yocto.lists.yoctoproject.org archive mirror
 help / color / mirror / Atom feed
* How to add missing ca-certificates to truststore in older version of yocto?
@ 2023-03-27 16:36 Sourabh Hegde
  2023-03-27 18:27 ` [yocto] " Ross Burton
  0 siblings, 1 reply; 5+ messages in thread
From: Sourabh Hegde @ 2023-03-27 16:36 UTC (permalink / raw)
  To: yocto

[-- Attachment #1: Type: text/plain, Size: 685 bytes --]

Hello,

i am working with "Morty" release of yocto. Due to organizational reasons we still have to use "Morty" but will be upgraded soon.
But, there are some certificates missing in the OpenSSL truststore. Now, I would like to add them to the image during build. Certificates are mainly for Amazon services (Amazon_Root_CAs). I beleive this can be done with ca-certificates_%.bbappend. I would like to know how will the .crt files be converted to .pem format and also how will ca-certficates.crt file will be updated in /etc/ssl/certs/ dir? The recipe is http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb?h=morty

[-- Attachment #2: Type: text/html, Size: 701 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [yocto] How to add missing ca-certificates to truststore in older version of yocto?
  2023-03-27 16:36 How to add missing ca-certificates to truststore in older version of yocto? Sourabh Hegde
@ 2023-03-27 18:27 ` Ross Burton
  2023-03-27 18:37   ` Sourabh Hegde
  0 siblings, 1 reply; 5+ messages in thread
From: Ross Burton @ 2023-03-27 18:27 UTC (permalink / raw)
  To: hrsourabh011; +Cc: yocto

If the certificates are in newer releases of the ca-certificates store, then upgrading the recipe will be easiest.  As you see from the filename, the certificates in morty are from 2016.  Take the latest release that is in langdale and you’ll have all the newer certs.

Ross

> On 27 Mar 2023, at 17:36, Sourabh Hegde via lists.yoctoproject.org <hrsourabh011=gmail.com@lists.yoctoproject.org> wrote:
> 
> Hello,
> 
> i am working with "Morty" release of yocto. Due to organizational reasons we still have to use "Morty" but will be upgraded soon.
> But, there are some certificates missing in the OpenSSL truststore. Now, I would like to add them to the image during build. Certificates are mainly for Amazon services (Amazon_Root_CAs). I beleive this can be done with ca-certificates_%.bbappend. I would like to know how will the .crt files be converted to .pem format and also how will ca-certficates.crt file will be updated in /etc/ssl/certs/ dir? The recipe is http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb?h=morty 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#59529): https://lists.yoctoproject.org/g/yocto/message/59529
> Mute This Topic: https://lists.yoctoproject.org/mt/97886388/6875888
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [ross.burton@arm.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: How to add missing ca-certificates to truststore in older version of yocto?
  2023-03-27 18:27 ` [yocto] " Ross Burton
@ 2023-03-27 18:37   ` Sourabh Hegde
  2023-03-30 12:06     ` [yocto] " Ross Burton
  0 siblings, 1 reply; 5+ messages in thread
From: Sourabh Hegde @ 2023-03-27 18:37 UTC (permalink / raw)
  To: yocto

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

Thanks Ross for quick update.
I had the same approach.

But will there be any dependency issues while installing new certificates?

[-- Attachment #2: Type: text/html, Size: 147 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [yocto] How to add missing ca-certificates to truststore in older version of yocto?
  2023-03-27 18:37   ` Sourabh Hegde
@ 2023-03-30 12:06     ` Ross Burton
  2023-03-31 12:05       ` Sourabh Hegde
  0 siblings, 1 reply; 5+ messages in thread
From: Ross Burton @ 2023-03-30 12:06 UTC (permalink / raw)
  To: hrsourabh011; +Cc: yocto

On 27 Mar 2023, at 19:37, Sourabh Hegde via lists.yoctoproject.org <hrsourabh011=gmail.com@lists.yoctoproject.org> wrote:
> 
> Thanks Ross for quick update.
> I had the same approach.
> 
> But will there be any dependency issues while installing new certificates? 

I doubt it.

Ross



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: How to add missing ca-certificates to truststore in older version of yocto?
  2023-03-30 12:06     ` [yocto] " Ross Burton
@ 2023-03-31 12:05       ` Sourabh Hegde
  0 siblings, 0 replies; 5+ messages in thread
From: Sourabh Hegde @ 2023-03-31 12:05 UTC (permalink / raw)
  To: yocto

[-- Attachment #1: Type: text/plain, Size: 37 bytes --]

Okay, it worked fine.
Thanks again

[-- Attachment #2: Type: text/html, Size: 41 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-31 12:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-27 16:36 How to add missing ca-certificates to truststore in older version of yocto? Sourabh Hegde
2023-03-27 18:27 ` [yocto] " Ross Burton
2023-03-27 18:37   ` Sourabh Hegde
2023-03-30 12:06     ` [yocto] " Ross Burton
2023-03-31 12:05       ` Sourabh Hegde

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).