Forums » Software Development »
Error with certificates in the Docker container
Added by Nathan Wright 9 months ago
Hello,
I am attempting to use the mitysom_ubuntu:22.04 image created via containers/am62xx/make.
We have a cmake project that wants to fetch some stuff at configure time.
The fetches are failing with...
Cloning into 'foo'...
fatal: unable to access 'foo url': error setting certificate verify locations:
CAfile: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sy
A little grepping found...
/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/var/lib/opkg/info/nativesdk-ca-certificates.list:/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/x86_64-arago-linux/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt 0100644
/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/var/lib/opkg/info/nativesdk-ca-certificates.list:/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/
...many many more..
Did I miss a step in the setup? I imagine I can try to update these files and maybe it will work?
Thanks,
Nathan
Replies (3)
RE: Error with certificates in the Docker container - Added by Jonathan Cormier 9 months ago
The issue is the certs in the SDK toolchain are old. I'm not even sure why yocto ships its own certs but it does... If I force it to use the system's git under /usr/bin then the clone works fine. I'll see if I can update the Dockerfile to disable this older git as we don't need it.
[linux-devkit]:/tmp> git clone https://github.com/genicam/harvesters.git Cloning into 'harvesters'... fatal: unable to access 'https://github.com/genicam/harvesters.git/': error setting certificate verify locations: CAfile: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sy [linux-devkit]:/tmp> /usr/bin/git clone https://github.com/genicam/harvesters.git Cloning into 'harvesters'... remote: Enumerating objects: 6484, done. remote: Counting objects: 100% (1538/1538), done. remote: Compressing objects: 100% (427/427), done. remote: Total 6484 (delta 917), reused 1400 (delta 896), pack-reused 4946 Receiving objects: 100% (6484/6484), 7.78 MiB | 24.88 MiB/s, done. Resolving deltas: 100% (4188/4188), done. [linux-devkit]:/tmp> which git /home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/usr/bin//git
RE: Error with certificates in the Docker container - Added by Jonathan Cormier 9 months ago
I pushed an updated Dockerfile which deletes the git executables from the SDK since the system git is newer and uses the correct ca-certs.
https://support.criticallink.com/gitweb/?p=containers.git;a=blobdiff;f=am62xx/Dockerfile;h=04b78049af03ff1d1b61b33b12fe5091e7b1247c;hp=0f1952688de06b15b38bc63f00c317c07bc9a9c9;hb=4dbb7c4296897ad87a40b59a3933092c3179bed8;hpb=689feff01979936d0a36ba0d352d65fa8c88e00e
Grab update and rebuild
cd containers/am62xx git pull make
Test:
docker run -it --rm mitysom_ubuntu:22.04 bash user@6608c22dc4da:/work$ source /home/tools/mitysom-62x/sdk/environment-setup [linux-devkit]:/work> git clone ....