[FEATURE] SSL certificate verification failure

[kbonney]

Describe the bug
When I attempt to run grayskull on one of my public repositories I receive an SSL_CERTIFICATE_VERIFY_FAILED error.

Steps to reproduce the behavior:

1. Install grayskull in a python 3.11 environment
2. run grayskull pypi https://github.com/kbonney/dnd-roller.git.

Expected behavior
I expect grayskull to run to completion and generate the config.
Outputs
If applicable, add the output to help explain your problem.
Full stack trace:

(dnd) klbonne@s1096891 ~/repos/CondaPkgTutorial/grayskull $ grayskull pypi https://github.com/kbonney/dnd-roller.git



#### Initializing recipe for https://github.com/kbonney/dnd-roller.git ####

urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/urllib3/connectionpool.py", line 844, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /repos/kbonney/dnd-roller/releases/latest (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/klbonne/.pyenv/versions/dnd/bin/grayskull", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/main.py", line 277, in main
    generate_recipes_from_list(args.pypi_packages, args)
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/main.py", line 300, in generate_recipes_from_list
    recipe, config = create_python_recipe(
                     ^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/main.py", line 335, in create_python_recipe
    GrayskullFactory.create_recipe(
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/base/factory.py", line 46, in create_recipe
    GrayskullFactory.REGISTERED_STRATEGY[repo_type.lower()].fetch_data(
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/strategy/pypi.py", line 62, in fetch_data
    update_recipe(recipe, config, sections or ALL_SECTIONS)
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/strategy/pypi.py", line 499, in update_recipe
    metadata = get_metadata(recipe, config)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/strategy/pypi.py", line 350, in get_metadata
    sdist_metadata, pypi_metadata = get_origin_wise_metadata(config)
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/strategy/pypi.py", line 218, in get_origin_wise_metadata
    version, version_tag = handle_gh_version(
                           ^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/base/github.py", line 109, in handle_gh_version
    version_tag = get_latest_version_of_github_repo(url)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/base/github.py", line 60, in get_latest_version_of_github_repo
    return fetch_latest_metadata_from_github_repo(git_url)["tag_name"]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/grayskull/base/github.py", line 21, in fetch_latest_metadata_from_github_repo
    response = requests.get(api_url)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/requests/api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/requests/api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/klbonne/.pyenv/versions/3.11.5/envs/dnd/lib/python3.11/site-packages/requests/adapters.py", line 517, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /repos/kbonney/dnd-roller/releases/latest (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

Environment:

