From: Anton Mikanovich <amikan@ilbers.de>
To: Felix Moessbauer <felix.moessbauer@siemens.com>,
isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com
Subject: Re: [PATCH 1/1] fix: include ca-certificates in mmdebstrap if needed
Date: Wed, 27 Nov 2024 09:15:07 +0200 [thread overview]
Message-ID: <249f873e-c7aa-4ca6-a507-dc8c11f58263@ilbers.de> (raw)
In-Reply-To: <20241126141210.2004080-1-felix.moessbauer@siemens.com>
26/11/2024 16:12, 'Felix Moessbauer' via isar-users wrote:
> In case we have apt URLs with https, we also need the ca-certificates
> package. While that is not needed in mmdebstrap itself (as it uses the
> host packages), it will be needed in the later rootfs install tasks like
> sbuild-chroot and image install. Otherwise these tasks will fail due to
> certificate errors.
>
> For now, I copied over the logic from the old isar-bootstrap file, but
> we might want to unify this. Also, I did not copy the gnupg part as I'm
> unsure if that is needed.
>
> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
> I'm wondering how that was not noticed earlier. It literally breaks
> ALL Ubuntu builds against snapshot mirrors.
>
> Best regards,
> Felix Moessbauer
> Siemens AG
Hello Felix,
Thanks for that fix. It's all about changes between mmdebstrap versions of
different distros. Original development of this implementation was done when
bullseye still was using as host distro. And mmdebstrap in bullseye was
handling https inside URIs itself:
>If any mirror contains a https URI, then the packages
apt-transport-https and
ca-certificates will be installed inside the chroot.
But it turns out this logic was changed in bookworm version of mmdebstrap:
>If you specify a https or tor MIRROR and you want the chroot to be able to
update itself, don't forget to also install the ca-certificates package, the
apt-transport-https package for apt versions less than 1.5 and/or the
apt-transport-tor package using the --include option, as necessary.
So we should do it manually now.
And probably cover snapshot mirrors by CI to avoid such a regression later.
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/249f873e-c7aa-4ca6-a507-dc8c11f58263%40ilbers.de.
next prev parent reply other threads:[~2024-11-27 7:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 14:12 'Felix Moessbauer' via isar-users
2024-11-27 7:15 ` Anton Mikanovich [this message]
2024-12-02 9:24 ` Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=249f873e-c7aa-4ca6-a507-dc8c11f58263@ilbers.de \
--to=amikan@ilbers.de \
--cc=felix.moessbauer@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox