From 3c7a51f8c7c814954fbedb74d366bb0dfc4cb13b Mon Sep 17 00:00:00 2001 From: Alexander Martinz Date: Tue, 21 Jun 2022 18:23:56 +0200 Subject: [PATCH] Upgrade ca-certificates when creating container Xenial's ca-certificates is outdated and needs to be updated or websites using Let's encrypt will not be reachable. This will break building certain packages which fetch from such websites, like bluez: ----- Installing arm64 (host amd64) build dependencies for bluez in container bluez-usdk-16-04-amd64-arm64-dev. Downloading upstream source tarball of bluez in container to bluez_5.42+ubports5.orig.tar.xz. --2022-06-21 16:17:11-- http://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz Resolving www.kernel.org (www.kernel.org)... 145.40.68.75, 2604:1380:4601:e00::1 Connecting to www.kernel.org (www.kernel.org)|145.40.68.75|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz [following] --2022-06-21 16:17:12-- https://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz Connecting to www.kernel.org (www.kernel.org)|145.40.68.75|:443... connected. ERROR: cannot verify www.kernel.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US': Issued certificate has expired. To connect to www.kernel.org insecurely, use `--no-check-certificate'. ----- Explicitly add ca-certificate to the list of packages to install to force it to be upgraded to the latest version. Signed-off-by: Alexander Martinz --- crossbuilder | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crossbuilder b/crossbuilder index a317f1f..3fb45e0 100755 --- a/crossbuilder +++ b/crossbuilder @@ -506,7 +506,7 @@ APT::Periodic::Unattended-Upgrade \"0\";\n\ exec_container_root "add-apt-repository -y $EXTRA_REPO" done exec_container_root apt update - exec_container_root apt install -y sudo debhelper ccache software-properties-common devscripts equivs qemu-user-static + exec_container_root apt install -y sudo debhelper ccache software-properties-common devscripts equivs qemu-user-static ca-certificates exec_container_root adduser $USERNAME sudo # set empty password for the user exec_container_root passwd --delete $USERNAME