From c63299faee800307beed147c7e54d0729954045d Mon Sep 17 00:00:00 2001 From: Lubos Mjachky Date: Fri, 17 May 2024 11:48:43 +0200 Subject: [PATCH] Trust copied certificates This resolves "unacceptable TLS certificate" errors raised by some of the utilities using libsoup (e.g., flatpak). Tested by https://github.com/pulp/pulp_container/pull/1613. [noissue] --- templates/github/.github/workflows/scripts/install.sh.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/github/.github/workflows/scripts/install.sh.j2 b/templates/github/.github/workflows/scripts/install.sh.j2 index e04385ba..ca8fc88f 100755 --- a/templates/github/.github/workflows/scripts/install.sh.j2 +++ b/templates/github/.github/workflows/scripts/install.sh.j2 @@ -215,6 +215,7 @@ sudo chown -R 700:700 ~/.config echo ::group::SSL # Copy pulp CA sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt +sudo docker exec -u root pulp trust anchor /etc/pulp/certs/pulp_webserver.crt # Hack: adding pulp CA to certifi.where() CERTIFI=$(python -c 'import certifi; print(certifi.where())') @@ -245,6 +246,7 @@ if [[ "$TEST" = "azure" ]]; then cat /usr/local/share/ca-certificates/azcert.crt >> $AZCERTIFI cat /usr/local/share/ca-certificates/azcert.crt | cmd_stdin_prefix tee -a "$PULPCERTIFI" > /dev/null cat /usr/local/share/ca-certificates/azcert.crt | cmd_stdin_prefix tee -a /etc/pki/tls/cert.pem > /dev/null + cmd_stdin_prefix sudo trust anchor /etc/pki/tls/cert.pem {%- endif %} AZURE_STORAGE_CONNECTION_STRING='DefaultEndpointsProtocol={{ pulp_scheme }};AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint={{ pulp_scheme }}://ci-azurite:10000/devstoreaccount1;' az storage container create --name pulp-test --connection-string $AZURE_STORAGE_CONNECTION_STRING