[v3] automation: Update containers to allow HTTPS access to xenbits

[XEN PATCH v3 3/4] automation: Remove expired root certificates used to be used by let's encrypt

Posted by Anthony PERARD 2 years, 11 months ago

While the Let's Encrypt root certificate ISRG_Root_X1.crt is already
present, openssl seems to still check for the root certificate
DST_Root_CA_X3.crt which has expired. This prevent https connections.

Removing DST_Root_CA_X3 fix the issue.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---

Notes:
    v3:
    - remove change to Debian Jessie containers, as we won't use them with
      HTTPS urls.
    
    v2:
    - remove unneeded changes to CentOS containers

 automation/build/ubuntu/trusty.dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/automation/build/ubuntu/trusty.dockerfile b/automation/build/ubuntu/trusty.dockerfile
index b298a515c6..22e294c20c 100644
--- a/automation/build/ubuntu/trusty.dockerfile
+++ b/automation/build/ubuntu/trusty.dockerfile
@@ -47,3 +47,8 @@ RUN apt-get update && \
         apt-get autoremove -y && \
         apt-get clean && \
         rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \
+    update-ca-certificates
-- 
Anthony PERARD

[XEN PATCH v3 1/4] automation: Use EOL tag for Jessie container
[XEN PATCH v3 2/4] automation: Remove testing on Debian Jessie
[XEN PATCH v3 3/4] automation: Remove expired root certificates used to be used by let's encrypt
[XEN PATCH v3 4/4] automation: Remove non-debug x86_32 build jobs