From f9b69c94bccc90e9dcf78c901a277c5fcddb679b Mon Sep 17 00:00:00 2001 From: Ophestra Date: Fri, 6 Feb 2026 20:41:58 +0900 Subject: [PATCH] internal/rosa/ssl: prefix CA paths This makes prefixes consistent with everything else since this will end up in the final Rosa OS image. Signed-off-by: Ophestra --- internal/rosa/curl.go | 1 + internal/rosa/ssl.go | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/internal/rosa/curl.go b/internal/rosa/curl.go index ae53885..c2022ca 100644 --- a/internal/rosa/curl.go +++ b/internal/rosa/curl.go @@ -17,6 +17,7 @@ func (t Toolchain) newCurl() pkg.Artifact { }, Configure: [][2]string{ {"with-openssl"}, + {"with-ca-bundle", "/system/etc/ssl/certs/ca-bundle.crt"}, }, ScriptConfigured: ` make "-j$(nproc)" diff --git a/internal/rosa/ssl.go b/internal/rosa/ssl.go index 7d53abc..997411c 100644 --- a/internal/rosa/ssl.go +++ b/internal/rosa/ssl.go @@ -71,14 +71,14 @@ func (t Toolchain) newNSSCACert() pkg.Artifact { t.Load(NSS), t.Load(buildcatrust), }, nil, nil, ` -mkdir -p /work/etc/ssl/{certs/unbundled,certs/hashed,trust-source} +mkdir -p /work/system/etc/ssl/{certs/unbundled,certs/hashed,trust-source} buildcatrust \ --certdata_input /system/nss/certdata.txt \ - --ca_bundle_output /work/etc/ssl/certs/ca-bundle.crt \ - --ca_standard_bundle_output /work/etc/ssl/certs/ca-no-trust-rules-bundle.crt \ - --ca_unpacked_output /work/etc/ssl/certs/unbundled \ - --ca_hashed_unpacked_output /work/etc/ssl/certs/hashed \ - --p11kit_output /work/etc/ssl/trust-source/ca-bundle.trust.p11-kit + --ca_bundle_output /work/system/etc/ssl/certs/ca-bundle.crt \ + --ca_standard_bundle_output /work/system/etc/ssl/certs/ca-no-trust-rules-bundle.crt \ + --ca_unpacked_output /work/system/etc/ssl/certs/unbundled \ + --ca_hashed_unpacked_output /work/system/etc/ssl/certs/hashed \ + --p11kit_output /work/system/etc/ssl/trust-source/ca-bundle.trust.p11-kit `) } func init() { artifactsF[NSSCACert] = Toolchain.newNSSCACert }