From 7afa949da1ee560760aaa700724f9a0466429218 Mon Sep 17 00:00:00 2001 From: psakievich Date: Mon, 1 Apr 2024 12:11:13 -0600 Subject: Add handling of custom ssl certs in urllib ops (#42953) This PR allows the user to specify a path to a custom cert file (or directory) in Spack's config: ```yaml # This is where custom certs for proxy/firewall are stored. # It can be a path or environment variable. To match ssl env configuration # the default is the environment variable SSL_CERT_FILE ssl_certs: $SSL_CERT_FILE ``` `config:ssl_certs` can be a path to a file or a directory, or it can be and environment variable that resolves to one of those. When it posts to something valid, Spack will update the ssl context to include custom certs, and fetching via `urllib` and `curl` will trust the provided certs. This should resolve many issues with fetching behind corporate firewalls. --------- Co-authored-by: psakievich Co-authored-by: Alec Scott --- etc/spack/defaults/config.yaml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'etc') diff --git a/etc/spack/defaults/config.yaml b/etc/spack/defaults/config.yaml index 018e8deb55..532e3db270 100644 --- a/etc/spack/defaults/config.yaml +++ b/etc/spack/defaults/config.yaml @@ -101,6 +101,12 @@ config: verify_ssl: true + # This is where custom certs for proxy/firewall are stored. + # It can be a path or environment variable. To match ssl env configuration + # the default is the environment variable SSL_CERT_FILE + ssl_certs: $SSL_CERT_FILE + + # Suppress gpg warnings from binary package verification # Only suppresses warnings, gpg failure will still fail the install # Potential rationale to set True: users have already explicitly trusted the -- cgit v1.2.3-70-g09d2