rust-cross / rust-musl-cross

Docker images for compiling static Rust binaries using musl-cross
MIT License
639 stars 70 forks source link

Install LE R3 cross-signed CA cert #30

Closed dbrgn closed 3 years ago

dbrgn commented 3 years ago

When trying to build this image, I got the following error:

Step 8/20 : RUN cd /tmp &&     curl -Lsq -o musl-cross-make.zip https://github.com/richfelker/musl-cross-make/archive/v0.9.8.zip &&     unzip -q musl-cross-make.zip &&     rm musl-cross-make.zip &
&     mv musl-cross-make-0.9.8 musl-cross-make &&     cp /tmp/config.mak /tmp/musl-cross-make/config.mak &&     cd /tmp/musl-cross-make &&     TARGET=$TARGET make install > /tmp/musl-cross-make.log &&     ln -s /usr/local/musl/bin/$TARGET-strip /usr/local/musl/bin/musl-strip &&     cd /tmp &&     rm -rf /tmp/musl-cross-make /tmp/musl-cross-make.log
 ---> Running in 9838cf3eefcf
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 59.4M  100 59.4M    0     0  15.2M      0  0:00:03  0:00:03 --:--:-- 15.2M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 36159    0 36159    0     0  50352      0 --:--:-- --:--:-- --:--:-- 50290
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 24.8M  100 24.8M    0     0  10.1M      0  0:00:02  0:00:02 --:--:-- 10.1M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
make: *** [sources/musl-1.1.22.tar.gz] Error 60
The command '/bin/sh -c cd /tmp &&     curl -Lsq -o musl-cross-make.zip https://github.com/richfelker/musl-cross-make/archive/v0.9.8.zip &&     unzip -q musl-cross-make.zip &&     rm musl-cross-make.zip &&     mv musl-cross-make-0.9.8 musl-cross-make &&     cp /tmp/config.mak /tmp/musl-cross-make/config.mak &&     cd /tmp/musl-cross-make &&     TARGET=$TARGET make install > /tmp/musl-cross-make.log &&     ln -s /usr/local/musl/bin/$TARGET-strip /usr/local/musl/bin/musl-strip &&     cd /tmp &&     rm -rf /tmp/musl-cross-make /tmp/musl-cross-make.log' returned a non-zero code: 2

It seems that musl switched to Let's Encrypt(?), signed with a root certificate that's not included in Ubuntu 16.

Installing the Let's Encrypt R3 intermediate CA (cross-signed) helps. I downloaded it from https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem.