elemental-toolkit icon indicating copy to clipboard operation
elemental-toolkit copied to clipboard

Published 20 hours ago verified publisher icon rancher

Compiling on Mac M1

Open bobmorane83 opened this issue 1 year ago • 15 comments

Hi, I'am trying to compile on my Mac Book Pro M1 and have issues :

elemental-toolkit version:

Git cloned lastly. Last commit 54664f8cf5bcf48bc23875a3f5f4dbff554fce4f

Describe the bug

make ARCH=arm64 build build-os run fine, but make ARCH=arm64 build-rpi-disk

INFO[2024-05-22T09:09:30Z] Building disk image type raw for arch        
INFO[2024-05-22T09:09:30Z] Running before-disk hook                     
INFO[2024-05-22T09:09:30Z] Copying local/elemental-green-rpi:v2.1.0-g54664f8cf source... 
ERRO[2024-05-22T09:10:27Z] failed loading recovery image source tree: chmod /build/build/recovery.img.root/var/lib/ca-certificates/openssl: permission denied 
ERRO[2024-05-22T09:10:40Z] Woophs, something went terribly wrong: 1 error occurred:
        * chmod /build/build/recovery.img.root/var/lib/ca-certificates/openssl: permission denied

I suspect this is due to the lake of loop device on mac.

BR,

bobmorane83 avatar May 22 '24 12:05 bobmorane83

Hmm, in this step it should only try to extract the filesystem from the image and put in a local directory.. are you running rootless docker by any chance?

frelon avatar May 23 '24 07:05 frelon

AFAK docker engine inside the VM (docker desktop on mac) is not running rootless.

image

bobmorane83 avatar May 23 '24 07:05 bobmorane83

Running : docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /Users/macbook/Developpement/rancher/elemental-toolkit/examples:/examples --entrypoint /bin/bash local/elemental-toolkit:v2.1.0-g54664f8cf

and then in the container : /usr/bin/elemental --debug build-disk --platform linux/arm64 --cloud-init-paths /examples/green-rpi --expandable -n elemental-green-rpi.aarch64 --local --squash-no-compression --deploy-command elemental,--debug,reset,--reboot,--disable-boot-entry -o /build --system local/elemental-green-rpi:v2.1.0-g54664f8cf

gives the correct result (of course inside the container).

So, the problème is obviously the right to write on host build directory, but adding chmod a+w build do not solve the problem.

I even try sudo make, same problem ...

bobmorane83 avatar May 24 '24 09:05 bobmorane83

Surprisingly :

❯ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /Users/macbook/Developpement/rancher/elemental-toolkit/examples:/examples -v /Users/macbook/Developpement/rancher/elemental-toolkit/build:/build  --entrypoint /bin/bash local/elemental-toolkit:v2.1.0-g54664f8cf
4692b3322d9d:/ # touch build/toto
4692b3322d9d:/ # exit
exit
❯ ls build
toto

bobmorane83 avatar May 24 '24 12:05 bobmorane83

Surprisingly :


❯ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /Users/macbook/Developpement/rancher/elemental-toolkit/examples:/examples -v /Users/macbook/Developpement/rancher/elemental-toolkit/build:/build  --entrypoint /bin/bash local/elemental-toolkit:v2.1.0-g54664f8cf

4692b3322d9d:/ # touch build/toto

4692b3322d9d:/ # exit

exit

❯ ls build

toto

Hmm, can you chmod the toto file?

frelon avatar May 24 '24 13:05 frelon

Hmm, can you chmod the toto file?

Yes :

> chmod a+rwx build/toto
> ll build/toto
-rwxrwxrwx 1 root root 0 May 24 13:22 build/toto

Looking at /var/lib/ca-certificates/openssl in local/elemental-green-rpi:v2.1.0-g54664f8cf found nothing fancy for rights ...

