[yocto] Native curl and SSL CA certificates
Iván Castell
icastell at nayarsystems.com
Tue May 8 07:55:54 PDT 2018
Hello forum.
Using the "rocko" branch. The SSL CA certificates "ca-certificates.crt"
don't appear inside this directory:
build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/
That generates issues when trying to build images that use a https
repository of rpm packages:
This is the repository configuration included:
$ yocto-adv-rpm.repo
[yocto-adv-rpm]
name=Rocko Yocto Repo
baseurl=https://storage.googleapis.com/my_repo/
gpgkey=https://storage.googleapis.com/my_repo/PACKAGEFEED-GPG-KEY-rocko
enabled=1
gpgcheck=1
This repository configuration doesn't work fine. When I try to build
"myimage" recipe, I always get this error:
ERROR: myimage-1.0-r0 do_rootfs: [log_check] myimage: found 1 error message
in the logfile:
[log_check] Failed to synchronize cache for repo 'yocto-adv-rpm', disabling.
ERROR: myimage-1.0-r0 do_rootfs: Function failed: do_rootfs
ERROR: Logfile of failure stored in:
/home/yocto/yocto/build/tmp/work/machine-poky-linux/myimage/1.0-r0/temp/log.do_rootfs.731
ERROR: Task
(/home/yocto/yocto/sources/meta-mylayer/recipes-images/myimage.bb:do_root
I found some relevant information inside this file:
yocto/build/tmp/work/machine-poky-linux/myimage/1.0-r0/temp/dnf.librepo.log
The relevant part:
15:56:41 lr_download: Downloading started
15:56:41 check_transfer_statuses: Transfer finished: repodata/repomd.xml
(Effective url: https://storage.googleapis.com/my_repo/repodata/repomd.xml)
15:56:41 check_finished_transfer_status: Fatal error - Curl code (77):
Problem with the SSL CA cert (path? access rights?) for
https://storage.googleapis.com/my_repo/repodata/repomd.xml [error setting
certificate verify locations:
CAfile:
/home/yocto/yocto/build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/ca-certificates.crt
CApath: none]
15:56:41 lr_yum_download_repomd: repomd.xml download was unsuccessful
This can be fixed copying "ca-certificates.crt" inside the provided
directory (manually):
$ cp /etc/ssl/certs/ca-certificates.crt
/home/yocto/yocto/build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/
I assume "ca-certificates.crt" file should be already included in that
path.
Is this a bug related with curl or ca-certificates recipe? What should be
the right way to fix it?
Thank you in advance.
Kind regards,
-- Ivan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20180508/264ac230/attachment.html>
More information about the yocto
mailing list