[Buildroot] [PATCH for-2021.08.x] support/docker: remove expired mozilla/DST_Root_CA_X3.crt
Romain Naour
romain.naour at gmail.com
Sat Nov 20 13:44:18 UTC 2021
Hello Peter, Yann,
Le 20/11/2021 à 09:50, Yann E. MORIN a écrit :
> Peter, Romain, All,
>
> On 2021-11-18 13:22 +0100, Peter Korsgaard spake thusly:
>>>>>>> "Romain" == Romain Naour <romain.naour at gmail.com> writes:
>> >> > https://stackoverflow.com/questions/69408776/how-to-force-older-debian-to-forget-about-dst-root-ca-x3-expiration-and-use-isrg
>> >> > Signed-off-by: Romain Naour <romain.naour at gmail.com>
>> >> > Cc: Yann E. MORIN <yann.morin.1998 at free.fr>
>> >> > ---
>> >> > Backport this patch for 2021.08.x and 2021.02.x using buildroot/base:20200814.2228
>> >>
>> >> How does this actually work? Who builds that container? Do we not need
>> >> a corresponding update of .gitlab-ci.yml then?
>>
>> > Well, usually it's Arnout or Yann that build and push containers to dockerhub.
>> > On master we recently switched to gitlab registry, so maintainers and developers
>> > of Buildroot gitlab project can update containers.
>>
>> > The .gitlab-ci.yml is changed as soon as the container is rebuild using the
>> > updated Dockerfile (after the commit of Dockerfile change).
>>
>> Ok, so all manually.
>>
>> >> 2021-11-18 09:20:10 (16.5 MB/s) - 'aarch64--glibc--bleeding-edge-2020.08-1.tar.bz2' saved [127456563/127456563]
>> >>
>> > Indeed but we may introduce some (unlikely) regression in the testsuite.
>>
>> If there are regressions, then it would be better to handle them as
>> people might run into the same issues. Debian 9 is old, no matter if we
>> look at the 2017 snapshot or the last bugfix (2020), so I testing
>> against that might be the best solution?
>
> I was not sure Stretch was still maintained (I did not even check), but
> now I tested the stretch-20211115 snapshot, and indeed the certificate
> issue is no longer.
>
> The risk of regressioni if we update is very low, because Debian really
> is stable; after 4 years of maintenance, there is not many things that
> move anymore.
>
> So I agree that updating to the latest stretch image is better than
> hacking our ways by removing some certificate.
OK, can you update the docker image ?
Best regards,
Romain
>
> Regards,
> Yann E. MORIN.
>
More information about the buildroot
mailing list