificates by default. curl has the same recommends stanza.

    Package: python3.8
    ...
    Recommends: ca-certificates

Latest Ubuntu release is still broken:

$ cat Dockerfile.ubuntu-groovy 
FROM ubuntu:groovy
RUN apt update && \
    apt upgrade -y && \
    apt install -y python3 && \
    apt clean

RUN python3 -c 'from urllib.request import urlopen; urlopen("https://www.pypi.org")'

$ podman build -f Dockerfile.ubuntu-groovy 
STEP 1: FROM ubuntu:groovy
STEP 2: RUN apt update &&     apt upgrade -y &&     apt install -y python3 &&     apt clean
--> Using cache 199e6b47bba512fbf9ffe7b308da61d7d0262c741d624ebfacea6b277cef2fbd
--> 199e6b47bba
STEP 3: RUN python3 -c 'from urllib.request import urlopen; urlopen("https://www.pypi.org")'
Traceback (most recent call last):
  File "/usr/lib/python3.8/urllib/request.py", line 1350, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.8/http/client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
    self.send(msg)
  File "/usr/lib/python3.8/http/client.py", line 950, in send
    self.connect()
  File "/usr/lib/python3.8/http/client.py", line 1424, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)

The issue can be fixed with a simple one-line change to debian/control to install ca-certificates by default. curl has the same recommends stanza.

Package: python3.8
    ...
    Recommends: ca-certificates

Ubuntupython3.9 package

Comment 1 for bug 1879310

Ubuntu
python3.9 package