use a workaround /etc/ssl1.1 for 3.15 (!105) · Merge requests · alpine / mkinitfs

Open sbrudenell requested to merge sbrudenell/mkinitfs:https-3.15 into master Apr 27, 2022

Fixes #24.

We create /etc/ssl1.1 with symlinks to /etc/ssl, as would be found in a default installation of 3.15.

This is a different approach from my proposal of setting SSL_CERT_FILE/SSL_CERT_DIR. It's easier to convince myself that modifying the tmpfs will be appropriately scoped to the problem, and not pollute anything I didn't think about, rather than modifying environment variables.

I tested this by:

built mkinitfs-*.apk from a modified APKBUILD to point to my repo
installed the *.apk to an alpine:3.15 docker container
ran mkinitfs -s /path/to/modloop-virt.SIGN.RSA.alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub -k -F "base squashfs network usb virtio" -o "/tmp/initramfs-virt" "5.15.32-0-virt", which is as close as I could find to the command used to generate initramfs-virt for release
booted with the following ipxe config, booting from the test artifact hosted on backblaze b2:

#!ipxe
ifconf
kernel https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/netboot/vmlinuz-virt modules=loop,squashfs nomodeset apkovl=https://f004.backblazeb2.com/file/sbrudenell-netboot/test.apkovl.tar.gz alpine_repo=https://dl-cdn.alpinelinux.org/alpine/v3.15/main modloop=https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/netboot/modloop-virt console=tty0 console=ttyS0,115200n8 earlyprintk=serial,ttyS0,115200n8
initrd https://f004.backblazeb2.com/file/sbrudenell-netboot/initramfs-virt
boot

It worked as expected. It loaded my apkovl from https, and installed packages from the https repo.

use a workaround /etc/ssl1.1 for 3.15

Merge request reports