[yocto] curl-native and ca-bundle
Blaettler, Michael
michael.blaettler at siemens.com
Mon Oct 24 00:20:03 PDT 2016
Hi all
We just had an issue in regard to curl-native.
By default curl is configured with the "--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt" flag.
In case curl-native is builded the ${sysconfdir} of the current project is compiled into the binary. Due to sstate caching the binary will be reused in other projects, but the ca-bundle is still loaded from the first project. As soon as the first project (where the initial build took place) is deleted, curl-native won't be able to fetch from HTTPS sources, because the ca-path is invalid.
As a quick solution I removed the "--with-ca-bundle" configure option in native builds and curl is now loading the default certificate chain of the build host.
Does anybody found simmilar issues in other recipes?
How do you handle them?
Is there a common approach?
Kind regards
Michael
More information about the yocto
mailing list