Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)

Reply: FreeBSD User : "Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)"
In reply to: FreeBSD User : "poudriere overlay: passing down git ENV variables (problem: self signed certificates)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Gmelin <grembo_at_freebsd.org>
Date: Wed, 03 Aug 2022 12:27:04 UTC


On Wed, 3 Aug 2022 12:38:26 +0200
FreeBSD User <freebsd@walstatt-de.de> wrote:

> Hello,
> 
> I try to acconplish tasks in maintaining ports via poudriere-devel's
> OVERLAY option. First of all:
> 
> it is a pain in the a... not having ANY suitable hint how to perform
> this, a single line like that I found after a couple of hours
> searching here: https://github.com/decke/ports would have been of
> help, really.
> 
> So, I'm facing the all-time-present problem of having my own git
> server based on HTTPS with self signed certificate. git rejects
> connecting to those servers in the default configuration setting.
> Usually, I've to set via git config http.sslVerify false
> to not verify the certificate. 
> Following the instructions given at https://github.com/decke/ports
> with my existing poudriere setup incorporating a ports folder,
> adjusting the URI with the one appropriate for my case, like:
> 
> env GIT_NO_SSL_VERIFY=true poudriere ports -c -U
> https://myname@my.server.de/git/ports.git -m "git+https" -B master -p
> ov-freebsd 
> 
> fails with the well known "... problem: self signed certificate".
> 
> Obviously poudriere is spawning its own environment within git
> operates (so it seems to me) and is not passing the given environment
> variable  GIT_NO_SSL_VERIFY=true  down to git.
> 
> Now, I'm stuck here. I tried, anticpating that the "overlay port's
> folder" will be located at the same root as my "head" foleder for the
> port's collection will be rooted at, creating an folder "ov-freebsd"
> and creating the .git folder and config file with git init --bare
> ov-freebsd and then manually config this according to the
> specifications given by the initial poudriere command as seen above -
> does NOT WORK. It seems git is called to early or never access the
> given preexisting folder - or I'm wrong in the assumption of the
> location of the overlay folder.
> 
> Also, checking out the "personal" git repo at the anticipated correct
> location and configuring "http.sslVerify false" does not succeed as
> expected.
> 
> I guess this problem must be very common amongst those having their
> own git repository servers backed via a webserver secured via SSL
> self signed certificates, so I wonder whether there is a solution or
> not.
> 
> Can someone enlighten my? How can I pass the specified env varibale
> down poudriere to git to achive the desired task? Assuming this
> procedure is correct. If not, what is the proper way to achive that
> task?
> 

If you read /usr/local/bin/poudriere you see that it filters the
environment. So neither GIT_NO_SSL_VERIFY will come through, nor HOME
(which also means that git can't read $HOME/.gitconfig).

The pragmatic solution would be to create a git wrapper script and tell
poudriere to use it:

cat >/tmp/git_wrap <<EOF
#!/bin/sh
GIT_NO_SSL_VERIFY=true git "$@"
EOF
chmod 755 /tmp/git_wrap
echo GIT_CMD=/tmp/wrap >>/usr/local/etc/poudriere.conf

Cheers
Michael

-- 
Michael Gmelin