df623751485c:/var/lib/ca-certificates/openssl # ls -la
total 744
dr-xr-xr-x 2 root root 20480 May 16 06:24 .
drwxr-xr-x 4 root root  4096 May 16 06:24 ..
lrwxrwxrwx 1 root root    23 May 16 06:24 002c0b4f.0 -> GlobalSign_Root_R46.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 01419da9.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 0179095f.0 -> BJCA_Global_Root_CA1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 04f60c28.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root    50 May 16 06:24 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 0708417d.0 -> Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 08063a00.0 -> Security_Communication_RootCA3.pem
lrwxrwxrwx 1 root root    54 May 16 06:24 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 0a775a30.0 -> GTS_Root_R3.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 0b1b94ef.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 0b7c536a.0 -> D-TRUST_Root_CA_3_2013.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 0b9bc432.0 -> ISRG_Root_X2.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 0c4c9b6c.0 -> Global_Chambersign_Root_-_2008.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 0d01cc9c.0 -> GlobalSign_Secure_Mail_Root_R45.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 0d69c7e1.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 0d972af8.0 -> GlobalSign_Secure_Mail_Root_R45.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 0f5dc4f3.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 1001acf7.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root    54 May 16 06:24 10531352.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    46 May 16 06:24 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 11f154d6.0 -> Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 128f4b91.0 -> Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 1320b215.0 -> Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 1422d63c.0 -> DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 1766e401.0 -> GlobalSign_Secure_Mail_Root_E45.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 18856ac4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 19dbc0dd.0 -> DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 1ae85e5e.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 1b0f7e5c.0 -> GlobalSign_Root_R46.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 1df5a75f.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 1e1eab7c.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 1e8e7201.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 1eb37bdf.0 -> Chambers_of_Commerce_Root_-_2008.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 1ec40989.0 -> GLOBALTRUST_2020.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 1f58a078.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 219d9499.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 23f4c490.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 24a5a1df.0 -> Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem
lrwxrwxrwx 1 root root    33 May 16 06:24 252252d2.0 -> DigiCert_TLS_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 26312675.0 -> Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 2923b3f9.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 2add47b6.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 2ae6433e.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 2b349938.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 2c63f966.0 -> SSL.com_TLS_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 2c9bcd6c.0 -> LAWtrust_Root_CA2__4096_.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 2d21b73c.0 -> Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 2d9dafe4.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 2dab9e33.0 -> HARICA_Client_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 302904dd.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 304d27c3.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 31188b5e.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 3136ea36.0 -> Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem
lrwxrwxrwx 1 root root    59 May 16 06:24 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 33ee480d.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 35105088.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 3513523f.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 399e7759.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 3a3b02ce.0 -> OISTE_WISeKey_Global_Root_GA_CA.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 3ad48a91.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 3afde786.0 -> Sectigo_Public_Server_Authentication_Root_E46.pem
lrwxrwxrwx 1 root root    61 May 16 06:24 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 3bde41ac.1 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 3c860d51.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 3c899c73.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root    13 May 16 06:24 3c9a4d3b.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 3d3ee9f3.0 -> DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 3e359ba6.0 -> BJCA_Global_Root_CA2.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 3e7271e8.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 40193066.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 4042bcee.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 40547a79.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 406c9bb1.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 41a3f684.0 -> Certum_EC-384_CA.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 442adcac.0 -> Certum_Root_CA.