[Buildroot] [git commit branch/2018.02.x] utils/genrandconfig: use --no-check-certificate in wget by default

Peter Korsgaard peter at korsgaard.com
Fri Apr 6 18:10:17 UTC 2018


commit: https://git.buildroot.net/buildroot/commit/?id=4a1a806d486402323e7b3ce6c1b457183d71bb4a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.02.x

A number of autobuilder failures are due to the fact that autobuilder
instances use old distributions, with old SSL certificates, and
therefore wget aborts with an error "The certificate of `xyz.org' is
not trusted.".

In order to avoid such failures that are not very interesting in the
context of the autobuilders, we pass --no-check-certificate to
wget. The integrity of the downloaded files is anyway verified by the
hashes, and this is only meant to be used in the context of
testing/CI, not in production.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
(cherry picked from commit 0866a280e40a7a2c7d7d50cc7e87c3f4652aff0a)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 utils/genrandconfig | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/utils/genrandconfig b/utils/genrandconfig
index 0d08570bc5..8a6bdb6a0c 100755
--- a/utils/genrandconfig
+++ b/utils/genrandconfig
@@ -347,6 +347,9 @@ def gen_config(args):
     with open(minimalconfigfile) as minimalf:
         configlines += minimalf.readlines()
 
+    # Allow hosts with old certificates to download over https
+    configlines.append("BR2_WGET=\"wget --passive-ftp -nd -t 3 --no-check-certificate\"")
+
     # Amend the configuration with a few things.
     if randint(0, 20) == 0:
         configlines.append("BR2_ENABLE_DEBUG=y\n")


More information about the buildroot mailing list