Certificate problem with installing PloneHotfix20210518

When I run buildout I see:

sudo -u plone_buildout bin/buildout
Updating zeoserver.
Installing client1.
Download error on http://download.zope.org/ppix/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) -- Some packages may not be found!
Download error on http://download.zope.org/distribution/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) -- Some packages may not be found!
Download error on http://effbot.org/downloads: hostname 'effbot.org' doesn't match either of 'www.github.com', '*.github.com', 'github.com', '*.github.io', 'github.io', '*.githubusercontent.com', 'githubusercontent.com' -- Some packages may not be found!
Couldn't find index page for 'Products.PloneHotfix20210518' (maybe misspelled?)
Getting distribution for 'Products.PloneHotfix20210518==1.1'.
Couldn't find index page for 'Products.PloneHotfix20210518' (maybe misspelled?)
While:
  Installing client1.
  Getting distribution for 'Products.PloneHotfix20210518==1.1'.
Error: Couldn't find a distribution for 'Products.PloneHotfix20210518==1.1'.

I have searched for a solution to this problem and have not found one. I would appreciate some advice on how to fix this.

Thanks,
Michael

Would that have something to do with SNI support? search the forum for that string "SNI" and check the hotfix installation instructions.

Thank you for the help. I went to the link you gave me and read where it said to try upgrading Python.
Doing an apt-get update followed by an apt-get upgrade did not appear to help. The output below shows that I am using Python 2.7.16.

root@plone:/usr/local/Plone/zeocluster# head -1 bin/buildout
#!/usr/bin/python

root@plone:/usr/local/Plone/zeocluster# /usr/bin/python --version
Python 2.7.16

root@plone:/usr/local/Plone/zeocluster# sudo -u plone_buildout bin/buildout
Updating zeoserver.
Installing client1.
Download error on http://download.zope.org/ppix/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) -- Some packages may not be found!
Download error on http://download.zope.org/distribution/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) -- Some packages may not be found!
Download error on http://effbot.org/downloads: hostname 'effbot.org' doesn't match either of 'www.github.com', '*.github.com', 'github.com', '*.github.io', 'github.io', '*.githubusercontent.com', 'githubusercontent.com' -- Some packages may not be found!
Couldn't find index page for 'Products.PloneHotfix20210518' (maybe misspelled?)
Getting distribution for 'Products.PloneHotfix20210518==1.1'.
Couldn't find index page for 'Products.PloneHotfix20210518' (maybe misspelled?)
While:
  Installing client1.
  Getting distribution for 'Products.PloneHotfix20210518==1.1'.
Error: Couldn't find a distribution for 'Products.PloneHotfix20210518==1.1'.

I went through the two links in the SNI part of the hotfix installation instructions. The last post in one of the links suggests using a local folder as a pypi repository

[buildout]
find-links +=
    file://${buildout:directory}/pypi-local

It appears to me that I am using Plone 4.3.18.

find-links +=
    http://dist.plone.org/release/4.3.18

Is this worth trying? Or is there something else that is more likely to succeed?

Thanks,
Michael

I went to effbot.org/downloads and found the message " effbot.org is taking a break. We’ll be back, in some form or another." Is there another site that would be better to use than effbot.org?

Thanks,
Michael

What did you use effbot.org for?

effbot.org is listed in base.cfg.

# Add additional egg download sources here. dist.plone.org contains archives
# of Plone packages.
find-links =
    http://dist.plone.org
    http://download.zope.org/ppix/
    http://download.zope.org/distribution/
    http://effbot.org/downloads

Is there a list that of find-links that would work better than the ones above?

Thanks,
Michael

Is there a list that of find-links that would work better than the ones above?

Unfortunately, I cannot help you with that. I never used find-links. I install my packages from PyPI.

Even the working links indicate the content is more than 10 years old.

I am sure you will get an answer from a Plone user, but I would try to not use them, and also make sure, you are on a newer Plone version, which you might not be.

you can unpack the fix in the zinstance/product folder and restart, no need to use buildout or pipy.

1 Like

It looks to me like you're using the ansible.plone_server to deploy. In which case you've got an old version - as download.zope.org was already removed.

(however effbot.org is still there)

I've got a similar error - and I'm now suspecting that ansible-playbook and ansible.plone_server have updates which result in setuptools==26.1.1 being used by default (whereas I was using setuptools==39.1.0) - IIUC that means that the SNI issue comes into play.

I've run out of time for right now, but the first thing I will try later is adding this to my playbook config:

plone_download_requirements_txt: no
plone_setuptools_version: '39.1.0'
plone_zc_buildout_version: '2.13.1'

Note that you might want to do ansible-galaxy install -p roles -r requirements.yml to get the latest version of ansible.plone_server "in play".

Those are our pre-steps in a plone 4.3.3 for having a useable buildout

  1. bin/pip install setuptools==38.7.0

  2. Add in buildout.cfg:
    [versions]
    setuptools = 38.7.0

  3. bin/buildout

This fixes problem in bin/buildout

Thanks. I figured out how to upgrade to 4.3-latest. Now, all I have in buildout.cfg is

# the repository link below.
find-links +=
    http://dist.plone.org/release/4.3-latest

The zope.org links come from the base.cfg file. My buildout.cfg appears to import the base.cfg

extends =
    base.cfg
#    versions.cfg
    http://dist.plone.org/release/4.3-latest/versions.cfg

I commented out the zope.org links and effbot.org in my base.cfg and tried buildout again. While the Download error on http: messages are gone, buildout still does not complete successfully. I am going to try what @nielssteenkrogh suggested below and see if that works.

Thanks. I don't have bin/pip so I suspect that I was supposed to run /bin/pip install setuptools==38.7.0 as root and install it for all users as your first step. I did so and it is installed in

drwxr-sr-x 4 May 22 07:07 /usr/local/lib/python2.7/dist-packages/setuptools
drwxr-sr-x 2 May 22 07:07 /usr/local/lib/python2.7/dist-packages/setuptools-38.7.0.dist-info

My buildout.cfg [versions] section has

[versions]
Products.PloneHotfix20200121 = 1.1
# Added as part of HF20151006 - Multiple CSRF Vulnerabilities in Zope
setuptools = 38.7.0
plone4.csrffixes = 1.1.1
plone.protect = 3.1.4
plone.keyring = 3.0.2
plone.locking = 2.0.10
# Force a newer version of collective.recipe.backup
collective.recipe.backup = 4.1.1

I bet that I am missing something simple. Buildout still fails. Here is what I see:

root@plone2:/usr/local/Plone/zeocluster# sudo -u plone_buildout bin/buildout -Nv
Installing 'buildout.sanitycheck'.
Picked: buildout.sanitycheck = 1.0.2
Version conflict while processing requirement setuptools (constrained to setuptools==38.7.0)
Getting required 'setuptools==38.7.0'
We have no distributions for setuptools that satisfies 'setuptools==38.7.0'.
Getting distribution for 'setuptools==38.7.0'.
Fetching setuptools 38.7.0 from: /usr/local/lib/python2.7/dist-packages
Running easy_install:
"/usr/bin/python" "-c" "import sys; sys.path[0:0] = ['/usr/lib/python2.7/dist-packages']; from setuptools.command.easy_install import main; main()" "-mZUNxd" "/usr/local/Plone/buildout-cache/eggs/tmpt_oKwO" "-q" "/usr/local/lib/python2.7/dist-packages"
path=['/usr/lib/python2.7/dist-packages']

error: Couldn't find a setup script in /usr/local/lib/python2.7/dist-packages
An error occurred when trying to install /usr/local/lib/python2.7/dist-packages. Look above this message for any errors that were output by easy_install.
While:
  Installing.
  Loading extensions.
  Getting distribution for 'setuptools==38.7.0'.

An internal error occurred due to a bug in either zc.buildout or in a
recipe being used:
Traceback (most recent call last):
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/buildout.py", line 2174, in main
    getattr(buildout, command)(args)
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/buildout.py", line 658, in install
    self._load_extensions()
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/buildout.py", line 1187, in _load_extensions
    newest=self.newest, allow_hosts=self._allow_hosts)
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/easy_install.py", line 957, in install
    return installer.install(specs, working_set)
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/easy_install.py", line 730, in install
    for dist in self._get_dist(req, ws):
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/easy_install.py", line 574, in _get_dist
    dists = [_move_to_eggs_dir_and_compile(dist, self._dest)]
  File "/usr/local/Plone/buildout-cache/eggs/zc.buildout-2.13.3-py2.7.egg/zc/buildout/easy_install.py", line 1745, in _move_to_eggs_dir_and_compile
    [tmp_loc] = glob.glob(os.path.join(tmp_dest, '*'))
ValueError: need more than 0 values to unpack

Any more suggestions?

I'd personally never install setuptools in my system python as you have done here - I'd recommend reversing that. It doesn't look like you are using an ansible setup, so I can't compare our situations easily. (FWIW I solved the problem I had with the solution I outlined and a manual rerun of pip install).

Perhaps you have a setup where you need to run python bootstrap.py ? In which case I would try passing a --setuptools-version parameter (IIRC),

yes its your local python you need use for bin/pip (not system python).
The reason (at least in my own usecase) is the need for replacement of setuptools version.
That is not possible with bin/buildout - so doing the replacement in a pre-step.

Agreed. I would always set up a virtualenv, e.g., virtualenv -p python2 . then you can do something like bin/pip install setuptools=38.7.0

1 Like

I just had another occurrence of this - if you are using the Ansible playbook like me (which you never confirmed btw) I think this is the way forward (best to test in vagrant first) - as it got stuck with old configurations when I tried to change them.

  1. delete requirements.txt on the server
  2. delete bin/buildout on the server
  3. rerun ansible playbook
  4. hope you have the correct version of setuptools / zc.buildout - if not restart

I'm at step 4 - but at least setuptools was found

Just to note - my parallel issue was solved by doing what I suggested above.
Unfortunately the ansible plone_server role works off stale versions of the tools. That's why removing the requirements.txt and bin/buildout is necessary.

I tried a release which tries to set these versions using the ansible playbook
plone_setuptools_version: '39.1.0'
plone_zc_buildout_version: '2.13.1'

However buildout fails - and when I log onto the server I find this....

$ bin/buildout --version
buildout version 2.5.3
$ head bin/buildout 
#!/usr/local/plone-4.3/python2.7/bin/python2.7
[...]

$ /usr/local/plone-4.3/python2.7/bin/python2.7
Python 2.7.15rc1 (default, Apr 15 2018, 21:51:34) 
[GCC 7.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pip
>>> pip.__version__
'18.0'
>>> import setuptools
>>> setuptools.__version__
'26.1.1'
>>> 
$ more requirements.txt
setuptools==26.1.1
zc.buildout==2.5.3
pip==10.0.1

Plone Foundation Code of Conduct