GitLab

alpine-netboot-3.13.2-x86_64.tar.gz

I'm playing with netbooting Alpine Linux and I'd like to get my custom apkovl file via HTTPS but ramdisk fails:

+ '[' -z https://gist.github.com/jirib/2f6c054ba73018e9860ac60f784ca899/raw/2b6ebd9f0d2c3d48b8b36b69708dffce3b544f8b/testbox.apkovl.tar.gz ]
+ is_url https://gist.github.com/jirib/2f6c054ba73018e9860ac60f784ca899/raw/2b6ebd9f0d2c3d48b8b36b69708dffce3b544f8b/testbox.apkovl.tar.gz
+ return 0
+ cat /sys/class/dmi/id/product_uuid
+ MACHINE_UUID=
+ url=https://gist.github.com/jirib/2f6c054ba73018e9860ac60f784ca899/raw/2b6ebd9f0d2c3d48b8b36b69708dffce3b544f8b/testbox.apkovl.tar.gz
+ url=https://gist.github.com/jirib/2f6c054ba73018e9860ac60f784ca899/raw/2b6ebd9f0d2c3d48b8b36b69708dffce3b544f8b/testbox.apkovl.tar.gz
+ ovl=/tmp/testbox.apkovl.tar.gz
+ wget -O /tmp/testbox.apkovl.tar.gz https://gist.github.com/jirib/2f6c054ba73018e9860ac60f784ca899/raw/2b6ebd9f0d2c3d48b8b36b69708dffce3b544f8b/testbox.apkovl.tar.gz
Connecting to gist.github.com (140.82.121.4:443)
ssl_client: gist.github.com: TLS connect failed
wget: error getting response: Connection reset by peer
+ ovl=

I see that initramfs-virt has no ssl certs at all.

$ bsdtar xOf /tmp/alpine-netboot-3.13.2-x86_64.tar.gz boot/initramfs-virt | bsdtar tf - etc/
etc
etc/apk
etc/apk/keys
etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
etc/fstab
etc/group
etc/mdev.conf
etc/modprobe.d
etc/modprobe.d/aliases.conf
etc/modprobe.d/blacklist.conf
etc/modprobe.d/i386.conf
etc/modprobe.d/kms.conf
etc/passwd

Adding ca-certificates* into pkgs seems to make no sense as packages are installed after apkovl is downloaded/extracted (which fails).

Wouldn't it make sense to add CA certs? Or am I doing something wrong here?