Building behind a firewall.
48 views
Skip to first unread message
Bruce Ferjulian
May 27, 2015, 2:35:33 PM5/27/15
to coreo...@googlegroups.com
Everything worked great at home, not at work behind a firewall with a CISCO Ironport Filter I can no longer build.
+ exec /home/builder/chromite/bin/cros_sdk -- /home/builder/trunk/src/scripts/build_image
Attempting download: https://commondatastorage.googleapis.com/builds.developer.core-os.net/sdk/amd64/681.0.0/coreos-sdk-amd64-681.0.0.tar.bz2
14:27:50: ERROR: Download failed with certificate error? Try "sudo c_rehash".
So the question(s) are.
1. Can the fetch ( wget, curl, etc ) be turned off during the build to just work with what's there and not try to update itself?
2. Can the fetch me tailored to use ( http ) instead of ( https )?
-Bruce-
+ exec /home/builder/chromite/bin/cros_sdk -- /home/builder/trunk/src/scripts/build_image
Attempting download: https://commondatastorage.googleapis.com/builds.developer.core-os.net/sdk/amd64/681.0.0/coreos-sdk-amd64-681.0.0.tar.bz2
14:27:50: ERROR: Download failed with certificate error? Try "sudo c_rehash".
So the question(s) are.
1. Can the fetch ( wget, curl, etc ) be turned off during the build to just work with what's there and not try to update itself?
2. Can the fetch me tailored to use ( http ) instead of ( https )?
-Bruce-
Bruce Ferjulian
Aug 4, 2015, 5:10:37 PM8/4/15
to CoreOS Dev
I tried these two tricks which did not help.
echo insecure > ~/.curlrc
echo check_certificate=off >> ~/.wgetrc
echo insecure > ~/.curlrc
echo check_certificate=off >> ~/.wgetrc
Michael Marineau
Aug 4, 2015, 5:22:38 PM8/4/15
to coreos-dev
To create the SDK with a previously downloaded tarball you can specify
a local path: ./cros_sdk --url
file:///home/builder/.cache/sdks/coreos-sdk-amd64-745.1.0.tar.bz2
Many other downloads are over http instead of https but that is likely
to change in the future, when that happens we'll need to add an option
to easily add the CA cert of the firewall that is hijacking
connections.
a local path: ./cros_sdk --url
file:///home/builder/.cache/sdks/coreos-sdk-amd64-745.1.0.tar.bz2
Many other downloads are over http instead of https but that is likely
to change in the future, when that happens we'll need to add an option
to easily add the CA cert of the firewall that is hijacking
connections.
Bruce Ferjulian
Aug 5, 2015, 8:38:36 AM8/5/15
to CoreOS Dev
Thank you for the reply.
I did make some progress after using "strace" to see where all this was failing. Seems the two resource files that I modified to ignore the certificate checking ( .wgetrc && .curlrc ) were failing not in the regular user but the root user. When I also updated the resource files for the "root" user, I could proceed.
echo insecure > /root/.curlrc
echo check_certificate=off >> /root/.wgetrc
I did make some progress after using "strace" to see where all this was failing. Seems the two resource files that I modified to ignore the certificate checking ( .wgetrc && .curlrc ) were failing not in the regular user but the root user. When I also updated the resource files for the "root" user, I could proceed.
echo insecure > /root/.curlrc
echo check_certificate=off >> /root/.wgetrc
Reply all
Reply to author
Forward
0 new messages