diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-04-14 11:22:30 +0000 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-04-14 11:26:00 +0000 |
| commit | 47e3829101321fa694627c1b3cf19a28092d1b73 (patch) | |
| tree | 4a08d6ae1eeddda085c5652e976e906908155815 | |
| parent | 43fd5f4d512e5950ec63780214f66a835ffd1294 (diff) | |
| download | meta-virtualization-master.tar.gz | |
The unconditional bbappend to ca-certificates breaks yocto-check-layer
compatibility when the layer is included without 'virtualization' in
DISTRO_FEATURES. Guard both the SRC_URI additions and the do_install
append with a bb.utils.contains check, matching the pattern used by
other bbappends in the layer (busybox, qemu, etc.).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
| -rw-r--r-- | recipes-support/ca-certificates/ca-certificates_%.bbappend | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/recipes-support/ca-certificates/ca-certificates_%.bbappend b/recipes-support/ca-certificates/ca-certificates_%.bbappend index 4f276522..e659f1ed 100644 --- a/recipes-support/ca-certificates/ca-certificates_%.bbappend +++ b/recipes-support/ca-certificates/ca-certificates_%.bbappend | |||
| @@ -1,5 +1,7 @@ | |||
| 1 | # Install Let's Encrypt intermediate certificates (E8/ECDSA, R11/RSA). | 1 | # Install Let's Encrypt intermediate certificates (E8/ECDSA, R11/RSA). |
| 2 | # | 2 | # |
| 3 | # Only active when 'virtualization' is in DISTRO_FEATURES. | ||
| 4 | # | ||
| 3 | # Some container registries (e.g., registry.yocto.io) don't send the | 5 | # Some container registries (e.g., registry.yocto.io) don't send the |
| 4 | # full certificate chain. Go's TLS library (used by Docker, skopeo, | 6 | # full certificate chain. Go's TLS library (used by Docker, skopeo, |
| 5 | # podman) cannot verify the server certificate without the intermediate, | 7 | # podman) cannot verify the server certificate without the intermediate, |
| @@ -11,17 +13,17 @@ | |||
| 11 | # | 13 | # |
| 12 | # Source: https://letsencrypt.org/certificates/ | 14 | # Source: https://letsencrypt.org/certificates/ |
| 13 | 15 | ||
| 14 | SRC_URI += " \ | 16 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', \ |
| 15 | https://letsencrypt.org/certs/2024/e8.pem;name=le-e8;unpack=0 \ | 17 | 'https://letsencrypt.org/certs/2024/e8.pem;name=le-e8;unpack=0 \ |
| 16 | https://letsencrypt.org/certs/2024/r11.pem;name=le-r11;unpack=0 \ | 18 | https://letsencrypt.org/certs/2024/r11.pem;name=le-r11;unpack=0', \ |
| 17 | " | 19 | '', d)}" |
| 18 | SRC_URI[le-e8.sha256sum] = "f2c0dde62e2c90e6332fa55af79ed1a0c41329ad03ecf812bd89817a2fc340a9" | 20 | SRC_URI[le-e8.sha256sum] = "f2c0dde62e2c90e6332fa55af79ed1a0c41329ad03ecf812bd89817a2fc340a9" |
| 19 | SRC_URI[le-r11.sha256sum] = "6c06a45850f93aa6e31f9388f956379d8b4fb7ffca5211b9bab4ad159bdfb7b9" | 21 | SRC_URI[le-r11.sha256sum] = "6c06a45850f93aa6e31f9388f956379d8b4fb7ffca5211b9bab4ad159bdfb7b9" |
| 20 | 22 | ||
| 21 | do_install:append () { | 23 | do_install:append () { |
| 22 | install -d ${D}${datadir}/ca-certificates/letsencrypt | ||
| 23 | for pem in ${UNPACKDIR}/e8.pem ${UNPACKDIR}/r11.pem; do | 24 | for pem in ${UNPACKDIR}/e8.pem ${UNPACKDIR}/r11.pem; do |
| 24 | if [ -f "$pem" ]; then | 25 | if [ -f "$pem" ]; then |
| 26 | install -d ${D}${datadir}/ca-certificates/letsencrypt | ||
| 25 | # ca-certificates expects .crt extension | 27 | # ca-certificates expects .crt extension |
| 26 | base=$(basename "$pem" .pem) | 28 | base=$(basename "$pem" .pem) |
| 27 | install -m 0644 "$pem" ${D}${datadir}/ca-certificates/letsencrypt/lets-encrypt-${base}.crt | 29 | install -m 0644 "$pem" ${D}${datadir}/ca-certificates/letsencrypt/lets-encrypt-${base}.crt |