-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Registry installation failure with 1.6 on Windows 10 #38691
Comments
Actually errors still occur in 1.6. The above information about smooth sailing after initial registry update was too optimistic.
|
^ seems related to your recent work @StefanKarpinski |
@PetrKryslUCSD, can you try the following in a REPL session post what Julia outputs? import NetworkOptions
NetworkOptions.ca_roots()
import Downloads
Downloads.get_ca_roots()
Downloads.Curl.SSL_VERSION |
|
Do you have |
Yes.
|
When Julia 1.6 is run outside of the SublimeText editor (which has its own Python installation), everything is fine. |
Sublime Text defines the variable SSL_CERT_FILE to access package control. |
Discussion of the Open SSL as implemented in ST: |
If this is specific to when you run Julia in Sublime Text, maybe you can do this in your Julia startup file: delete!(ENV, "SSL_CERT_FILE") |
Yes, I set |
That explains why this is happening. We switched to using the native SSL/TLS implementation on Windows and macOS because that's the least friction approach on those platforms and most likely to be correct and secure (the OS should keep these up-to-date and there's no way to do certificate revocation lists otherwise). However, if one of those variables or |
OK. I guess that solves it then for me. But I believe other Python installations (conda?) will also try to provide that certification file. in that case you might not be seeing this error for the last time. |
One obvious fix here is that if
On the one hand, the first option is more like to "just work", which is what we would usually prefer. On the other hand, what if you set Another option would be to ignore Complicating all of this is that these NetworkOptions variables are meant to be used by all kinds of different libraries that do TLS transport. Even if libgit2 happens to be configured to use the system TLS and therefore can't use a CA root certs file, some other consumer like mbedTLS might be perfectly able to do so and isn't able to use the system CA roots. |
Any thoughts? |
Probably this is the easiest course of action. |
I also like this option. |
But probably I would lean towards the "better error message" approach. After all, if we are using the system TLS, we should probably also use the system-wide TLS-related environment variables. |
This to me is the most convincing point. If we're going to rely on the system's implementation of SSL/TLS, we should assume that the user knows best when it comes to the whether the system CA roots are trustworthy. So I would say keep the current behavior of having an error, but just have a nice message that says "I notice that you have set the |
Ok. I'll do that then. But I think I should also allow setting |
I think that makes sense. |
On master you can now set |
The error message is now improved as well. Please give it a try if you would. |
After the
.Julia
folder was completely removed:This result for
Curiously, if the registry is first built with 1.5.3 and then the environment activation/instantiation is started with 1.6, everything goes through smoothly. So I guess it is just the registry, not the packages.
The text was updated successfully, but these errors were encountered: