I ran into a funny issue yesterday. I was attempting to resurrect an old project (made with fig) using fig’s successor project, docker-compose. For reasons that will make sense in a minute, it’s worth noting that I’m on a mac, and all of the software under discussion was installed with homebrew. Running docker on a mac, means I’m also using boot2docker.
Plain old docker works fine:
$ docker run -it debian:latest bash Unable to find image 'debian:latest' locally latest: Pulling from debian 39bb80489af7: Pull complete df2a0347c9d0: Already exists debian:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security. Digest: sha256:a25306f3850e1bd44541976aa7b5fd0a29beabc137f65acbac34d6918807fd6e Status: Downloaded newer image for debian:latest root@f51234099263:/#
docker-compose, fails hard:
$ docker-compose up SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
A certificate problem doesn’t make any sense– docker depends on the same certificate files.
Google produced a number of false leads, but I landed on a discussion thread on Github that suggested that there is something broken about OpenSSL 1.0.2.
The comment I linked to above, suggests that I can use Homebrew to switch back to OpenSSL 1.0.1.
brew switch openssl 1.0.1j_1
But, that presumes that I had the version in question installed at some point. Homebrew doesn’t actually delete old versions until you tell it to, so you can always use ‘brew switch’ to restore a previously installed version.
How do you install an old version, though? Homebrew doesn’t make this obvious at all. To do that, you need to locate the relevant “recipe” file in the homebrew git repository, and identify the moment in time (in the form of a commit hash) when the software version you want was current.
Here is the file in question. It seems like the right commit to use is ‘b5cffc8d5fc41540a41ed4deba23afbb6431435e’.
Now what? You have to roll your entire homebrew install down to that commit. In my case, homebrew was installed in /usr/local/homebrew.
$ cd /usr/local/homebrew/ $ git checkout b5cffc8d5fc41540a41ed4deba23afbb6431435e Note: checking out 'b5cffc8d5fc41540a41ed4deba23afbb6431435e'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by performing another checkout. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -b with the checkout command again. Example: git checkout -b <new-branch-name> HEAD is now at b5cffc8... openssl: update 1.0.1l bottle.
Then, you can ‘brew install openssl’, and you’ll get the correct version. After that, docker-compose will work.
$ docker-compose up Creating solr_1... Building solr... ...