Project

General

Profile

Error with certificates in the Docker container

Added by Nathan Wright 9 months ago

Hello,

I am attempting to use the mitysom_ubuntu:22.04 image created via containers/am62xx/make.

We have a cmake project that wants to fetch some stuff at configure time.

The fetches are failing with...

Cloning into 'foo'...
fatal: unable to access 'foo url': error setting certificate verify locations:
  CAfile: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sy

A little grepping found...

/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/var/lib/opkg/info/nativesdk-ca-certificates.list:/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/x86_64-arago-linux/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt    0100644
/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/var/lib/opkg/info/nativesdk-ca-certificates.list:/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/
...many many more..

Did I miss a step in the setup? I imagine I can try to update these files and maybe it will work?

Thanks,
Nathan


Replies (3)

RE: Error with certificates in the Docker container - Added by Jonathan Cormier 9 months ago

The issue is the certs in the SDK toolchain are old. I'm not even sure why yocto ships its own certs but it does... If I force it to use the system's git under /usr/bin then the clone works fine. I'll see if I can update the Dockerfile to disable this older git as we don't need it.

[linux-devkit]:/tmp> git clone https://github.com/genicam/harvesters.git
Cloning into 'harvesters'...
fatal: unable to access 'https://github.com/genicam/harvesters.git/': error setting certificate verify locations:
  CAfile: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sy
[linux-devkit]:/tmp> /usr/bin/git clone https://github.com/genicam/harvesters.git
Cloning into 'harvesters'...
remote: Enumerating objects: 6484, done.
remote: Counting objects: 100% (1538/1538), done.
remote: Compressing objects: 100% (427/427), done.
remote: Total 6484 (delta 917), reused 1400 (delta 896), pack-reused 4946
Receiving objects: 100% (6484/6484), 7.78 MiB | 24.88 MiB/s, done.
Resolving deltas: 100% (4188/4188), done.
[linux-devkit]:/tmp> which git
/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/usr/bin//git

RE: Error with certificates in the Docker container - Added by Jonathan Cormier 9 months ago

I pushed an updated Dockerfile which deletes the git executables from the SDK since the system git is newer and uses the correct ca-certs.
https://support.criticallink.com/gitweb/?p=containers.git;a=blobdiff;f=am62xx/Dockerfile;h=04b78049af03ff1d1b61b33b12fe5091e7b1247c;hp=0f1952688de06b15b38bc63f00c317c07bc9a9c9;hb=4dbb7c4296897ad87a40b59a3933092c3179bed8;hpb=689feff01979936d0a36ba0d352d65fa8c88e00e

Grab update and rebuild

cd containers/am62xx
git pull
make

Test:

docker run -it --rm mitysom_ubuntu:22.04 bash
user@6608c22dc4da:/work$ source /home/tools/mitysom-62x/sdk/environment-setup
[linux-devkit]:/work> git clone ....

    (1-3/3)
    Go to top
    Add picture from clipboard (Maximum size: 1 GB)