docker-postgis icon indicating copy to clipboard operation
docker-postgis copied to clipboard

Published 20 hours ago verified publisher icon postgis

Cannot access remote raster files when querying raster ca-certificates missing

Open robe2 opened this issue 3 years ago • 2 comments

A user reported this issue on postgis issue tracker: trying to use 14-3.2 image

https://trac.osgeo.org/postgis/ticket/5199

User was trying to do an out-db-raster call to a google cloud raster, and the call failed because ca-certificates weren't installed.

Error was:

ERROR 11: CURL error: server certificate verification failed. CAfile: none CRLfile: none
2022-08-05 11:43:47.299 UTC [243] ERROR:  rt_band_load_offline_data: Cannot open offline raster: /vsigs/<bucket>/pop12.tif
2022-08-05 11:43:47.299 UTC [243] CONTEXT:  SQL function "st_pixelaspolygons" statement 1
        SQL statement "SELECT public.ST_Buffer(public.ST_Collect(t.geom), 0)            FROM public.ST_PixelAsPolygons(rast, nband) AS t"
        PL/pgSQL function _st_intersects(geometry,raster,integer) line 21 at SQL statement
        PL/pgSQL function st_intersection(geometry,raster,integer) line 11 at assignment
        SQL function "st_intersection" statement 1

robe2 avatar Aug 05 '22 18:08 robe2

Thanks Regina. This makes sense. @ImreSamu I wonder if this might be some type of regression that happened somewhere along the line as the base debian containers were updated?

Whatever the case, we can look to see how much bigger the images become if we add in the certs package and whatever dependencies it might pull in, but I'm betting it's negligible.

phillipross avatar Aug 05 '22 19:08 phillipross

@phillipross

I wonder if this might be some type of regression that happened somewhere along the line as the base debian containers were updated?

as I see ca-certificates is a "recommended package" and we are using && apt-get install -y --no-install-recommends \

now the: postgresql-$PG_MAJOR-postgis-3 recommended packages : ca-certificates proj-bin poppler-data publicsuffix

Whatever the case, we can look to see how much bigger the images become if we add in the certs package and whatever dependencies it might pull in, but I'm betting it's negligible.

agree; negligible ~ +391 kB apt install ca-certificates -> After this operation, 391 kB of additional disk space will be used.

ImreSamu avatar Aug 06 '22 00:08 ImreSamu

Thanks all. So I assume this is all set and we can close or has a build not been released yet with this change?

robe2 avatar Sep 02 '22 19:09 robe2

At the moment the PR is up but still in review. When we get it finalized and merged then we'll swing back and close this issue. But to be clear, this issue explicit covers getting the ca-certificates package into the docker image, but the trac issue may not necessarily be resolved by this fix. The user reporting the issue on trac should retest after we get this PR merged to make sure this is really the fix for the issue 😊

phillipross avatar Sep 03 '22 08:09 phillipross