system ca-certificates needed?

[hmaarrfk]

Maybe I just don't understand docker enough, but I tried to download some files using rclone using my pixi powered docker image:

And it keeps giving me

tls: failed to verify certificate: x509: certificate signed by unknown authority

to fix it,, i had to

apt-get update
apt-get install ca-certificates

and it was able to move on.

Any ideas??? was installing curl and rclone from conda-forge not enough to get the conda-forge ca-certificates????

Details

Using docker image sha256:6757bb17ebd559d6cc5442e3727f8e82454dc517d4a2466a2785e93480b062d9 for ghcr.io/prefix-dev/pixi:latest with digest ghcr.io/prefix-dev/pixi@sha256:cc57bc41ba08c65ec396b8eb5c368af83e0bea5ac12a5f431fd4bfd4a12d24c5 ...
Preparing environment 00:01
Running on runner-sfwfyek-project-9413359-concurrent-0 via nuthatch...
Getting source from Git repository 00:02
Fetching changes...
Reinitialized existing Git repository in /builds/mark.git/
Checking out b7a45937 as detached HEAD (ref is gitlab_ci_ro_json)...
Skipping Git submodules setup
Restoring cache 00:01
Checking cache for main-5-non_protected...
No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted. 
Successfully extracted cache
Executing "step_script" stage of the job script 00:25
Using docker image sha256:6757bb17ebd559d6cc5442e3727f8e82454dc517d4a2466a2785e93480b062d9 for ghcr.io/prefix-dev/pixi:latest with digest ghcr.io/prefix-dev/pixi@sha256:cc57bc41ba08c65ec396b8eb5c368af83e0bea5ac12a5f431fd4bfd4a12d24c5 ...
$ pixi global install git tree
Installed package git 2.46.1 pl5321h59d505e_0 from conda-forge
Installed package tree 2.1.3 h4bc722e_0 from conda-forge
These executables have been added to /root/.pixi/bin
 -  git
 -  git-cvsserver
 -  git-receive-pack
 -  git-shell
 -  git-upload-archive
 -  git-upload-pack
 -  gitk
 -  scalar
 -  tree
! To use them, make sure to add /root/.pixi/bin to your PATH
$ export PATH="/root/.pixi/bin:${PATH}"
$ git config --global --add safe.directory $(pwd)
$ pixi init
Created /builds/mark/pixi.toml
$ pixi add rclone python=3.12 gdown python-xxhash pooch numpy appdirs
Added rclone >=1.68.1,<2
Added python=3.12
Added gdown >=5.2.0,<6
Added python-xxhash >=3.5.0,<4
Added pooch >=1.8.2,<2
Added numpy >=2.1.1,<3
Added appdirs >=1.4.4,<2
Added ro-json >=1.0.4,<2
$ pixi install
$ cp ci/download_all_cache.py .
$ pixi run python download_all_cache.py || (echo Warning cache building failed && exit 0)
Downloading file 'calibration.nc' from 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' to '/builds/mark/.cache/'.
2024/09/25 02:10:59 NOTICE: Failed to backend: command "copyid" failed: failed copying "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" to "....../tmpdcvyfwq0": couldn't find id: Get "https://www.googleapis.com/drive/v3/files/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX?alt=json&fields=id%2Cname%2Csize%2Cmd5Checksum%2Csha1Checksum%2Csha256Checksum%2Ctrashed%2CexplicitlyTrashed%2CmodifiedTime%2CcreatedTime%2CmimeType%2Cparents%2CwebViewLink%2CshortcutDetails%2CexportLinks%2CresourceKey&prettyPrint=false&supportsAllDrives=true": couldn't fetch token: Post "https://oauth2.googleapis.com/token": tls: failed to verify certificate: x509: certificate signed by unknown authority

[hmaarrfk]

not sure why this is no longer an issue