FYI issue reported to CBL-mariner: tdnf cannot install ca-certificates due to certificate error

Question

FYI issue reported to CBL-mariner: tdnf cannot install ca-certificates due to certificate error

KarelChanivecky opened this issue 4 months ago · comments

KarelChanivecky commented 4 months ago

Windows build number:

n/a

Your Distribution version:

n/a

Your WSL versions:

n/a

Steps to reproduce:

I wasn't sure how to link a bug I created elsewhere to here, but I thought your team should know about this report I just submitted to CBL-mariner. There is a detailed description there:
microsoft/azurelinux#8593

In a few words, I suspect that a CA issuer in the chain for packages.microsoft.com has changed, and this has not been reflected in the base distro yet. Thus, one cannot build WSLg. The change must have happened within the last 3 weeks because it was previously working.

WSL logs:

No response

WSL dumps:

No response

Expected behavior:

No response

Actual behavior:

n/a

Pawel Winogrodzki · Answer 1 · Tue Apr 02 2024 07:51:52 GMT+0800 (China Standard Time)

After a quick look, it seem that the Dockerfile is using the 2.0.20231130 version of Azure Linux, which does not contain the updated set of trusted CAs. That includes the CAs, which issued PMC's new certificates and that's causing the issue. New certs are available starting from the 2.0.20240112 version.

I think a fix would be to update the Dockerfile. @hideyukn88, what do you think?

Workaround

Manually update Dockerfile to use a newer Azure Linux image.

Hideyuki Nagase · Answer 2 · Wed Apr 03 2024 00:18:43 GMT+0800 (China Standard Time)

@KarelChanivecky, thanks for reporting the issue. @PawelWMS, yes, that sounds good, I will make that change, thanks!