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 455f1b52.0 -> Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 4632c230.0 -> HARICA_Client_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root    14 May 16 06:24 48a195d8.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 48bec511.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 4be590e0.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 4c3982f2.0 -> HARICA_TLS_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 4c3cbf99.0 -> Sectigo_Public_Email_Protection_Root_E46.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 4c95c52e.0 -> DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 4f316efb.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 5046c355.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 52b525c7.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 53a1b57a.0 -> HiPKI_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 54657681.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root    50 May 16 06:24 583d0756.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 5860aaa6.0 -> Security_Communication_ECC_RootCA1.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 5931b5bc.0 -> D-TRUST_EV_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 5a250ea7.0 -> Staat_der_Nederlanden_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 5a3f0ff8.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 5a4d6896.0 -> Staat_der_Nederlanden_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 5acf816d.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 5ad8a5d6.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 5c79eb85.0 -> Sectigo_Public_Email_Protection_Root_R46.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 5f15c80c.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 5f47b495.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 5f618aec.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root    39 May 16 06:24 5f9a69fa.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 5fdd185d.0 -> Certainly_Root_E1.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 607986c7.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root    48 May 16 06:24 60afe812.0 -> NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 6187b673.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 626dceaf.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 63a2c897.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 653b494a.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 661273b5.0 -> SSL.com_Client_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 68dd7389.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 69105f4f.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 6b03dec0.0 -> GTS_Root_R3.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 6b99d060.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 6d41d539.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 6e8bf996.0 -> Certum_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 6f7454b3.0 -> Security_Communication_RootCA3.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 706f604c.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 749e9e03.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 75680d2e.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 76579174.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 76763419.0 -> DigiCert_SMIME_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 76faf6c0.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 779a714a.0 -> DigiCert_SMIME_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    47 May 16 06:24 7892ad52.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    17 May 16 06:24 7a3adc42.0 -> vTrus_Root_CA.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 7a780d93.0 -> Certainly_Root_R1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 7a7c655d.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 7a819ef2.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 7e067d03.0 -> BJCA_Global_Root_CA2.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 7ffa47b4.0 -> SSL.com_Client_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 81b9768f.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 82223c44.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 83e9984f.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 8508e720.0 -> Certainly_Root_E1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 85cde254.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 86212b19.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 865fbdf9.0 -> SSL.com_TLS_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 869fbf79.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 8794b4e3.0 -> ISRG_Root_X2.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 882de061.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 88950faa.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 896c8bb4.0 -> Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 89c02a45.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 8cb5ee0f.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 8d6437c3.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 8d86cdd1.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 8f103249.0 -> Telia_Root_CA_v2.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 9046744a.0 -> Sectigo_Public_Server_Authentication_Root_R46.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 90c5a3c8.0 -> HiPKI_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 9282e51c.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 930ac5d2.