diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-04-12 23:53:20 +0000 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-04-13 01:08:31 +0000 |
| commit | 4e6c583591c1da7e898254dd33eca5cc04c739a9 (patch) | |
| tree | dae6aaaaac486a428089bf612adbade2c3aec29b /scripts/data | |
| parent | 168afc8354c12bce93f4f916e87580e01ea83f4d (diff) | |
| download | meta-virtualization-4e6c583591c1da7e898254dd33eca5cc04c739a9.tar.gz | |
vcontainer: fix registry login and TLS certificate chain
vcontainer-common.sh:
- Fix docker/podman login hanging silently in daemon mode. The login
command requires interactive stdin for the password prompt, which
the non-interactive daemon-send channel cannot provide. Use
daemon-interactive mode (same as vshell/exec -it) which provides
TTY passthrough via the virtio-serial + socat + expect channel.
ca-certificates bbappend:
- Add Let's Encrypt E8 (ECDSA) and R11 (RSA) intermediate certificates
via a ca-certificates bbappend. Certs are fetched at build time from
letsencrypt.org and installed into the standard CA certificate path.
update-ca-certificates incorporates them into the system CA bundle.
- Some registries (e.g., registry.yocto.io) don't send the full
certificate chain, causing TLS verification to fail with Go programs
(Docker, skopeo, podman) even though the root CAs are present.
vdkr-rootfs-image.bb:
- Add ca-certificates to IMAGE_INSTALL
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'scripts/data')
0 files changed, 0 insertions, 0 deletions