mirror of
https://git.yoctoproject.org/poky
synced 2026-02-15 13:13:02 +01:00
be58b8a46a
To adapt user network enviroment, buildtools should first try to use the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these envs is not set, then use the auto-detected ca file and ca path, and finally use the CA certificates in buildtools. nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work nativesdk-curl don't set default ca file, need SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO also works nativesdk-python3-requests will use cacert.pem under python module certifi by default, need to set REQUESTS_CA_BUNDLE (From OE-Core rev: 0d5f241eee19c0dff9f9f59949485414935edaa2) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
20 lines
779 B
Bash
20 lines
779 B
Bash
# Respect host env GIT_SSL_CAINFO/GIT_SSL_CAPATH first, then auto-detected host cert, then cert in buildtools
|
|
# CAFILE/CAPATH is auto-deteced when source buildtools
|
|
if [ -z "$GIT_SSL_CAINFO" ]; then
|
|
if [ -n "$CAFILE" ];then
|
|
export GIT_SSL_CAINFO="$CAFILE"
|
|
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
|
|
export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
|
|
fi
|
|
fi
|
|
|
|
if [ -z "$GIT_SSL_CAPATH" ]; then
|
|
if [ -n "$CAPATH" ];then
|
|
export GIT_SSL_CAPATH="$CAPATH"
|
|
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
|
|
export GIT_SSL_CAPATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs"
|
|
fi
|
|
fi
|
|
|
|
export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO GIT_SSL_CAPATH"
|