-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix private cert issues discovered in manual testing #654
Conversation
Simplifies the container image and makes it easier to follow what is going on.
Allows to pull from servers using a public cert as well.
CONTENT+="systemProp.javax.net.ssl.trustStore=.ods-cache/keystore/cacerts\n" | ||
CONTENT+="systemProp.javax.net.ssl.trustStorePassword=password\n" | ||
truststore_location="$(pwd)/.ods-cache/truststore/cacerts" | ||
truststore_pass="changeit" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I am lost, where does this truststore_pass ultimately come from?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's the default in the UBI image .... it is never actually "changed".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! 👍
This is a follow-up from #648. To make it easier to test #648 manually, we merged that before doing manual testing.
The issues addressed in this PR were not picked up in automated tests because:
-private-cert
is given, the tests clone from a server using the test private cert, but in manual testing the server was using a public cert (and only Nexus/SQ were using private certs). While debugging this issue I replaced the usage of Tekton'sgit-init
with plain git, making it easier to debug what is going on and removing a dependency in the container image that is not really needed.md5
binary, and themd5sum
binary in the UBI images behaves differently than expected, I got that mixed up when I triedmd5sum
locally in an UBI image earlier.Tasks:
docs/design
directory or not applicabledocs
directory or not applicablemake test
) or not applicable