I'm building a .deb packages via dh-make
utility. And I have to upload it to gitlab debain repository via dput
utility.
After package has builded I run these commands:
cat <<EOF > dput.cf
[gitlab]
method = https
fqdn = <my login>:<my password>@gitlab.mydomain.com
incoming = /api/v4/projects/<project id>/packages/debian
EOF
dput --config=dput.cf --unchecked --no-upload-log gitlab <my package name>_1.0.1_amd64.changes
And I get this output log:
Uploading <my package name> using https to gitlab (host: <my login>:<my password>@gitlab.mydomain.com; directory: /api/v4/projects/<project id>/packages/debian)
running allowed-distribution: check whether a local profile permits uploads to the target distribution
running checksum: verify checksums before uploading
running suite-mismatch: check the target distribution for common errors
running gpg: check GnuPG signatures before the upload
Not checking GPG signature due to allow_unsigned_uploads being set.
Not writing upload log upon request
Uploading <my package name>_1.0.1.dsc
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)>
I'm using Ubuntu 22.04. What should I do?
P.S. My personal gitlab ssl certificate (self-signed) added to trusted this way:
mkdir -p /usr/local/share/ca-certificates
openssl s_client -showcerts -connect gitlab.mydomain.com:443 -servername gitlab.mydomain.com < /dev/null 2>/dev/null | openssl x509 -outform PEM > /usr/local/share/ca-certificates/gitlab.mydomain.com.crt
update-ca-certificates
When I was testing it via http everything was good, but now it's only https left because of security reasons.
Many thanks for any hints.
I've tried to google it, about a half of answers tells me about python ssl config (via certifi
), nothing helped me.
So I'm going around and around the urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
, but still no luck at all.
My friend found a workaround to disable SSL verification for dput
:
sed -i '24s/^/import ssl\nssl._create_default_https_context = ssl._create_unverified_context\n/' /usr/bin/dput
Thanks everyone who tried to help.