• conda list

# packages in environment at /home/klbonne/miniconda3:
#
# Name                    Version                   Build  Channel
_libgcc_mutex             0.1                        main  
_openmp_mutex             5.1                       1_gnu  
boltons                   23.0.0          py311h06a4308_0  
brotlipy                  0.7.0           py311h5eee18b_1002  
bzip2                     1.0.8                h7b6447c_0  
c-ares                    1.19.0               h5eee18b_0  
ca-certificates           2023.05.30           h06a4308_0  
certifi                   2023.5.7        py311h06a4308_0  
cffi                      1.15.1          py311h5eee18b_3  
charset-normalizer        2.0.4              pyhd3eb1b0_0  
conda                     23.5.2          py311h06a4308_0  
conda-content-trust       0.1.3           py311h06a4308_0  
conda-libmamba-solver     23.5.0          py311h06a4308_0  
conda-package-handling    2.1.0           py311h06a4308_0  
conda-package-streaming   0.8.0           py311h06a4308_0  
cryptography              39.0.1          py311h9ce1e76_2  
fmt                       9.1.0                hdb19cb5_0  
icu                       58.2                 he6710b0_3  
idna                      3.4             py311h06a4308_0  
jsonpatch                 1.32               pyhd3eb1b0_0  
jsonpointer               2.1                pyhd3eb1b0_0  
krb5                      1.20.1               h143b758_1  
ld_impl_linux-64          2.38                 h1181459_1  
libarchive                3.6.2                h6ac8c49_2  
libcurl                   8.1.1                h251f7ec_1  
libedit                   3.1.20221030         h5eee18b_0  
libev                     4.33                 h7f8727e_1  
libffi                    3.4.4                h6a678d5_0  
libgcc-ng                 11.2.0               h1234567_1  
libgomp                   11.2.0               h1234567_1  
libmamba                  1.4.1                h2dafd23_1  
libmambapy                1.4.1           py311h2dafd23_1  
libnghttp2                1.52.0               h2d74bed_1  
libsolv                   0.7.22               he621ea3_0  
libssh2                   1.10.0               hdbd6064_2  
libstdcxx-ng              11.2.0               h1234567_1  
libuuid                   1.41.5               h5eee18b_0  
libxml2                   2.10.3               hcbfbd50_0  
lz4-c                     1.9.4                h6a678d5_0  
ncurses                   6.4                  h6a678d5_0  
openssl                   3.0.9                h7f8727e_0  
packaging                 23.0            py311h06a4308_0  
pcre2                     10.37                he7ceb23_1  
pip                       23.1.2          py311h06a4308_0  
pluggy                    1.0.0           py311h06a4308_1  
pybind11-abi              4                    hd3eb1b0_1  
pycosat                   0.6.4           py311h5eee18b_0  
pycparser                 2.21               pyhd3eb1b0_0  
pyopenssl                 23.0.0          py311h06a4308_0  
pysocks                   1.7.1           py311h06a4308_0  
python                    3.11.4               h955ad1f_0  
readline                  8.2                  h5eee18b_0  
reproc                    14.2.4               h295c915_1  
reproc-cpp                14.2.4               h295c915_1  
requests                  2.29.0          py311h06a4308_0  
ruamel.yaml               0.17.21         py311h5eee18b_0  
setuptools                67.8.0          py311h06a4308_0  
six                       1.16.0             pyhd3eb1b0_1  
sqlite                    3.41.2               h5eee18b_0  
tk                        8.6.12               h1ccaba5_0  
toolz                     0.12.0          py311h06a4308_0  
tqdm                      4.65.0          py311h92b7b1e_0  
tzdata                    2023c                h04d1e81_0  
urllib3                   1.26.16         py311h06a4308_0  
wheel                     0.38.4          py311h06a4308_0  
xz                        5.4.2                h5eee18b_0  
yaml-cpp                  0.7.0                h295c915_1  
zlib                      1.2.13               h5eee18b_0  
zstandard                 0.19.0          py311h5eee18b_0  
zstd                      1.5.5                hc292b87_0

• pip list

Package            Version
------------------ ---------
beautifulsoup4     4.12.2
certifi            2023.7.22
charset-normalizer 3.3.0
colorama           0.4.6
conda-souschef     2.2.3
grayskull          2.5.0
idna               3.4
iniconfig          2.0.0
packaging          23.2
pip                23.2.1
pkginfo            1.9.6
pluggy             1.3.0
progressbar2       4.2.0
pytest             7.4.2
python-utils       3.8.1
rapidfuzz          3.4.0
requests           2.31.0
ruamel.yaml        0.17.35
ruamel.yaml.clib   0.2.8
ruamel.yaml.jinja2 0.2.7
semver             3.0.2
setuptools         65.5.0
soupsieve          2.5
stdlib-list        0.9.0
tabulate           0.9.0
tomli              2.0.1
tomli_w            1.0.0
typing_extensions  4.8.0
urllib3            2.0.6

• grayskull --version

2.5.0

Additional context
I use corporate certs which are properly configured to work with conda and pip. I haven't seen any options to configure this for grayskull, but maybe I missed something. I am wondering if grayskull is set up to use system certs or if this is a pending feature.

[marcelotrevisani]

yeah, I didn't add option to add certificates for grayskull to use.
I will convert this issue to a feature request if you don't mind.

There is a workaround for it if you wish, you can install the ssl certificate on the machine and requests should be able to use it, or you can set

export SSL_CERT_FILE=PATH_TO_YOUR_SSL_CERTIFICATE

if you set that env variable requests should be able to use it as well