From 00f4e6ed8be39b0d96d8920e69d17f4f03e09915 Mon Sep 17 00:00:00 2001 From: Lars Karlitski Date: Fri, 19 Jul 2019 02:17:57 +0200 Subject: [PATCH] osbuild-run: generate /etc/pki/tls/certs/ca-bundle.crt There's no need to bind mount the full /etc/pki from the host. This file can be generated from /usr. --- osbuild-run | 7 +++++++ samples/base.json | 1 - test/1-create-base.json | 1 - test/4-all.json | 1 - 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/osbuild-run b/osbuild-run index c05a67f7..641270b9 100755 --- a/osbuild-run +++ b/osbuild-run @@ -1,5 +1,6 @@ #!/usr/bin/python3 +import os import subprocess import sys @@ -14,6 +15,12 @@ except subprocess.CalledProcessError as error: sys.stderr.write(error.stdout) sys.exit(1) +# generate /etc/pki/tls/certs/ca-bundle.crt +os.makedirs("/etc/pki/ca-trust/extracted/pem") +os.makedirs("/etc/pki/tls/certs") +os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt") +subprocess.run(["update-ca-trust"]) + # Allow systemd-tmpfiles to return non-0. Some packages want to create # directories owned by users that are not set up with systemd-sysusers. subprocess.run(["systemd-tmpfiles", "--create"]) diff --git a/samples/base.json b/samples/base.json index eb19c34b..ba71fe2e 100644 --- a/samples/base.json +++ b/samples/base.json @@ -3,7 +3,6 @@ "stages": [ { "name": "io.weldr.dnf", - "systemResourcesFromEtc": ["/etc/pki"], "options": { "releasever": "30", "repos": { diff --git a/test/1-create-base.json b/test/1-create-base.json index eb19c34b..ba71fe2e 100644 --- a/test/1-create-base.json +++ b/test/1-create-base.json @@ -3,7 +3,6 @@ "stages": [ { "name": "io.weldr.dnf", - "systemResourcesFromEtc": ["/etc/pki"], "options": { "releasever": "30", "repos": { diff --git a/test/4-all.json b/test/4-all.json index c6fd5641..523cc77f 100644 --- a/test/4-all.json +++ b/test/4-all.json @@ -3,7 +3,6 @@ "stages": [ { "name": "io.weldr.dnf", - "systemResourcesFromEtc": ["/etc/pki"], "options": { "releasever": "30", "repos": {