鲲鹏社区首页
中文
注册
开发者
支持
我要评分
文档获取效率
文档正确性
内容完整性
文档易理解
提交
在线提单
论坛求助

编译ScaNN过程中提示找不到证书路径的解决办法

问题现象描述

执行编译ScaNN命令过程中提示unable to find valid certification path to requested target详细信息如下:

[root@localhost scann]# bazel clean; CC=gcc bazel build -c opt --cxxopt="-std=c++17" --copt=-fsized-deallocation --copt=-w --copt=-O3 --cxxopt=-O3 --copt=-march=armv8.2-a+lse+sve+f64mm --cxxopt=-march=armv8.2-a+lse+sve+f64mm --copt=-msve-vector-bits=256 --cxxopt=-msve-vector-bits=256 :build_pip_pkg
Extracting Bazel installation...
Starting local Bazel server and connecting to it...
INFO: Starting clean (this may take a while). Consider using --async if the clean takes more than several minutes.
INFO: Repository bazel_skylib instantiated at:
  /home/wjh/scann/google-research/scann/WORKSPACE:21:13: in <toplevel>
Repository rule http_archive defined at:
  /root/.cache/bazel/_bazel_root/feae8769a9a784fcce64ccb472ce84a7/external/bazel_tools/tools/build_defs/repo/http.bzl:355:31: in <toplevel>
WARNING: Download from https://github.com/bazelbuild/bazel-skylib/releases/download/1.3.0/bazel-skylib-1.3.0.tar.gz failed: class javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti                 on: unable to find valid certification path to requested target
ERROR: An error occurred during the fetch of repository 'bazel_skylib':
   Traceback (most recent call last):
        File "/root/.cache/bazel/_bazel_root/feae8769a9a784fcce64ccb472ce84a7/external/bazel_tools/tools/build_defs/repo/http.bzl", line 125, column 45, in _http_archive_impl
                download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/bazelbuild/bazel-skylib/releases/download/1.3.0/bazel-skylib-1.3.0.tar.gz] to /root/.cache/bazel/_bazel_root/feae8769a9a784fcce64ccb472ce84a7/external/bazel_sk                 ylib/temp14633894268973902114/bazel-skylib-1.3.0.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: /home/wjh/scann/google-research/scann/WORKSPACE:21:13: fetching http_archive rule //external:bazel_skylib: Traceback (most recent call last):
        File "/root/.cache/bazel/_bazel_root/feae8769a9a784fcce64ccb472ce84a7/external/bazel_tools/tools/build_defs/repo/http.bzl", line 125, column 45, in _http_archive_impl
                download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/bazelbuild/bazel-skylib/releases/download/1.3.0/bazel-skylib-1.3.0.tar.gz] to /root/.cache/bazel/_bazel_root/feae8769a9a784fcce64ccb472ce84a7/external/bazel_sk                 ylib/temp14633894268973902114/bazel-skylib-1.3.0.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: no such package '@bazel_skylib//': java.io.IOException: Error downloading [https://github.com/bazelbuild/bazel-skylib/releases/download/1.3.0/bazel-skylib-1.3.0.tar.gz] to /root/.cache/bazel/_bazel_root/feae8769a9a784fcce64ccb472ce84a7/extern                 al/bazel_skylib/temp14633894268973902114/bazel-skylib-1.3.0.tar.gz: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
INFO: Elapsed time: 15.322s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (0 packages loaded)

关键过程、根本原因分析

ScaNN编译过程中需要从https://github.com网站获取资源,Java程序通过HTTPS协议访问资源,存在安全证书校验流程,由于环境缺少证书导致资源无法获取。

结论、解决方案及效果

  1. 通过浏览器导出证书。

    使用浏览器(本文以谷歌浏览器为例)访问https://github.com,按照下图操作顺序导出保存证书,证书文件后缀为crt,例如ca.crt。

  2. 将浏览器导出的证书导入到服务器。
    1. 将证书上传服务器。
    2. 导入证书。
      1
      keytool -import -alias ca -keystore /usr/lib/jvm/java-11-openjdk-11.0.21.9-1.oe2203sp3.aarch64/lib/security/cacerts -file ca.crt  -trustcacerts -storepass changeit -noprompt
      • 导入证书命令参数说明:
        • -alias:指定别名(用户可以自定义名称)。
        • -keystore:指定存储文件,在java/lib/security的目录下。(用户需要根据环境中实际路径指定)。
        • -file:证书文件(绝对路径+证书文件名)。
        • -storepass:指定存储密码,默认为changeit,查询或删除配置时,需要用到此密码。
        • -trustcacerts:表示将信任的CA证书添加到密钥库中。
        • -noprompt:可选项,关闭提示信息。
      • cacerts证书库默认密码为“changeit”(如果使用之前有修改过,则使用修改过的密码)。
    3. 查看证书是否导入成功。
      1
      keytool -list -storepass changeit -keystore /usr/lib/jvm/java-11-openjdk-11.0.21.9-1.oe2203sp3.aarch64/lib/security/cacerts | grep -w ca

      回显信息显示存在对应别名,代表证书导入成功。

      如果需要删除证书,可以执行以下命令。

      1
      keytool -delete -storepass changeit -keystore /usr/lib/jvm/java-11-openjdk-11.0.21.9-1.oe2203sp3.aarch64/lib/security/cacerts -alias ca
    4. 重启设备。
      1
      reboot
  3. 重启设备后需重新配置ScaNN编译配置。
    1. 配置网络代理,方法请参见配置网络代理
    2. 设置pip源。
      1
2
      pip config set global.index-url https://mirrors.huaweicloud.com/repository/pypi/simple 
pip config set global.trusted-host mirrors.huaweicloud.com
    3. 将bazel添加到环境变量PATH中。
      1
      export PATH=/path/to/bazel/bazel-5.4.0/output:$PATH
    4. 将python3头文件路径添加到环境变量C_INCLUDE_PATH和CPLUS_INCLUDE_PATH中。
      1
2
      export C_INCLUDE_PATH=/usr/include/python3.9:$C_INCLUDE_PATH 
export CPLUS_INCLUDE_PATH=/usr/include/python3.9:$CPLUS_INCLUDE_PATH
  4. 重新执行编译ScaNN命令。
    1
    bazel clean; CC=gcc bazel build -c opt --cxxopt="-std=c++17" --copt=-fsized-deallocation --copt=-w --copt=-O3 --cxxopt=-O3 --copt=-march=armv8.2-a+lse+sve+f64mm --cxxopt=-march=armv8.2-a+lse+sve+f64mm --copt=-msve-vector-bits=256 --cxxopt=-msve-vector-bits=256 :build_pip_pkg
父主题: 故障排除