From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: buildroot@buildroot.org, Sourabh Hegde <hrsourabh011@gmail.com>
Subject: Re: [Buildroot] Updating trust store using update-ca-certificates
Date: Sat, 18 Feb 2023 15:21:15 +0100 [thread overview]
Message-ID: <20230218142115.GC2718518@scaer> (raw)
In-Reply-To: <20230218141937.60c307f7@windsurf>
Thomas, All,
On 2023-02-18 14:19 +0100, Thomas Petazzoni via buildroot spake thusly:
> On Sat, 18 Feb 2023 13:54:15 +0100
> Sourabh Hegde <hrsourabh011@gmail.com> wrote:
> > I was thinking the ca-certificates package will take care of this. Maybe I
> > was wrong.
> > So, how should we add local CA to the trust store in the target?
> I am not sure as I'm not super familiar with that aspect. If what you
> need to do is to call update-ca-certificates during the build, then we
> could potentially build it for the host, and run it as a post-build
> script. Of course, this assumes update-ca-certificates is capable of
> doing its work on a root filesystem that isn't at the root.
>
> Do you have more details about what needs to be done? With more
> details, we could probably give some more useful hints.
I think we just need to split CA_CERTIFICATES_INSTALL_TARGET_CMDS in two:
one part to actually instll the certifcates provided by ca-certificates
itself, and the rest to update the castore with all certificate, as a
target-finalize hook.
I.e. all that starts from "Remove any existing certificates under
/etc/ssl/certs" should be moved to a target-finalize hook.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-02-18 14:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-17 16:15 [Buildroot] Updating trust store using update-ca-certificates Sourabh Hegde
2023-02-18 11:19 ` Thomas Petazzoni via buildroot
2023-02-18 12:54 ` Sourabh Hegde
2023-02-18 13:19 ` Thomas Petazzoni via buildroot
2023-02-18 13:39 ` Sourabh Hegde
2023-02-18 14:21 ` Yann E. MORIN [this message]
2023-02-18 15:32 ` Yann E. MORIN
2023-02-18 15:56 ` Sourabh Hegde
2023-02-18 17:00 ` Sourabh Hegde
2023-02-19 12:53 ` Sourabh Hegde
2023-02-19 13:17 ` Yann E. MORIN
2023-02-20 10:10 ` Sourabh Hegde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230218142115.GC2718518@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=hrsourabh011@gmail.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.