search

RPi-Distro / pi-gen

Tool used to create the official Raspberry Pi OS images
BSD 3-Clause "New" or "Revised" License
2.58k stars 1.61k forks source link

Ca-certificates issue on buster docker builds #659

Open mdsketch opened 1 year ago

mdsketch commented 1 year ago

I am having an issue that is fixed by the solution for #424 I'm running a docker build of the Buster branch with a CI job that started failing recently, the fix was to add 40f67ce from the bullseye branch to the buster branch. It now completes fine. It also works if I manually install ca-certificates in the chroot.

If this is a fix then we should add 40f67ce to the buster branch as well. Let me know and I'll open a PR.

error log:

[00:12:42] Begin /pi-gen/stage1/03-install-packages/00-packages
Reading package lists...

Building dependency tree...

Reading state information...

The following additional packages will be installed:
  alsa-utils busybox crda device-tree-compiler initramfs-tools
  initramfs-tools-core iw klibc-utils libasound2 libasound2-data
  libfftw3-single3 libfribidi0 libgomp1 libklibc libnewt0.52 libnl-3-200
  libnl-genl-3-200 libparted2 libsamplerate0 libslang2 linux-base lua5.1
  parted pigz psmisc triggerhappy whiptail wireless-regdb
Suggested packages:
  bash-completion libasound2-plugins libfftw3-bin libfftw3-dev libparted-dev
  libparted-i18n parted-doc
The following NEW packages will be installed:
  alsa-utils busybox crda device-tree-compiler initramfs-tools
  initramfs-tools-core iw klibc-utils libasound2 libasound2-data
  libfftw3-single3 libfribidi0 libgomp1 libklibc libnewt0.52 libnl-3-200
  libnl-genl-3-200 libparted2 libraspberrypi-bin libraspberrypi0
  libsamplerate0 libslang2 linux-base lua5.1 parted pigz psmisc raspi-config
  triggerhappy whiptail wireless-regdb
0 upgraded, 31 newly installed, 0 to remove and 0 not upgraded.
Need to get 6797 kB of archives.
After this operation, 18.3 MB of additional disk space will be used.
Get:1 http://archive.raspberrypi.org/debian buster/main armhf libasound2-data all 1.1.8-1+rpt2 [60.0 kB]
Get:3 http://archive.raspberrypi.org/debian buster/main armhf libasound2 armhf 1.1.8-1+rpt2 [303 kB]
Get:5 http://archive.raspberrypi.org/debian buster/main armhf alsa-utils armhf 1.1.8-2+rpt1 [1010 kB]
Err:2 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf pigz armhf 2.4-1
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:7 http://archive.raspberrypi.org/debian buster/main armhf wireless-regdb all 2018.05.09-0~rpt1 [11.8 kB]
Get:8 http://archive.raspberrypi.org/debian buster/main armhf libraspberrypi0 armhf 1:1.20220308~buster-1 [847 kB]
Err:4 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libslang2 armhf 2.3.2-2
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:9 http://archive.raspberrypi.org/debian buster/main armhf libraspberrypi-bin armhf 1:1.20220308~buster-1 [342 kB]
Get:10 http://archive.raspberrypi.org/debian buster/main armhf raspi-config all 20210212 [28.0 kB]
Err:6 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libnewt0.52 armhf 0.52.20-8
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:11 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf whiptail armhf 0.52.20-8
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:12 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf libgomp1 armhf 8.3.0-6+rpi1 [64.3 kB]
Err:13 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libfftw3-single3 armhf 3.3.8-2
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:14 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libsamplerate0 armhf 0.1.9-2
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:15 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf busybox armhf 1:1.30.1-4
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:16 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libnl-3-200 armhf 3.4.0-1
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:17 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libnl-genl-3-200 armhf 3.4.0-1
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:18 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf iw armhf 5.0.1-1
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:19 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf crda armhf 3.18-1
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Err:20 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf device-tree-compiler armhf 1.4.7-4
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:21 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf libklibc armhf 2.0.6-1+rpi1+deb10u1 [52.8 kB]
Get:22 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf klibc-utils armhf 2.0.6-1+rpi1+deb10u1 [87.1 kB]
Get:23 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf initramfs-tools-core all 0.133+deb10u1 [99.2 kB]
Err:24 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf linux-base all 4.6
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:25 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf initramfs-tools all 0.133+deb10u1 [69.7 kB]
Get:26 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf libfribidi0 armhf 1.0.5-3.1+deb10u2 [62.5 kB]
Err:27 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf libparted2 armhf 3.2-25
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:28 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf lua5.1 armhf 5.1.5-8.1+b1 [75.5 kB]
Err:29 https://mirrors.switch.ca/raspbian/raspbian buster/main armhf parted armhf 3.2-25
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
Get:30 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf psmisc armhf 23.2-1+deb10u1 [121 kB]
Get:31 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf triggerhappy armhf 0.5.0-1 [29.5 kB]
WFetched 3264 kB in 7s (455 kB/s)
: https://mirrors.switch.ca/raspbian/raspbian/pool/main/p/pigz/pigz_2.4-1_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/s/slang2/libslang2_2.3.2-2_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/n/newt/libnewt0.52_0.52.20-8_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/n/newt/whiptail_0.52.20-8_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/f/fftw3/libfftw3-single3_3.3.8-2_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/libs/libsamplerate/libsamplerate0_0.1.9-2_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/b/busybox/busybox_1.30.1-4_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/libn/libnl3/libnl-3-200_3.4.0-1_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/libn/libnl3/libnl-genl-3-200_3.4.0-1_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/i/iw/iw_5.0.1-1_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/c/crda/crda_3.18-1_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/d/device-tree-compiler/device-tree-compiler_1.4.7-4_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/l/linux-base/linux-base_4.6_all.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/p/parted/libparted2_3.2-25_armhf.deb: No system certificates available. Try installing ca-certificates.
W: https://mirrors.switch.ca/raspbian/raspbian/pool/main/p/parted/parted_3.2-25_armhf.deb: No system certificates available. Try installing ca-certificates.
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/p/pigz/pigz_2.4-1_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/s/slang2/libslang2_2.3.2-2_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/n/newt/libnewt0.52_0.52.20-8_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/n/newt/whiptail_0.52.20-8_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/f/fftw3/libfftw3-single3_3.3.8-2_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/libs/libsamplerate/libsamplerate0_0.1.9-2_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/b/busybox/busybox_1.30.1-4_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/libn/libnl3/libnl-3-200_3.4.0-1_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/libn/libnl3/libnl-genl-3-200_3.4.0-1_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/i/iw/iw_5.0.1-1_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/c/crda/crda_3.18-1_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/d/device-tree-compiler/device-tree-compiler_1.4.7-4_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/l/linux-base/linux-base_4.6_all.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/p/parted/libparted2_3.2-25_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Failed to fetch https://mirrors.switch.ca/raspbian/raspbian/pool/main/p/parted/parted_3.2-25_armhf.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 209.115.181.106 443]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?