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 9339512a.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 93851c9e.0 -> ANF_Secure_Server_Root_CA.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 93bc0acc.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 9479c8c3.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 9482e63a.0 -> Certum_EC-384_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 94bd6eb5.0 -> HARICA_Client_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 9576d26b.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 9591a472.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 95aff9e3.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root    33 May 16 06:24 9846683b.0 -> DigiCert_TLS_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 985c1f52.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root    48 May 16 06:24 988a38cb.0 -> NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
lrwxrwxrwx 1 root root    17 May 16 06:24 99e1b953.0 -> vTrus_Root_CA.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 9aef356c.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 9b46e03d.0 -> Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 9d6523ce.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 9eeb53aa.0 -> DigiCert_SMIME_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 9ef4a08a.0 -> D-TRUST_BR_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 9f533518.0 -> Global_Chambersign_Root_-_2008.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.pem
-r--r--r-- 1 root root  2837 May 16 06:24 ACCVRAIZ1.pem
-r--r--r-- 1 root root  2033 May 16 06:24 AC_RAIZ_FNMT-RCM.pem
-r--r--r-- 1 root root   989 May 16 06:24 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
-r--r--r-- 1 root root  2191 May 16 06:24 ANF_Secure_Server_Root_CA.pem
-r--r--r-- 1 root root  2138 May 16 06:24 Actalis_Authentication_Root_CA.pem
-r--r--r-- 1 root root  1273 May 16 06:24 AffirmTrust_Commercial.pem
-r--r--r-- 1 root root  1273 May 16 06:24 AffirmTrust_Networking.pem
-r--r--r-- 1 root root  1951 May 16 06:24 AffirmTrust_Premium.pem
-r--r--r-- 1 root root   822 May 16 06:24 AffirmTrust_Premium_ECC.pem
-r--r--r-- 1 root root  1261 May 16 06:24 Amazon_Root_CA_1.pem
-r--r--r-- 1 root root  1955 May 16 06:24 Amazon_Root_CA_2.pem
-r--r--r-- 1 root root   729 May 16 06:24 Amazon_Root_CA_3.pem
-r--r--r-- 1 root root   810 May 16 06:24 Amazon_Root_CA_4.pem
-r--r--r-- 1 root root  1342 May 16 06:24 Atos_TrustedRoot_2011.pem
-r--r--r-- 1 root root   907 May 16 06:24 Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem
-r--r--r-- 1 root root   871 May 16 06:24 Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
-r--r--r-- 1 root root  2053 May 16 06:24 Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem
-r--r--r-- 1 root root  2016 May 16 06:24 Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
-r--r--r-- 1 root root  2297 May 16 06:24 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem
-r--r--r-- 1 root root  2297 May 16 06:24 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
-r--r--r-- 1 root root  2029 May 16 06:24 BJCA_Global_Root_CA1.pem
-r--r--r-- 1 root root   883 May 16 06:24 BJCA_Global_Root_CA2.pem
-r--r--r-- 1 root root  1346 May 16 06:24 Baltimore_CyberTrust_Root.pem
-r--r--r-- 1 root root  1984 May 16 06:24 Buypass_Class_2_Root_CA.pem
-r--r--r-- 1 root root  1984 May 16 06:24 Buypass_Class_3_Root_CA.pem
-r--r--r-- 1 root root  2008 May 16 06:24 CA_Disig_Root_R2.pem
-r--r--r-- 1 root root  2041 May 16 06:24 CFCA_EV_ROOT.pem
-r--r--r-- 1 root root  1578 May 16 06:24 COMODO_Certification_Authority.pem
-r--r--r-- 1 root root  1037 May 16 06:24 COMODO_ECC_Certification_Authority.pem
-r--r--r-- 1 root root  2183 May 16 06:24 COMODO_RSA_Certification_Authority.pem
-r--r--r-- 1 root root   802 May 16 06:24 Certainly_Root_E1.pem
-r--r--r-- 1 root root  1951 May 16 06:24 Certainly_Root_R1.pem
-r--r--r-- 1 root root  1391 May 16 06:24 Certigna.pem
-r--r--r-- 1 root root  2337 May 16 06:24 Certigna_Root_CA.pem
-r--r--r-- 1 root root   964 May 16 06:24 Certum_EC-384_CA.pem
-r--r--r-- 1 root root  1175 May 16 06:24 Certum_Root_CA.pem
-r--r--r-- 1 root root  1440 May 16 06:24 Certum_Trusted_Network_CA.pem
-r--r--r-- 1 root root  2167 May 16 06:24 Certum_Trusted_Network_CA_2.pem
-r--r--r-- 1 root root  2134 May 16 06:24 Certum_Trusted_Root_CA.pem
-r--r--r-- 1 root root  2675 May 16 06:24 Chambers_of_Commerce_Root_-_2008.pem
-r--r--r-- 1 root root  1598 May 16 06:24 Comodo_AAA_Services_root.pem
-r--r--r-- 1 root root  1123 May 16 06:24 D-TRUST_BR_Root_CA_1_2020.pem
-r--r--r-- 1 root root  1123 May 16 06:24 D-TRUST_EV_Root_CA_1_2020.pem
-r--r--r-- 1 root root  1533 May 16 06:24 D-TRUST_Root_CA_3_2013.pem
-r--r--r-- 1 root root  1594 May 16 06:24 D-TRUST_Root_Class_3_CA_2_2009.pem
-r--r--r-- 1 root root  1622 May 16 06:24 D-TRUST_Root_Class_3_CA_2_EV_2009.pem
-r--r--r-- 1 root root   980 May 16 06:24 DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem
-r--r--r-- 1 root root  2118 May 16 06:24 DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem
-r--r--r-- 1 root root  1435 May 16 06:24 DigiCert_Assured_ID_Root_CA.pem
-r--r--r-- 1 root root  1391 May 16 06:24 DigiCert_Assured_ID_Root_G2.pem
-r--r--r-- 1 root root   936 May 16 06:24 DigiCert_Assured_ID_Root_G3.pem
-r--r--r-- 1 root root  1419 May 16 06:24 DigiCert_Global_Root_CA.pem
-r--r--r-- 1 root root  1375 May 16 06:24 DigiCert_Global_Root_G2.pem
-r--r--r-- 1 root root   924 May 16 06:24 DigiCert_Global_Root_G3.pem
-r--r--r-- 1 root root  1464 May 16 06:24 DigiCert_High_Assurance_EV_Root_CA.pem
-r--r--r-- 1 root root   871 May 16 06:24 DigiCert_SMIME_ECC_P384_Root_G5.pem
