pythonssldebiandebdput

SSL verification problem when uploading a deb package using dput


I'm building a .deb packages via dh-make utility. And I have to upload it to gitlab debain repository via dput utility.

After package has builded I run these commands:

cat <<EOF > dput.cf
[gitlab]
method = https
fqdn = <my login>:<my password>@gitlab.mydomain.com
incoming = /api/v4/projects/<project id>/packages/debian
EOF

dput --config=dput.cf --unchecked --no-upload-log gitlab <my package name>_1.0.1_amd64.changes

And I get this output log:

Uploading <my package name> using https to gitlab (host: <my login>:<my password>@gitlab.mydomain.com; directory: /api/v4/projects/<project id>/packages/debian)
running allowed-distribution: check whether a local profile permits uploads to the target distribution
running checksum: verify checksums before uploading
running suite-mismatch: check the target distribution for common errors
running gpg: check GnuPG signatures before the upload
Not checking GPG signature due to allow_unsigned_uploads being set.
Not writing upload log upon request
Uploading <my package name>_1.0.1.dsc
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)>

I'm using Ubuntu 22.04. What should I do?

P.S. My personal gitlab ssl certificate (self-signed) added to trusted this way:

mkdir -p /usr/local/share/ca-certificates

openssl s_client -showcerts -connect gitlab.mydomain.com:443 -servername gitlab.mydomain.com < /dev/null 2>/dev/null | openssl x509 -outform PEM > /usr/local/share/ca-certificates/gitlab.mydomain.com.crt

update-ca-certificates

When I was testing it via http everything was good, but now it's only https left because of security reasons.

Many thanks for any hints.

I've tried to google it, about a half of answers tells me about python ssl config (via certifi), nothing helped me.

So I'm going around and around the urlopen error [SSL: CERTIFICATE_VERIFY_FAILED], but still no luck at all.


Solution

  • My friend found a workaround to disable SSL verification for dput:

    sed -i '24s/^/import ssl\nssl._create_default_https_context = ssl._create_unverified_context\n/' /usr/bin/dput
    

    Thanks everyone who tried to help.