diff options
| author | Changqing Li <changqing.li@windriver.com> | 2025-04-15 18:56:07 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-04-24 11:27:06 +0100 |
| commit | 8dcd0f73eb9547b8daacc751141b8531fbbe4bf7 (patch) | |
| tree | e9e3a7154c4e57da68180175261956cc861215eb /meta/recipes-devtools/git | |
| parent | f4d8e84fd9cabe53969be54d7623797fcbb8274d (diff) | |
| download | poky-8dcd0f73eb9547b8daacc751141b8531fbbe4bf7.tar.gz | |
buildtools-tarball: Make buildtools respects host CA certificates
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.
nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work
nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work
nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works
nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE
(From OE-Core rev: 8a7ec52e9b35654bee48cd948c6c34c63db3e265)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/git')
| -rw-r--r-- | meta/recipes-devtools/git/git/environment.d-git.sh | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh index f8e3221510..9c7b5a9251 100644 --- a/meta/recipes-devtools/git/git/environment.d-git.sh +++ b/meta/recipes-devtools/git/git/environment.d-git.sh | |||
| @@ -1,4 +1,19 @@ | |||
| 1 | if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | 1 | # Respect host env GIT_SSL_CAINFO/GIT_SSL_CAPATH first, then auto-detected host cert, then cert in buildtools |
| 2 | export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" | 2 | # CAFILE/CAPATH is auto-deteced when source buildtools |
| 3 | export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO" | 3 | if [ -z "$GIT_SSL_CAINFO" ]; then |
| 4 | if [ -n "$CAFILE" ];then | ||
| 5 | export GIT_SSL_CAINFO="$CAFILE" | ||
| 6 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | ||
| 7 | export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" | ||
| 8 | fi | ||
| 4 | fi | 9 | fi |
| 10 | |||
| 11 | if [ -z "$GIT_SSL_CAPATH" ]; then | ||
| 12 | if [ -n "$CAPATH" ];then | ||
| 13 | export GIT_SSL_CAPATH="$CAPATH" | ||
| 14 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | ||
| 15 | export GIT_SSL_CAPATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs" | ||
| 16 | fi | ||
| 17 | fi | ||
| 18 | |||
| 19 | export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO GIT_SSL_CAPATH" | ||