-r--r--r-- 1 root root  2016 May 16 06:24 DigiCert_SMIME_RSA4096_Root_G5.pem
-r--r--r-- 1 root root   867 May 16 06:24 DigiCert_TLS_ECC_P384_Root_G5.pem
-r--r--r-- 1 root root  2008 May 16 06:24 DigiCert_TLS_RSA4096_Root_G5.pem
-r--r--r-- 1 root root  2073 May 16 06:24 DigiCert_Trusted_Root_G4.pem
-r--r--r-- 1 root root  1610 May 16 06:24 Entrust.net_Premium_2048_Secure_Server_CA.pem
-r--r--r-- 1 root root  1732 May 16 06:24 Entrust_Root_Certification_Authority.pem
-r--r--r-- 1 root root  1200 May 16 06:24 Entrust_Root_Certification_Authority_-_EC1.pem
-r--r--r-- 1 root root  1639 May 16 06:24 Entrust_Root_Certification_Authority_-_G2.pem
-r--r--r-- 1 root root  2350 May 16 06:24 Entrust_Root_Certification_Authority_-_G4.pem
-r--r--r-- 1 root root  2045 May 16 06:24 GDCA_TrustAUTH_R5_ROOT.pem
-r--r--r-- 1 root root  2045 May 16 06:24 GLOBALTRUST_2020.pem
-r--r--r-- 1 root root  1980 May 16 06:24 GTS_Root_R1.pem
-r--r--r-- 1 root root  1980 May 16 06:24 GTS_Root_R2.pem
-r--r--r-- 1 root root   834 May 16 06:24 GTS_Root_R3.pem
-r--r--r-- 1 root root   834 May 16 06:24 GTS_Root_R4.pem
-r--r--r-- 1 root root   794 May 16 06:24 GlobalSign_ECC_Root_CA_-_R4.pem
-r--r--r-- 1 root root   883 May 16 06:24 GlobalSign_ECC_Root_CA_-_R5.pem
-r--r--r-- 1 root root  1334 May 16 06:24 GlobalSign_Root_CA.pem
-r--r--r-- 1 root root  1314 May 16 06:24 GlobalSign_Root_CA_-_R3.pem
-r--r--r-- 1 root root  2053 May 16 06:24 GlobalSign_Root_CA_-_R6.pem
-r--r--r-- 1 root root   834 May 16 06:24 GlobalSign_Root_E46.pem
-r--r--r-- 1 root root  1980 May 16 06:24 GlobalSign_Root_R46.pem
-r--r--r-- 1 root root   879 May 16 06:24 GlobalSign_Secure_Mail_Root_E45.pem
-r--r--r-- 1 root root  2025 May 16 06:24 GlobalSign_Secure_Mail_Root_R45.pem
-r--r--r-- 1 root root  2666 May 16 06:24 Global_Chambersign_Root_-_2008.pem
-r--r--r-- 1 root root  1525 May 16 06:24 Go_Daddy_Class_2_CA.pem
-r--r--r-- 1 root root  1460 May 16 06:24 Go_Daddy_Root_Certificate_Authority_-_G2.pem
-r--r--r-- 1 root root   956 May 16 06:24 HARICA_Client_ECC_Root_CA_2021.pem
-r--r--r-- 1 root root  2102 May 16 06:24 HARICA_Client_RSA_Root_CA_2021.pem
-r--r--r-- 1 root root   944 May 16 06:24 HARICA_TLS_ECC_Root_CA_2021.pem
-r--r--r-- 1 root root  2090 May 16 06:24 HARICA_TLS_RSA_Root_CA_2021.pem
-r--r--r-- 1 root root  1151 May 16 06:24 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
-r--r--r-- 1 root root  2280 May 16 06:24 Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
-r--r--r-- 1 root root  2000 May 16 06:24 HiPKI_Root_CA_-_G1.pem
-r--r--r-- 1 root root  2142 May 16 06:24 Hongkong_Post_Root_CA_3.pem
-r--r--r-- 1 root root  1992 May 16 06:24 ISRG_Root_X1.pem
-r--r--r-- 1 root root   846 May 16 06:24 ISRG_Root_X2.pem
-r--r--r-- 1 root root  2016 May 16 06:24 IdenTrust_Commercial_Root_CA_1.pem
-r--r--r-- 1 root root  2029 May 16 06:24 IdenTrust_Public_Sector_Root_CA_1.pem
-r--r--r-- 1 root root  2171 May 16 06:24 Izenpe.com.pem
-r--r--r-- 1 root root  2069 May 16 06:24 LAWtrust_Root_CA2__4096_.pem
-r--r--r-- 1 root root  1553 May 16 06:24 Microsec_e-Szigno_Root_CA_2009.pem
-r--r--r-- 1 root root   972 May 16 06:24 Microsoft_ECC_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root  2122 May 16 06:24 Microsoft_RSA_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root  2106 May 16 06:24 NAVER_Global_Root_Certification_Authority.pem
-r--r--r-- 1 root root  1586 May 16 06:24 NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
-r--r--r-- 1 root root  1509 May 16 06:24 OISTE_WISeKey_Global_Root_GA_CA.pem
-r--r--r-- 1 root root  1440 May 16 06:24 OISTE_WISeKey_Global_Root_GB_CA.pem
-r--r--r-- 1 root root   989 May 16 06:24 OISTE_WISeKey_Global_Root_GC_CA.pem
-r--r--r-- 1 root root  2004 May 16 06:24 QuoVadis_Root_CA_1_G3.pem
-r--r--r-- 1 root root  2118 May 16 06:24 QuoVadis_Root_CA_2.pem
-r--r--r-- 1 root root  1992 May 16 06:24 QuoVadis_Root_CA_2_G3.pem
-r--r--r-- 1 root root  2431 May 16 06:24 QuoVadis_Root_CA_3.pem
-r--r--r-- 1 root root  2004 May 16 06:24 QuoVadis_Root_CA_3_G3.pem
-r--r--r-- 1 root root   920 May 16 06:24 SSL.com_Client_ECC_Root_CA_2022.pem
-r--r--r-- 1 root root  2069 May 16 06:24 SSL.com_Client_RSA_Root_CA_2022.pem
-r--r--r-- 1 root root  1050 May 16 06:24 SSL.com_EV_Root_Certification_Authority_ECC.pem
-r--r--r-- 1 root root  2211 May 16 06:24 SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
-r--r--r-- 1 root root  1050 May 16 06:24 SSL.com_Root_Certification_Authority_ECC.pem
-r--r--r-- 1 root root  2199 May 16 06:24 SSL.com_Root_Certification_Authority_RSA.pem
-r--r--r-- 1 root root   907 May 16 06:24 SSL.com_TLS_ECC_Root_CA_2022.pem
-r--r--r-- 1 root root  2057 May 16 06:24 SSL.com_TLS_RSA_Root_CA_2022.pem
-r--r--r-- 1 root root  1326 May 16 06:24 SZAFIR_ROOT_CA2.pem
-r--r--r-- 1 root root   911 May 16 06:24 Sectigo_Public_Email_Protection_Root_E46.pem
-r--r--r-- 1 root root  2061 May 16 06:24 Sectigo_Public_Email_Protection_Root_R46.pem
-r--r--r-- 1 root root   932 May 16 06:24 Sectigo_Public_Server_Authentication_Root_E46.pem
-r--r--r-- 1 root root  2081 May 16 06:24 Sectigo_Public_Server_Authentication_Root_R46.pem
-r--r--r-- 1 root root  1314 May 16 06:24 SecureSign_RootCA11.pem
-r--r--r-- 1 root root  1407 May 16 06:24 SecureTrust_CA.pem
-r--r--r-- 1 root root  1427 May 16 06:24 Secure_Global_CA.pem
-r--r--r-- 1 root root   928 May 16 06:24 Security_Communication_ECC_RootCA1.pem
-r--r--r-- 1 root root  1354 May 16 06:24 Security_Communication_RootCA2.pem
-r--r--r-- 1 root root  2057 May 16 06:24 Security_Communication_RootCA3.pem
-r--r--r-- 1 root root  1314 May 16 06:24 Security_Communication_Root_CA.pem
-r--r--r-- 1 root root  2037 May 16 06:24 Staat_der_Nederlanden_Root_CA_-_G3.pem
-r--r--r-- 1 root root  1545 May 16 06:24 Starfield_Class_2_CA.pem
-r--r--r-- 1 root root  1492 May 16 06:24 Starfield_Root_Certificate_Authority_-_G2.pem
-r--r--r-- 1 root root  1529 May 16 06:24 Starfield_Services_Root_Certificate_Authority_-_G2.pem
-r--r--r-- 1 root root  2126 May 16 06:24 SwissSign_Gold_CA_-_G2.pem
-r--r--r-- 1 root root  2134 May 16 06:24 SwissSign_Silver_CA_-_G2.pem
-r--r--r-- 1 root root  1553 May 16 06:24 Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
-r--r--r-- 1 root root  1553 May 16 06:24 Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
-r--r--r-- 1 root root  1456 May 16 06:24 T-TeleSec_GlobalRoot_Class_2.pem
-r--r--r-- 1 root root  1440 May 16 06:24 T-TeleSec_GlobalRoot_Class_3.pem
-r--r--r-- 1 root root  1679 May 16 06:24 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
-r--r--r-- 1 root root  1960 May 16 06:24 TWCA_Global_Root_CA.pem
-r--r--r-- 1 root root  1362 May 16 06:24 TWCA_Root_Certification_Authority.pem
-r--r--r-- 1 root root  1951 May 16 06:24 TeliaSonera_Root_CA_v1.pem
-r--r--r-- 1 root root  2025 May 16 06:24 Telia_Root_CA_v2.pem
-r--r--r-- 1 root root  2195 May 16 06:24 Trustwave_Global_Certification_Authority.pem
-r--r--r-- 1 root root  1001 May 16 06:24 Trustwave_Global_ECC_P256_Certification_Authority.pem
-r--r--r-- 1 root root  1086 May 16 06:24 Trustwave_Global_ECC_P384_Certification_Authority.pem
-r--r--r-- 1 root root  2098 May 16 06:24 TunTrust_Root_CA.pem
-r--r--r-- 1 root root  1992 May 16 06:24 UCA_Extended_Validation_Root.pem
-r--r--r-- 1 root root  1964 May 16 06:24 UCA_Global_G2_Root.pem
-r--r--r-- 1 root root  1050 May 16 06:24 USERTrust_ECC_Certification_Authority.pem
-r--r--r-- 1 root root  2195 May 16 06:24 USERTrust_RSA_Certification_Authority.pem
-r--r--r-- 1 root root  1602 May 16 06:24 Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
-r--r--r-- 1 root root  1602 May 16 06:24 Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
-r--r--r-- 1 root root  1590 May 16 06:24 XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 a2c66da8.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 a3418fda.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 a3896b44.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 a716d4ed.0 -> D-TRUST_EV_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    19 May 16 06:24 a81e292b.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 a89d74c2.0 -> SSL.com_TLS_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    13 May 16 06:24 a94d09e5.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 a9d40e02.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 ab5346f4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 ab59055e.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 af0a276f.0 -> Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 b0ed035a.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 b0f3e76e.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 b1b8a7f3.0 -> OISTE_WISeKey_Global_Root_GA_CA.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 b30d5fda.0 -> D-TRUST_BR_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    46 May 16 06:24 b3fb433b.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 b433981b.0 -> ANF_Secure_Server_Root_CA.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 b66938e9.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 b6782d18.0 -> Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 b727005e.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 b74d2bd5.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 b7a5b843.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 b7db1890.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 b7fe040a.0 -> Sectigo_Public_Email_Protection_Root_R46.pem
lrwxrwxrwx 1 root root    39 May 16 06:24 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 b872f2b4.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 b92fd57f.0 -> HARICA_TLS_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 b936d1c6.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 bc3f2570.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 bd43e1dd.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 bdacca6f.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 bf64f35b.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 c01eb047.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 c44cc0c0.0 -> DigiCert_TLS_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 c47d9980.0 -> Chambers_of_Commerce_Root_-_2008.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 c491639e.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 c559d742.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 c6127c60.0 -> D-TRUST_Root_CA_3_2013.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 c7f1359b.0 -> Security_Communication_ECC_RootCA1.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 c90bc37d.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 cb1c3204.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 cbb3f32b.0 -> SSL.com_TLS_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 cbd811bd.0 -> SSL.com_Client_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    14 May 16 06:24 cc450945.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 ccc52f49.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 cd58d51e.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 ce5e74ef.0 -> Amazon_Root_CA_1.pem
-r--r--r-- 1 root root  1249 May 16 06:24 certSIGN_ROOT_CA.pem
-r--r--r-- 1 root root  1955 May 16 06:24 certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 cf701eeb.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 d06393bb.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root    61 May 16 06:24 d16a5865.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 d16a5865.1 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 d18e9066.0 -> IdenTrust_Commercial_Root_CA_1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 d39b0a2c.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 d41b5e2a.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 d4c339cb.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 d52c538d.0 -> DigiCert_TLS_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 d59297b8.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 d6325660.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 d7746a63.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 d78a75c7.0 -> Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 d7e8dc79.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 d96b65e2.0 -> Certainly_Root_R1.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 da0cfd1d.0 -> Sectigo_Public_Server_Authentication_Root_E46.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 da7377f6.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 dbc54cab.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 dbff3a01.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 dc45b0bd.0 -> Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root    59 May 16 06:24 dc99f41e.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 dd8e9d41.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 de6d66f3.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 dfc0fe80.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
-r--r--r-- 1 root root   920 May 16 06:24 e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 e071171e.0 -> Sectigo_Public_Server_Authentication_Root_R46.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 e101c867.0 -> Sectigo_Public_Email_Protection_Root_E46.pem
lrwxrwxrwx 1 root root    12 May 16 06:24 e113c810.0 -> Certigna.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 e13665f9.0 -> TunTrust_Root_CA.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 e35234b1.0 -> Certum_Trusted_Root_CA.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e36a6752.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e442e424.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 e48193cf.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 e53e0c3b.0 -> DigiCert_SMIME_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 e7c037b4.0 -> GlobalSign_Root_E46.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 e8651083.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e868b802.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 e8de2f56.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 e915458f.0 -> HARICA_Client_ECC_Root_CA_2021.pem
-r--r--r-- 1 root root  2130 May 16 06:24 ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 ed39abd0.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 ed858448.0 -> vTrus_ECC_Root_CA.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 edcbddb5.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 edd09502.0 -> GlobalSign_Secure_Mail_Root_E45.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 ee1365c0.0 -> Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 ee532fd5.0 -> vTrus_ECC_Root_CA.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 ee64a828.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 eed8c118.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.pem
-r--r--r-- 1 root root   895 May 16 06:24 emSign_ECC_Root_CA_-_C3.pem
-r--r--r-- 1 root root   944 May 16 06:24 emSign_ECC_Root_CA_-_G3.pem
-r--r--r-- 1 root root  1334 May 16 06:24 emSign_Root_CA_-_C1.pem
-r--r--r-- 1 root root  1379 May 16 06:24 emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 f013ecaf.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 f058632f.0 -> Telia_Root_CA_v2.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 f081611a.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root    47 May 16 06:24 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 f0cd152c.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 f249de83.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 f3377b1b.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 f387163d.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 f39fc864.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 f459871d.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 f51bb24c.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 f84fab51.0 -> LAWtrust_Root_CA2__4096_.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 f8fc53da.0 -> Certum_Trusted_Root_CA.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fa5da96b.0 -> GLOBALTRUST_2020.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fb5fa911.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 fb717492.0 -> Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fd08c599.0 -> Amazon_Root_CA_1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fd64f3fc.0 -> TunTrust_Root_CA.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 fd6aad52.0 -> SSL.com_Client_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    12 May 16 06:24 fde84897.0 -> Certigna.pem
lrwxrwxrwx 1 root root    19 May 16 06:24 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 feffd413.0 -> GlobalSign_Root_E46.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 ffa7f1eb.0 -> BJCA_Global_Root_CA1.pem
-r--r--r-- 1 root root   834 May 16 06:24 vTrus_ECC_Root_CA.pem
-r--r--r-- 1 root root  1968 May 16 06:24 vTrus_Root_CA.pem

