我正在尝试在公司代理后面的基于 CentOS 的容器映像上安装 Tensorflow Serving。但是,我在运行此bazel构建命令时遇到问题:
$ bazel build -c opt //tensorflow_serving/model_servers:tensorflow_model_server
结果(摘录):
ERROR: An error occurred during the fetch of repository 'upb':
Traceback (most recent call last):
File "/root/.cache/bazel/_bazel_root/f8d1071c69ea316497c31e40fe01608c/external/bazel_tools/tools/build_defs/repo/http.bzl", line 111, column 45, in _http_archive_impl
download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz] to /root/.cache/bazel/_bazel_root/f8d1071c69ea316497c31e40fe01608c/external/upb/temp10914614927449415720/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Error fetching repository: Traceback (most recent call last):
File "/root/.cache/bazel/_bazel_root/f8d1071c69ea316497c31e40fe01608c/external/bazel_tools/tools/build_defs/repo/http.bzl", line 111, column 45, in _http_archive_impl
download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz] to /root/.cache/bazel/_bazel_root/f8d1071c69ea316497c31e40fe01608c/external/upb/temp10914614927449415720/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: no such package '@upb//bazel': java.io.IOException: Error downloading [https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz] to /root/.cache/bazel/_bazel_root/f8d1071c69ea316497c31e40fe01608c/external/upb/temp10914614927449415720/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我发现使用其他工具我也遇到类似的问题,例如wget:
$ wget github.com
URL transformed to HTTPS due to an HSTS policy
--2021-03-11 16:56:32-- https://github.com/
Resolving proxy.mycompany.com (proxy.mycompany.com)... 172.18.76.212
Connecting to proxy.mycompany.com (proxy.mycompany.com)|172.18.76.212|:8080... connected.
ERROR: The certificate of ‘github.com’ is not trusted.
ERROR: The certificate of ‘github.com’ doesn't have a known issuer.
具体来说,对于wget,我可以忽略这些问题,下载无法获取的--no-check-certificate依赖项并继续构建过程。但如果可能的话,我更愿意解决根本问题。wgetbazel
据我了解,根本原因是缺少证书。所以,我尝试安装它们:
$ yum install ca-certificates
$ update-ca-trust force-enable
$ openssl x509 -outform der -in github-com.pem -out github.crt # I used Firefox to download this PEM file
$ mv github.crt /etc/pki/ca-trust/source/anchors/github.crt
$ update-ca-trust extract
我还将系统时钟与 NTP 服务器同步。
bazel在此过程之后,和的输出wget保持不变。 Firefox 允许我下载 github.com 的证书和证书链作为 PEM,以及我公司的这两个证书和证书链。它们都不起作用。
我还可以尝试什么以及如何调试此问题?
答案1
这是一个解决方案我觉得对于 bazel 构建“cacerts”问题。
就我而言,我做了如下操作,
bazel **--host_jvm_args="-Djavax.net.ssl.trustStore=/usr/lib/jvm/jdk1.8.0_261/jre/lib/security/cacerts"** build -c opt --cxxopt=--std=c++11 --config=android_arm //tensorflow/lite/c:tensorflowlite_c
祝你好运!!