Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates)

From: Michael Gmelin <>
Date: Wed, 03 Aug 2022 23:37:24 UTC

> On 4. Aug 2022, at 01:32, Tatsuki Makino <> wrote:
> I looked into this wondering why the poudriere is not blocking the propagation of the value, but the poudriere is not being affected by the value.
> Then, I think that is the reason why we are not getting the results we need :)
> Of course, a better solution would be to set up the verification so that it does not need to be bypassed.
> Regards

The requester might also use a letsencrypt issued cert (using dns01 in case the site it isn’t available publicly).

In theory, a self-signed cert can be more secure if you pin it, but since their approach was ignoring cert verification completely, this level of security probably isn’t what they were going for.


> .
> Michael Gmelin wrote on 2022/08/04 07:58:
>>> Thanks, I simply copy and pasted what the requester used (assuming they already tested that exact value outside of poudriere), since my response was about the mechanics of how to get that variable in and not its name.
>> p.s. I also agree that adding the self signed cert to the trust bundle is preferable to just not checking ssl at all. Git allows configuring these setting per domain by the way. I learned today that there is a service called, which provides a couple of subdomains to simulate various error scenarios, which is quite useful when testing.