Skip to content

Fix manylinux2014 Docker build: add sslverify=0 for oneAPI repo#313

Closed
yuejiaointel wants to merge 1 commit intomainfrom
fix/manylinux2014-oneapi-ssl
Closed

Fix manylinux2014 Docker build: add sslverify=0 for oneAPI repo#313
yuejiaointel wants to merge 1 commit intomainfrom
fix/manylinux2014-oneapi-ssl

Conversation

@yuejiaointel
Copy link
Copy Markdown
Contributor

@yuejiaointel yuejiaointel commented Apr 6, 2026

Summary

  • CentOS 7 (manylinux2014 base image) has reached EOL and its CA certificate bundle is permanently frozen
  • Intel's yum.repos.intel.com now uses a TLS certificate whose CA is not in CentOS 7's trust store, causing curl#60 - "Peer's Certificate issuer is not recognized." during Docker build
  • Adds sslverify=0 to the oneAPI yum repo config to skip TLS cert validation. Package integrity is still protected by gpgcheck=1 and repo_gpgcheck=1

Test plan

  • CI Build Wheel job passes with this change
  • Verified CI fails without this change (reverted and confirmed curl#60 error)

🤖 Generated with Claude Code

@yuejiaointel
add sslverify=0 for Intel oneAPI repo in manylinux2014
3068588 
CentOS 7 CA certs no longer trust Intel's TLS certificate.
Packages are still GPG-verified via gpgcheck and repo_gpgcheck.
@yuejiaointel
Copy link
Copy Markdown
Contributor Author

yuejiaointel commented Apr 6, 2026

#312 should fix this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mihaic mihaic Awaiting requested review from mihaic mihaic is a code owner

@ahuber21 ahuber21 Awaiting requested review from ahuber21 ahuber21 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yuejiaointel