working on the FRIKKIN ssl verification issue

2026-06-09 05:25:44 -07:00
parent 25bfe8cd0a
commit b60a7a82f7
4 changed files with 24 additions and 10 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1 @@
+REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
--- a/5
+++ b/5
@@ -5,7 +5,10 @@ name = "pypi"

 [packages]
 py-gitea = "*"
-# py-gitea = {git = "https://github.com/mikeperalta1/py-gitea.git"}
+
+# This forces an earlier version of urllib3 that doesn't have newer strict restrictions on CA certs,
+# which I believe was blocking my self-signed chains
+urllib3 = "<2.4"

 [dev-packages]

--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "2a8acb06970c59def755a6b1fc93b6bc20fc36e1797ff9ce24546b26fdeebca5"
+            "sha256": "01d2c2fe8bf6b5aa4dd2fa2f26fe6a1e3ee053ceffd38e99253422153ffc5300"
        },
        "pipfile-spec": 6,
        "requires": {
@@ -194,11 +194,12 @@
        },
        "urllib3": {
            "hashes": [
-                "sha256:231e0ec3b63ceb14667c67be60f2f2c40a518cb38b03af60abc813da26505f4c",
-                "sha256:9fb4c81ebbb1ce9531cce37674bbc6f1360472bc18ca9a553ede278ef7276897"
+                "sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df",
+                "sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d"
            ],
-            "markers": "python_version >= '3.10'",
-            "version": "==2.7.0"
+            "index": "pypi",
+            "markers": "python_version >= '3.9'",
+            "version": "==2.3.0"
        }
    },
    "develop": {}
--- a/domain/Migrator.py
+++ b/domain/Migrator.py
@@ -3,11 +3,12 @@
 from domain.API import API


+import certifi
 import gitea
 import logging
+import os
 import sys

-import certifi


 class Migrator:
@@ -74,7 +75,6 @@ class Migrator:
 		
 		return repo_name
 	
-	"""
 	def set_ca_bundle(self, bundle_path: str):
 		
 		self.__logger.info("Setting certificate bundle path")
@@ -83,10 +83,13 @@ class Migrator:
 		self.__logger.info(f"Old path: {certifi.where()}")
 		certifi.core._CACERT_PATH = bundle_path
 		self.__logger.info(f"New path: {certifi.where()}")
+
+		self.__logger.info(f"os.environ.REQUESTS_CA_BUNDLE before: {os.environ['REQUESTS_CA_BUNDLE']}")
+		os.environ["REQUESTS_CA_BUNDLE"] = bundle_path
+		self.__logger.info(f"os.environ.REQUESTS_CA_BUNDLE after: {os.environ['REQUESTS_CA_BUNDLE']}")
 		
 		# TODO: JUST TESTING
 		self.__verify_ssl = bundle_path
-	"""
 	
 	def migrate_entire_org(
 			self,
@@ -105,8 +108,13 @@ class Migrator:
 		# api_source: giteapy.OrganizationApi
 		# api_destination: giteapy.OrganizationApi
 		
-		# Tattle on certify
+		# Tattle on certify, then modify
 		self.__logger.info(f"Certifi is currently using CA bundle: {certifi.where()}")
+		if self.__ca_bundle is not None:
+			self.set_ca_bundle(
+				bundle_path=self.__ca_bundle
+			)
+		self.__logger.info(f"After modification, Certifi is now using CA bundle: {certifi.where()}")
 		
 		# Grab all org repos
 		source_repos = self._fetch_all_org_repos(
@@ -382,6 +390,7 @@ class Migrator:
 				source_repos_failed.append(
 					(source_repo, e)
 				)
+				raise e
 				continue
 			
 			self.__logger.debug(f"Migration result: {repo_new}")
				`@@ -0,0 +1 @@`
				`REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt`