[yocto] Native curl and SSL CA certificates

Iván Castell icastell at nayarsystems.com
Tue May 8 07:55:54 PDT 2018 

Hello forum.

Using the "rocko" branch. The SSL CA certificates "ca-certificates.crt"
don't appear inside this directory:

build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/

That generates issues when trying to build images that use a https
repository of rpm packages:

This is the repository configuration included:

$ yocto-adv-rpm.repo
[yocto-adv-rpm]
name=Rocko Yocto Repo
baseurl=https://storage.googleapis.com/my_repo/
gpgkey=https://storage.googleapis.com/my_repo/PACKAGEFEED-GPG-KEY-rocko
enabled=1
gpgcheck=1

This repository configuration doesn't work fine. When I try to build
"myimage" recipe, I always get this error:

ERROR: myimage-1.0-r0 do_rootfs: [log_check] myimage: found 1 error message
in the logfile:
[log_check] Failed to synchronize cache for repo 'yocto-adv-rpm', disabling.
ERROR: myimage-1.0-r0 do_rootfs: Function failed: do_rootfs
ERROR: Logfile of failure stored in:
/home/yocto/yocto/build/tmp/work/machine-poky-linux/myimage/1.0-r0/temp/log.do_rootfs.731
ERROR: Task
(/home/yocto/yocto/sources/meta-mylayer/recipes-images/myimage.bb:do_root

I found some relevant information inside this file:

yocto/build/tmp/work/machine-poky-linux/myimage/1.0-r0/temp/dnf.librepo.log

The relevant part:

15:56:41 lr_download: Downloading started
15:56:41 check_transfer_statuses: Transfer finished: repodata/repomd.xml
(Effective url: https://storage.googleapis.com/my_repo/repodata/repomd.xml)
15:56:41 check_finished_transfer_status: Fatal error - Curl code (77):
Problem with the SSL CA cert (path? access rights?) for
https://storage.googleapis.com/my_repo/repodata/repomd.xml [error setting
certificate verify locations:
  CAfile:
/home/yocto/yocto/build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/ca-certificates.crt
  CApath: none]
15:56:41 lr_yum_download_repomd: repomd.xml download was unsuccessful

This can be fixed copying "ca-certificates.crt" inside the provided
directory (manually):

$ cp /etc/ssl/certs/ca-certificates.crt
/home/yocto/yocto/build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/

I assume "ca-certificates.crt" file should be already included in that
path.

Is this a bug related with curl or ca-certificates recipe? What should be
the right way to fix it?

Thank you in advance.

Kind regards,
  -- Ivan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20180508/264ac230/attachment.html>

More information about the yocto mailing list