[Buildroot] [PATCH] utils/genrandconfig: use --no-check-certificate in wget by default

Arnout Vandecappelle arnout at mind.be
Tue Oct 10 21:25:03 UTC 2017



On 10-10-17 22:25, Thomas Petazzoni wrote:
> Hello,
> 
> On Sat,  2 Sep 2017 23:29:38 +0200, Thomas Petazzoni wrote:
>> A number of autobuilder failures are due to the fact that autobuilder
>> instances use old distributions, with old SSL certificates, and
>> therefore wget aborts with an error "The certificate of `xyz.org' is
>> not trusted.".

 I don't understand how this can happen. The autobuilders should all be running
supported (not EOL) distros, right? And in a supported distro, I'd expect
ca-certificates get updated. Otherwise the distro becomes next to useless.

 But I seem to remember that you have a CentOS 5 autobuilder running, and CentOS
5 went EOL on March 31, 2017. So perhaps it's time to switch to CentOS 6?


>> In order to avoid such failures that are not very interesting in the
>> context of the autobuilders

 I think they *are* interesting (not very, but still interesting), because
actual users *will* hit these problems.

>> , we pass --no-check-certificate to
>> wget. The integrity of the downloaded files is anyway verified by the
>> hashes, and this is only meant to be used in the context of
>> testing/CI, not in production.
>>
>> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
> 
> Would it be possible to get some feedback on this patch?
> 
> We recently bump dbus to 1.10.24, and look how the autobuilders are
> "polluted" by this certificate issue:
> http://autobuild.buildroot.net/?reason=dbus-1.10.24.

 But once Peter updates sources.buildroot.org that should be OK again, no?

 Regards,
 Arnout

> 
> We've got two options: either we do it in utils/genrandconfig as
> proposed, or we do it in the autobuild-run script that runs on the
> autobuilder slaves.
> 
> Comments ?
> 
> Thanks,
> 
> Thomas
> 

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF


More information about the buildroot mailing list