bobmorane83 avatar May 24 '24 13:05 bobmorane83

Removing /var/lib/ca-certificates directory in local/elemental-green-rpi:v2.1.0-g54664f8cf allow to generate the raw disk ... BTW, removing only openssldirectory lead to the same problem on pem

bobmorane83 avatar May 24 '24 14:05 bobmorane83

Removing /var/lib/ca-certificates directory in local/elemental-green-rpi:v2.1.0-g54664f8cf allow to generate the raw disk ...

BTW, removing only openssldirectory lead to the same problem on pem

That's interesting! Wonder what is special about that dir 🤔

frelon avatar May 24 '24 14:05 frelon

Not sure if this can be helpful, but I encountered a similar issue with an image that had a go package in it (installed via go install as a normal user).

The $HOME/go/pkg/mod folder is read only. So I had a similar issue with elemental-toolkit.

My solution for my specific use case was to use go clean -modcache. I did not have time yet to go through the codebase yet to see if there was a way to fix it for elemental-toolkit.

ghost avatar May 24 '24 14:05 ghost

We progress !

The ca-certificates directory is drwxr-xr-x. But with (for test for sure !) chmod -R a+rwx ca-certificates the image is generated !

But why not with other directories ???

And .... putting back to chmod -R 755 ca-certificates no more problem !!!!

It could be added in the Dockerfile I think, but only for Mac ?

Thanks !!!

bobmorane83 avatar May 24 '24 15:05 bobmorane83

And .... putting back to chmod -R 755 ca-certificates no more problem !!!!

RUN chmod -R 755 /var/lib/ca-certificates Not exactly back in fact :( I don't know the effect on openssl ...

bobmorane83 avatar May 24 '24 15:05 bobmorane83

Image boot normally and everything sound good :

  • ssh connect : ok
  • ssh-keygen : ok
  • adding authorized_keys : ok
elemental:~ # openssl version -a
OpenSSL 1.1.1l-fips  24 Aug 2021 SUSE release 150500.17.25.1

platform: linux-aarch64
options:  bn(64,64) rc4(char) des(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -Wa,--noexecstack -fno-common -Wall -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -D_FORTIFY_SOURCE=2 -DTERMIO -DPURIFY -D_GNU_SOURCE -DSUSE_OPENSSL_RELEASE=150500.17.25.1 -DOPENSSL_NO_BUF_FREELISTS -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: getrandom-syscall

elemental:~ # openssl s_client -connect www.google.fr:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.fr
verify return:1
---
Certificate chain
 0 s:CN = *.google.fr
   i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEjjCCA3agAwIBAgIRAPPr0OlJPow+EIp0xDPiZi8wDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwNTA2MTQ1NDIyWhcNMjQwNzI5
MTQ1NDIxWjAWMRQwEgYDVQQDDAsqLmdvb2dsZS5mcjBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABG0gQhwQBxlIiGbF01bL2dDch2Yi5OOtzU9+dZghSw20OWHnPyle
JKZiAszfWll7buTMgYc2W7Ytff7u+4JzwIejggJwMIICbDAOBgNVHQ8BAf8EBAMC
B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
yoa7qRilMoV4mjJSqItLZwNbuNMwHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU
83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w
a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv
L2NlcnRzL2d0czFjMy5kZXIwIQYDVR0RBBowGIILKi5nb29nbGUuZnKCCWdvb2ds
ZS5mcjAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1
MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFjMy9RcUZ4Ymk5TTQ4
Yy5jcmwwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgB2/4g/Crb7lVHCYcz1h7o0
tKTNuyncaEIKn+ZnTFo6dAAAAY9OnQGbAAAEAwBHMEUCIQDhct0MgVpnRICW1y4/
1ombFArce11m+vEZGhIW1seObgIgEFwjPZ13eY9ATkrsBK7+Pnl4ImoO+3f+sGw6
VGDBWWUAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY9OnQGP
AAAEAwBIMEYCIQDLeQ+MHJfpTaNdAO15h23QEUWXL4uYlOmP7woR1u3KjAIhAP50
u4hWMhaZIJN5gCjwiCrDxoc0JCTXOLB/pVUOK8tbMA0GCSqGSIb3DQEBCwUAA4IB
AQB+y1c6itWNuuxO0BNKat8R0R+pKnJHQZtWcLhGDkjU4jMrWCLLJkM+H9BPykH7
V/3QCNBSwDS1658Mdy/guWPeUNqSS5WfnqIUCuAQA6AqCkG1qDP6vUMQI/UcaVLg
VXvxCIJUY6lJONNAT2hCBZkUI16H1azrSroHF7dUUYqVmVIHbmiTBvXRL8j95tZ4
tYjXTtKyUQmqMURrtO7dA2Xl/0iW/vzPivV72PwwcgrT/BUoAGSDUx1+RwEzPY1b
CKmbBDJvxMoDBJ046H9pQpbo3XXYYN6n+jpS+AQmlLl77+ULo8z9whKV+7ssmlNz
Luw+UMHb2zd1PhPHim4dmVKE
-----END CERTIFICATE-----
subject=CN = *.google.fr

issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4301 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read:errno=0

elemental:~ # echo | openssl s_client -connect example.org:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Jan 30 00:00:00 2024 GMT
notAfter=Mar  1 23:59:59 2025 GMT

bobmorane83 avatar May 24 '24 15:05 bobmorane83

The only cleanest way I found working :

RUN chmod -R 744 /var/lib/ca-certificates/openssl
RUN chmod -R 744 /var/lib/ca-certificates/pem

bobmorane83 avatar May 24 '24 20:05 bobmorane83

Great job debugging this! I would be hesitant adding this directly to the examples right now, but if you want to put up a PR with the findings to the troubleshooting guide I would be happy to merge it!

frelon avatar May 27 '24 06:05 frelon

BTW I had also to remove the --xattrs option here.

I'll try to make a troubleshooting guide ASAP.

bobmorane83 avatar May 29 '24 07:05 bobmorane83