Forums » Software Development »
Error with certificates in the Docker container
Added by Nathan Wright 10 months ago
Hello,
I am attempting to use the mitysom_ubuntu:22.04 image created via containers/am62xx/make.
We have a cmake project that wants to fetch some stuff at configure time.
The fetches are failing with...
Cloning into 'foo'...
fatal: unable to access 'foo url': error setting certificate verify locations:
CAfile: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sy
A little grepping found...
/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/var/lib/opkg/info/nativesdk-ca-certificates.list:/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sysroots/x86_64-arago-linux/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt 0100644
/home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/var/lib/opkg/info/nativesdk-ca-certificates.list:/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/
...many many more..
Did I miss a step in the setup? I imagine I can try to update these files and maybe it will work?
Thanks,
Nathan
Replies (3)
RE: Error with certificates in the Docker container - Added by Jonathan Cormier 10 months ago
The issue is the certs in the SDK toolchain are old. I'm not even sure why yocto ships its own certs but it does... If I force it to use the system's git under /usr/bin then the clone works fine. I'll see if I can update the Dockerfile to disable this older git as we don't need it.
[linux-devkit]:/tmp> git clone https://github.com/genicam/harvesters.git Cloning into 'harvesters'... fatal: unable to access 'https://github.com/genicam/harvesters.git/': error setting certificate verify locations: CAfile: /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy/sy [linux-devkit]:/tmp> /usr/bin/git clone https://github.com/genicam/harvesters.git Cloning into 'harvesters'... remote: Enumerating objects: 6484, done. remote: Counting objects: 100% (1538/1538), done. remote: Compressing objects: 100% (427/427), done. remote: Total 6484 (delta 917), reused 1400 (delta 896), pack-reused 4946 Receiving objects: 100% (6484/6484), 7.78 MiB | 24.88 MiB/s, done. Resolving deltas: 100% (4188/4188), done. [linux-devkit]:/tmp> which git /home/tools/mitysom-62x/sdk/sysroots/x86_64-arago-linux/usr/bin//git
RE: Error with certificates in the Docker container - Added by Jonathan Cormier 10 months ago
I pushed an updated Dockerfile which deletes the git executables from the SDK since the system git is newer and uses the correct ca-certs.
https://support.criticallink.com/gitweb/?p=containers.git;a=blobdiff;f=am62xx/Dockerfile;h=04b78049af03ff1d1b61b33b12fe5091e7b1247c;hp=0f1952688de06b15b38bc63f00c317c07bc9a9c9;hb=4dbb7c4296897ad87a40b59a3933092c3179bed8;hpb=689feff01979936d0a36ba0d352d65fa8c88e00e
Grab update and rebuild
cd containers/am62xx git pull make
Test:
docker run -it --rm mitysom_ubuntu:22.04 bash user@6608c22dc4da:/work$ source /home/tools/mitysom-62x/sdk/environment-setup [linux-devkit]:/work> git clone ....
