tianon / docker-qemu

Dockerization of supported QEMU releases
https://qemu.org
137 stars 36 forks source link

qemu-img info https://ce.... dont work | ca-certificates is missing in the finale image #30

Closed MaxPeal closed 2 years ago

MaxPeal commented 2 years ago

qemu-img info https://cent... dont work as in the finale image the ca-certificates are missing, can we add this please,

g$ docker run -it --rm   --device /dev/kvm       --name qemu-container   -e QEMU_HDA_SIZE=100G   -e QEMU_CPU=4   -e QEMU_RAM=4096              -e QEMU_BOOT='order=d'  -e QEMU_PORTS='2375 2376'       tianon/qemu qemu-img info https://centos.mirror.liteserver.nl/7/isos/x86_64/CentOS-7-x86_64-NetInstall-2009.iso
qemu-img: Could not open 'https://centos.mirror.liteserver.nl/7/isos/x86_64/CentOS-7-x86_64-NetInstall-2009.iso': CURL: Error opening file: server certificate verification failed. CAfile: none CRLfile: none
g$ 

i dont know how i add the exclusion for https://github.com/tianon/docker-qemu/blob/8fc69dd643d435e182553668bd72a27cd6448919/Dockerfile.template#L218 https://github.com/tianon/docker-qemu/blob/8fc69dd643d435e182553668bd72a27cd6448919/Dockerfile.template#L232

g$ docker run -it --rm   --device /dev/kvm       --name qemu-container   -e QEMU_HDA_SIZE=100G   -e QEMU_CPU=4   -e QEMU_RAM=4096              -e QEMU_BOOT='order=d'  -e QEMU_PORTS='2375 2376'       tianon/qemu /bin/bash
root@0297d5ae0d7b:/# apt update -qq 
All packages are up to date.
root@0297d5ae0d7b:/# apt install --no-install-recommends openssl 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  ca-certificates
The following NEW packages will be installed:
  openssl
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 851 kB of archives.
After this operation, 1500 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 openssl amd64 1.1.1k-1+deb11u1 [851 kB]
Fetched 851 kB in 0s (3646 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package openssl.
(Reading database ... 7036 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.1k-1+deb11u1_amd64.deb ...
Unpacking openssl (1.1.1k-1+deb11u1) ...
Setting up openssl (1.1.1k-1+deb11u1) ...
root@0297d5ae0d7b:/# qemu-img info https://centos.mirror.liteserver.nl/7/isos/x86_64/CentOS-7-x86_64-NetInstall-2009.iso
qemu-img: Could not open 'https://centos.mirror.liteserver.nl/7/isos/x86_64/CentOS-7-x86_64-NetInstall-2009.iso': CURL: Error opening file: server certificate verification failed. CAfile: none CRLfile: none
root@0297d5ae0d7b:/# apt install --no-install-recommends ca-certificates
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  ca-certificates
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 158 kB of archives.
After this operation, 391 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 ca-certificates all 20210119 [158 kB]
Fetched 158 kB in 0s (1286 kB/s)       
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package ca-certificates.
(Reading database ... 7188 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20210119_all.deb ...
Unpacking ca-certificates (20210119) ...
Setting up ca-certificates (20210119) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.3
2.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/sh
are/perl/5.32 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Updating certificates in /etc/ssl/certs...
129 added, 0 removed; done.
Processing triggers for ca-certificates (20210119) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@0297d5ae0d7b:/# qemu-img info https://centos.mirror.liteserver.nl/7/isos/x86_64/CentOS-7-x86_64-NetInstall-2009.iso
image: https://centos.mirror.liteserver.nl/7/isos/x86_64/CentOS-7-x86_64-NetInstall-2009.iso
file format: raw
virtual size: 575 MiB (602931200 bytes)
disk size: unavailable
root@0297d5ae0d7b:/# 
MaxPeal commented 2 years ago

for qemu-system-x86_64 its the same error

$ qemu-img create -f qcow2 -o preallocation=off $HOME/hda.qcow2 10m
Formatting '/home/user/hda.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off preallocation=off compression_type=zlib size=10485760 lazy_refcounts=off refcount_bits=16

