From nobody Wed Aug 3 14:28:55 2022 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LyZ4Z4r9pz4Xn20 for ; Wed, 3 Aug 2022 14:29:34 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp052.goneo.de (smtp052.goneo.de [85.220.129.60]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4LyZ4Y341Cz3kDl; Wed, 3 Aug 2022 14:29:33 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from hub2.goneo.de (hub2.goneo.de [IPv6:2001:1640:5::8:53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by smtp5.goneo.de (Postfix) with ESMTPS id D927A10A1EAC; Wed, 3 Aug 2022 16:29:25 +0200 (CEST) Received: from hub2.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPS id EF62B10A1E8A; Wed, 3 Aug 2022 16:29:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1659536964; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=272gtsD+3lMcYFKphwFnGmZdosuME6nu2dXFZ4QcwX0=; b=ALqRwTKSRR19TdZfgYqJ/6bRVkIAf4YAKqNaETmUjSpkrzhEZu9MCoDNC38l/JSW3tLkHy mkG3zcvL6HeeQdXcRwPK2QX/bRBD2NqOGXgP656tqu3ciRl0DLnLDpd6/xvzE9WqIFbeYJ /JaYKImzLKapZEHgwCyxqq08EQNIimwMCQK/qUq1EmNqvzx/+57EtKQiR9EctQYHyENpbb omJp2RPqaCxDTUA854hCCHFnXMRuW5Nn6qJNcXex1R1fYo2zk4Na0GJGhDLjK8GbxA3pkp fUYqoXbnnCQPGsLwHfmjMWqSL0fd9UIpI3ZJyEhk575czZ9OkqHnwHtENe3ZZQ== Received: from thor.intern.walstatt.dynvpn.de (dynamic-077-013-184-212.77.13.pool.telefonica.de [77.13.184.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPSA id 824A310A1E89; Wed, 3 Aug 2022 16:29:23 +0200 (CEST) Date: Wed, 3 Aug 2022 16:28:55 +0200 From: FreeBSD User To: Michael Gmelin Cc: FreeBSD Ports Subject: Re: poudriere overlay: passing down git ENV variables (problem: self signed certificates) Message-ID: <20220803162922.396e8f25@thor.intern.walstatt.dynvpn.de> In-Reply-To: <20220803142704.4745d118.grembo@freebsd.org> References: <20220803123853.760e9543@thor.intern.walstatt.dynvpn.de> <20220803142704.4745d118.grembo@freebsd.org> Organization: walstatt-de.de List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-UID: 7475f9 X-Rspamd-UID: d54fa7 X-Rspamd-Queue-Id: 4LyZ4Y341Cz3kDl X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b=ALqRwTKS; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@walstatt-de.de has no SPF policy when checking 85.220.129.60) smtp.mailfrom=freebsd@walstatt-de.de X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org]; DMARC_NA(0.00)[walstatt-de.de]; R_SPF_NA(0.00)[no SPF record]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_THREE(0.00)[4]; HAS_ORG_HEADER(0.00)[]; ASN(0.00)[asn:25394, ipnet:85.220.128.0/17, country:DE]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[walstatt-de.de:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Am Wed, 3 Aug 2022 14:27:04 +0200 Michael Gmelin schrieb: > On Wed, 3 Aug 2022 12:38:26 +0200 > FreeBSD User wrote: > > > Hello, > > > > I try to acconplish tasks in maintaining ports via poudriere-devel's > > OVERLAY option. First of all: > > > > it is a pain in the a... not having ANY suitable hint how to perform > > this, a single line like that I found after a couple of hours > > searching here: https://github.com/decke/ports would have been of > > help, really. > > > > So, I'm facing the all-time-present problem of having my own git > > server based on HTTPS with self signed certificate. git rejects > > connecting to those servers in the default configuration setting. > > Usually, I've to set via git config http.sslVerify false > > to not verify the certificate. > > Following the instructions given at https://github.com/decke/ports > > with my existing poudriere setup incorporating a ports folder, > > adjusting the URI with the one appropriate for my case, like: > > > > env GIT_NO_SSL_VERIFY=true poudriere ports -c -U > > https://myname@my.server.de/git/ports.git -m "git+https" -B master -p > > ov-freebsd > > > > fails with the well known "... problem: self signed certificate". > > > > Obviously poudriere is spawning its own environment within git > > operates (so it seems to me) and is not passing the given environment > > variable GIT_NO_SSL_VERIFY=true down to git. > > > > Now, I'm stuck here. I tried, anticpating that the "overlay port's > > folder" will be located at the same root as my "head" foleder for the > > port's collection will be rooted at, creating an folder "ov-freebsd" > > and creating the .git folder and config file with git init --bare > > ov-freebsd and then manually config this according to the > > specifications given by the initial poudriere command as seen above - > > does NOT WORK. It seems git is called to early or never access the > > given preexisting folder - or I'm wrong in the assumption of the > > location of the overlay folder. > > > > Also, checking out the "personal" git repo at the anticipated correct > > location and configuring "http.sslVerify false" does not succeed as > > expected. > > > > I guess this problem must be very common amongst those having their > > own git repository servers backed via a webserver secured via SSL > > self signed certificates, so I wonder whether there is a solution or > > not. > > > > Can someone enlighten my? How can I pass the specified env varibale > > down poudriere to git to achive the desired task? Assuming this > > procedure is correct. If not, what is the proper way to achive that > > task? > > > > If you read /usr/local/bin/poudriere you see that it filters the > environment. So neither GIT_NO_SSL_VERIFY will come through, nor HOME > (which also means that git can't read $HOME/.gitconfig). > > The pragmatic solution would be to create a git wrapper script and tell > poudriere to use it: > > cat >/tmp/git_wrap < #!/bin/sh > GIT_NO_SSL_VERIFY=true git "$@" > EOF > chmod 755 /tmp/git_wrap > echo GIT_CMD=/tmp/wrap >>/usr/local/etc/poudriere.conf > > Cheers > Michael > Thank you very much for the quick answer. Well, the approach is a bit "hacky", but it works, but I had to replace the part "[env] GIT_NO_SSL_VERIFY=true" (which is obviously ineffectice and not working) with git -c http.sslVerify=false "$@" That written, brings up the question: is there a official way to pass down options to git as with "-c"? That would solve the hacky wrapper script. Many thanks, Oliver -- O. Hartmann