internal/rosa/ssl: prefix CA paths

This makes prefixes consistent with everything else since this will end up in the final Rosa OS image.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/rosa/curl.go

@@ -17,6 +17,7 @@ func (t Toolchain) newCurl() pkg.Artifact {
 		},
 		Configure: [][2]string{
 			{"with-openssl"},
+			{"with-ca-bundle", "/system/etc/ssl/certs/ca-bundle.crt"},
 		},
 		ScriptConfigured: `
 make "-j$(nproc)"

internal/rosa/ssl.go

@@ -71,14 +71,14 @@ func (t Toolchain) newNSSCACert() pkg.Artifact {
 		t.Load(NSS),
 		t.Load(buildcatrust),
 	}, nil, nil, `
-mkdir -p /work/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
+mkdir -p /work/system/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
 buildcatrust \
 	--certdata_input /system/nss/certdata.txt \
-	--ca_bundle_output /work/etc/ssl/certs/ca-bundle.crt \
+	--ca_bundle_output /work/system/etc/ssl/certs/ca-bundle.crt \
-	--ca_standard_bundle_output /work/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
+	--ca_standard_bundle_output /work/system/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
-	--ca_unpacked_output /work/etc/ssl/certs/unbundled \
+	--ca_unpacked_output /work/system/etc/ssl/certs/unbundled \
-	--ca_hashed_unpacked_output /work/etc/ssl/certs/hashed \
+	--ca_hashed_unpacked_output /work/system/etc/ssl/certs/hashed \
-	--p11kit_output /work/etc/ssl/trust-source/ca-bundle.trust.p11-kit
+	--p11kit_output /work/system/etc/ssl/trust-source/ca-bundle.trust.p11-kit
 `)
 }
 func init() { artifactsF[NSSCACert] = Toolchain.newNSSCACert }