$ docker run -it --rm \
        --device /dev/kvm \
        --name qemu-container \
        -v $HOME/hda.qcow2:/tmp/hda.qcow2 \
        -e QEMU_HDA=/tmp/hda.qcow2 \
        -e QEMU_HDA_SIZE=100G \
        -e QEMU_CPU=4 \
        -e QEMU_RAM=4096 \
        -e QEMU_CDROM=https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso \
        -e QEMU_BOOT='order=d' \
        -e QEMU_PORTS='2375 2376' \
        tianon/qemu:native
+ exec qemu-system-x86_64 -enable-kvm -smp 4 -m 4096 -drive file=/tmp/hda.qcow2,index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda -device virtio-scsi-pci -device scsi-hd,drive=hda -cdrom https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso -boot order=d -netdev user,hostname=dc2c4cb24da7,hostfwd=tcp::22-:22,hostfwd=udp::22-:22,hostfwd=tcp::2375-:2375,hostfwd=udp::2375-:2375,hostfwd=tcp::2376-:2376,hostfwd=udp::2376-:2376,id=net -device virtio-net-pci,netdev=net -serial stdio -vnc :0
qemu-system-x86_64: -cdrom https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso: CURL: Error opening file: server certificate verification failed. CAfile: none CRLfile: none
$ 

without https/ssl it works

$ docker run -it --rm \
        --device /dev/kvm \
        --name qemu-container \
        -v $HOME/hda.qcow2:/tmp/hda.qcow2 \
        -e QEMU_HDA=/tmp/hda.qcow2 \
        -e QEMU_HDA_SIZE=100G \
        -e QEMU_CPU=4 \
        -e QEMU_RAM=4096 \
        -e QEMU_CDROM=http://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso \
        -e QEMU_BOOT='order=d' \
        -e QEMU_PORTS='2375 2376' \
        tianon/qemu:native
+ exec qemu-system-x86_64 -enable-kvm -smp 4 -m 4096 -drive file=/tmp/hda.qcow2,index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda -device virtio-scsi-pci -device scsi-hd,drive=hda -cdrom http://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso -boot order=d -netdev user,hostname=6e22a7287b1d,hostfwd=tcp::22-:22,hostfwd=udp::22-:22,hostfwd=tcp::2375-:2375,hostfwd=udp::2375-:2375,hostfwd=tcp::2376-:2376,hostfwd=udp::2376-:2376,id=net -device virtio-net-pci,netdev=net -serial stdio -vnc :0

ISOLINUX 6.04 6.04-pre1  Copyright (C) 1994-2015 H. Peter Anvin et al
boot: 

   OpenRC 0.44.7.88ce4d9bb0 is starting up Linux 5.15.4-0-virt (x86_64)

 * /proc is already mounted
 * Mounting /run ... * /run/openrc: creating directory
 * /run/lock: creating directory
 * /run/lock: correcting owner
 * Caching service dependencies ... [ ok ]
 * Remounting devtmpfs on /dev ... [ ok ]
 * Mounting /dev/mqueue ... [ ok ]
 * Mounting modloop  ... * Verifying modloop
 [ ok ]
 * Mounting security filesystem ... [ ok ]
 * Mounting debug filesystem ... [ ok ]
 * Mounting persistent storage (pstore) filesystem ... [ ok ]
 * Starting busybox mdev ... [ ok ]
 * Loading hardware drivers ... [ ok ]
 * Loading modules ... [ ok ]
 * Setting system clock using the hardware clock [UTC] ... [ ok ]
 * Checking local filesystems  ... [ ok ]
 * Remounting filesystems ... [ ok ]
 * Mounting local filesystems ... [ ok ]
 * Configuring kernel parameters ... [ ok ]
 * Migrating /var/lock to /run/lock ... [ ok ]
 * Creating user login records ... [ ok ]
 * Cleaning /tmp directory ... [ ok ]
 * Setting hostname ... [ ok ]
 * Starting busybox syslog ... [ ok ]
 * Starting firstboot ... [ ok ]

Welcome to Alpine Linux 3.15
Kernel 5.15.4-0-virt on an x86_64 (/dev/ttyS0)

localhost login: root
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <http://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

localhost:~# poweroff 
localhost:~#  * Stopping busybox syslog ... [ ok ]
 * Unmounting loop devices
 *   Remounting /.modloop read only ... [ ok ]
 * Unmounting filesystems
 *   Unmounting /media/cdrom ... [ ok ]
 * Setting hardware clock using the system clock [UTC] ... [ ok ]
 * Stopping busybox mdev ... [ ok ]
 [ ok ]
 * Terminating remaining processes ... [ ok ]
 * Killing remaining processes ... [ ok ]
 * Saving dependency cache ... [ ok ]
 [ ok ]
 * Remounting remaining filesystems read-only ... *   Remounting / read only ... [ ok ]
 [ ok ]
The system is going down NOW!
Sent SIGTERM to all processes
Sent SIGKILL to all processes
Requesting system poweroff
[   32.789353] reboot: Power down
$ 
tianon commented 2 years ago

Whoa, TIL these commands are supposed to be able to take URLs! :joy:

I've opened a PR at https://github.com/tianon/docker-qemu/pull/31 :+1: