No https in NFSROOT for FAI 5.7.4 (Debian 10/Buster)
Bob A
bob at phxlab.honeywell.com
Thu Feb 21 23:55:48 CET 2019
Honeywell Internal
I am seeing this when I run fai-make-nfsroot:
dracut: Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work.
I can also confirm HTTPS is *not* working when I try my install. When I change to HTTP portions of the install work but eventually fail because my svn server only supports HTTPS. Looks like libnssckbi.so belongs to the libnss3 package:
# apt-file search libnssckbi.so
libnss3: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
So, I added libnss3 to my /etc/fai/NFSROOT file. Also, ca-certificates is already in that file so I suspect I should be good. After I rebuild the NFSROOT, the fai-make-nfsroot.log file shows:
Selecting previously unselected package ca-certificates.
Preparing to unpack .../029-ca-certificates_20190110_all.deb ...
Unpacking ca-certificates (20190110) ...
…
Selecting previously unselected package libnss3:amd64.
Preparing to unpack .../071-libnss3_2%3a3.42-1_amd64.deb ...
Unpacking libnss3:amd64 (2:3.42-1) ...
Once the NFSROOT is created:
# find nfsroot/ -name libnssckbi.so\*
nfsroot/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
And several certificates are installed:
# ls -l nfsroot/usr/share/ca-certificates/mozilla/ | wc -l
129
However, I’m still seeing the ”HTTPS won’t work” message. Based on this: https://lists.uni-koeln.de/pipermail/linux-fai/2017-August/011780.html
I tried to modify nfsroot.conf as follows:
FAI_DEBOOTSTRAP_OPTS="--exclude=wget --include=ca-certificates,libnss3"
FYI – the “exclude=wget” was in the file by default. After all that I am getting the same error. Help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20190221/4bf8df1a/attachment-0001.html>
More information about the linux-fai
mailing list