Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)

From: Michael Gmelin <>
Date: Wed, 03 Aug 2022 12:27:04 UTC

On Wed, 3 Aug 2022 12:38:26 +0200
FreeBSD User <> wrote:

> Hello,
> I try to acconplish tasks in maintaining ports via poudriere-devel's
> OVERLAY option. First of all:
> it is a pain in the a... not having ANY suitable hint how to perform
> this, a single line like that I found after a couple of hours
> searching here: would have been of
> help, really.
> So, I'm facing the all-time-present problem of having my own git
> server based on HTTPS with self signed certificate. git rejects
> connecting to those servers in the default configuration setting.
> Usually, I've to set via git config http.sslVerify false
> to not verify the certificate. 
> Following the instructions given at
> with my existing poudriere setup incorporating a ports folder,
> adjusting the URI with the one appropriate for my case, like:
> env GIT_NO_SSL_VERIFY=true poudriere ports -c -U
> -m "git+https" -B master -p
> ov-freebsd 
> fails with the well known "... problem: self signed certificate".
> Obviously poudriere is spawning its own environment within git
> operates (so it seems to me) and is not passing the given environment
> variable  GIT_NO_SSL_VERIFY=true  down to git.
> Now, I'm stuck here. I tried, anticpating that the "overlay port's
> folder" will be located at the same root as my "head" foleder for the
> port's collection will be rooted at, creating an folder "ov-freebsd"
> and creating the .git folder and config file with git init --bare
> ov-freebsd and then manually config this according to the
> specifications given by the initial poudriere command as seen above -
> does NOT WORK. It seems git is called to early or never access the
> given preexisting folder - or I'm wrong in the assumption of the
> location of the overlay folder.
> Also, checking out the "personal" git repo at the anticipated correct
> location and configuring "http.sslVerify false" does not succeed as
> expected.
> I guess this problem must be very common amongst those having their
> own git repository servers backed via a webserver secured via SSL
> self signed certificates, so I wonder whether there is a solution or
> not.
> Can someone enlighten my? How can I pass the specified env varibale
> down poudriere to git to achive the desired task? Assuming this
> procedure is correct. If not, what is the proper way to achive that
> task?

If you read /usr/local/bin/poudriere you see that it filters the
environment. So neither GIT_NO_SSL_VERIFY will come through, nor HOME
(which also means that git can't read $HOME/.gitconfig).

The pragmatic solution would be to create a git wrapper script and tell
poudriere to use it:

cat >/tmp/git_wrap <<EOF
GIT_NO_SSL_VERIFY=true git "$@"
chmod 755 /tmp/git_wrap
echo GIT_CMD=/tmp/wrap >>/usr/local/etc/poudriere.conf


Michael Gmelin