FYI issue reported to CBL-mariner: tdnf cannot install ca-certificates due to certificate error
KarelChanivecky opened this issue · comments
Windows build number:
n/a
Your Distribution version:
n/a
Your WSL versions:
n/a
Steps to reproduce:
I wasn't sure how to link a bug I created elsewhere to here, but I thought your team should know about this report I just submitted to CBL-mariner. There is a detailed description there:
microsoft/azurelinux#8593
In a few words, I suspect that a CA issuer in the chain for packages.microsoft.com has changed, and this has not been reflected in the base distro yet. Thus, one cannot build WSLg. The change must have happened within the last 3 weeks because it was previously working.
WSL logs:
No response
WSL dumps:
No response
Expected behavior:
No response
Actual behavior:
n/a
After a quick look, it seem that the Dockerfile is using the 2.0.20231130 version of Azure Linux, which does not contain the updated set of trusted CAs. That includes the CAs, which issued PMC's new certificates and that's causing the issue. New certs are available starting from the 2.0.20240112 version.
I think a fix would be to update the Dockerfile. @hideyukn88, what do you think?
Workaround
Manually update Dockerfile
to use a newer Azure Linux image.
@KarelChanivecky, thanks for reporting the issue. @PawelWMS, yes, that sounds good, I will make that change, thanks!