Add handling of custom ssl certs in urllib ops (#42953)

This PR allows the user to specify a path to a custom cert file (or directory) in Spack's config: ```yaml # This is where custom certs for proxy/firewall are stored. # It can be a path or environment variable. To match ssl env configuration # the default is the environment variable SSL_CERT_FILE ssl_certs: $SSL_CERT_FILE ``` `config:ssl_certs` can be a path to a file or a directory, or it can be and environment variable that resolves to one of those. When it posts to something valid, Spack will update the ssl context to include custom certs, and fetching via `urllib` and `curl` will trust the provided certs. This should resolve many issues with fetching behind corporate firewalls. --------- Co-authored-by: psakievich <psakievich@users.noreply.github.com> Co-authored-by: Alec Scott <alec@bcs.sh>
2024-04-01 12:11:13 -06:00
parent b81d7d0aac
commit 7afa949da1
7 changed files with 169 additions and 4 deletions
--- a/etc/spack/defaults/config.yaml
+++ b/etc/spack/defaults/config.yaml
@@ -101,6 +101,12 @@ config:
  verify_ssl: true


+  # This is where custom certs for proxy/firewall are stored.
+  # It can be a path or environment variable. To match ssl env configuration
+  # the default is the environment variable SSL_CERT_FILE
+  ssl_certs: $SSL_CERT_FILE
+
+
  # Suppress gpg warnings from binary package verification
  # Only suppresses warnings, gpg failure will still fail the install
  # Potential rationale to set True: users have already explicitly trusted the