Fix private cert issues discovered in manual testing #654
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Simplifies the container image and makes it easier to follow what is going on.
Allows to pull from servers using a public cert as well.
michaelsauter
changed the title
henrjk
reviewed
Feb 8, 2023
| CONTENT+="systemProp.javax.net.ssl.trustStore=.ods-cache/keystore/cacerts\n" | ||
| CONTENT+="systemProp.javax.net.ssl.trustStorePassword=password\n" | ||
| truststore_location="$(pwd)/.ods-cache/truststore/cacerts" | ||
| truststore_pass="changeit" |
There was a problem hiding this comment.
I think I am lost, where does this truststore_pass ultimately come from?
There was a problem hiding this comment.
That's the default in the UBI image .... it is never actually "changed".
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a follow-up from #648. To make it easier to test #648 manually, we merged that before doing manual testing.
The issues addressed in this PR were not picked up in automated tests because:
-private-certis given, the tests clone from a server using the test private cert, but in manual testing the server was using a public cert (and only Nexus/SQ were using private certs). While debugging this issue I replaced the usage of Tekton'sgit-initwith plain git, making it easier to debug what is going on and removing a dependency in the container image that is not really needed.md5binary, and themd5sumbinary in the UBI images behaves differently than expected, I got that mixed up when I triedmd5sumlocally in an UBI image earlier.Tasks:
docs/designdirectory or not applicabledocsdirectory or not applicablemake test) or not applicable