Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compiling on Mac M1 #2090

Open
bobmorane83 opened this issue May 22, 2024 · 15 comments
Open

Compiling on Mac M1 #2090

bobmorane83 opened this issue May 22, 2024 · 15 comments
Labels
architecture/arm64 area/rawdisk kind/bug Something isn't working

Comments

@bobmorane83
Copy link
Contributor

Hi,
I'am trying to compile on my Mac Book Pro M1 and have issues :

elemental-toolkit version:

Git cloned lastly. Last commit 54664f8

Describe the bug

make ARCH=arm64 build build-os
run fine, but
make ARCH=arm64 build-rpi-disk

INFO[2024-05-22T09:09:30Z] Building disk image type raw for arch        
INFO[2024-05-22T09:09:30Z] Running before-disk hook                     
INFO[2024-05-22T09:09:30Z] Copying local/elemental-green-rpi:v2.1.0-g54664f8cf source... 
ERRO[2024-05-22T09:10:27Z] failed loading recovery image source tree: chmod /build/build/recovery.img.root/var/lib/ca-certificates/openssl: permission denied 
ERRO[2024-05-22T09:10:40Z] Woophs, something went terribly wrong: 1 error occurred:
        * chmod /build/build/recovery.img.root/var/lib/ca-certificates/openssl: permission denied

I suspect this is due to the lake of loop device on mac.

BR,
@frelon
Copy link
Contributor

frelon commented May 23, 2024

Hmm, in this step it should only try to extract the filesystem from the image and put in a local directory.. are you running rootless docker by any chance?

@bobmorane83
Copy link
Contributor Author

bobmorane83 commented May 23, 2024
edited
Loading

AFAK docker engine inside the VM (docker desktop on mac) is not running rootless.

image

@bobmorane83
Copy link
Contributor Author

Running :
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /Users/macbook/Developpement/rancher/elemental-toolkit/examples:/examples --entrypoint /bin/bash local/elemental-toolkit:v2.1.0-g54664f8cf

and then in the container :
/usr/bin/elemental --debug build-disk --platform linux/arm64 --cloud-init-paths /examples/green-rpi --expandable -n elemental-green-rpi.aarch64 --local --squash-no-compression --deploy-command elemental,--debug,reset,--reboot,--disable-boot-entry -o /build --system local/elemental-green-rpi:v2.1.0-g54664f8cf

gives the correct result (of course inside the container).

So, the problème is obviously the right to write on host build directory, but adding chmod a+w build do not solve the problem.

I even try sudo make, same problem ...

@bobmorane83
Copy link
Contributor Author

Surprisingly :

❯ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /Users/macbook/Developpement/rancher/elemental-toolkit/examples:/examples -v /Users/macbook/Developpement/rancher/elemental-toolkit/build:/build  --entrypoint /bin/bash local/elemental-toolkit:v2.1.0-g54664f8cf
4692b3322d9d:/ # touch build/toto
4692b3322d9d:/ # exit
exit
❯ ls build
toto

@frelon
Copy link
Contributor

frelon commented May 24, 2024

Surprisingly :


❯ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /Users/macbook/Developpement/rancher/elemental-toolkit/examples:/examples -v /Users/macbook/Developpement/rancher/elemental-toolkit/build:/build  --entrypoint /bin/bash local/elemental-toolkit:v2.1.0-g54664f8cf

4692b3322d9d:/ # touch build/toto

4692b3322d9d:/ # exit

exit

❯ ls build

toto

Hmm, can you chmod the toto file?

@bobmorane83
Copy link
Contributor Author

bobmorane83 commented May 24, 2024
edited
Loading

Hmm, can you chmod the toto file?

Yes :

> chmod a+rwx build/toto
> ll build/toto
-rwxrwxrwx 1 root root 0 May 24 13:22 build/toto

Looking at /var/lib/ca-certificates/openssl in local/elemental-green-rpi:v2.1.0-g54664f8cf found nothing fancy for rights ...

df623751485c:/var/lib/ca-certificates/openssl # ls -la
total 744
dr-xr-xr-x 2 root root 20480 May 16 06:24 .
drwxr-xr-x 4 root root  4096 May 16 06:24 ..
lrwxrwxrwx 1 root root    23 May 16 06:24 002c0b4f.0 -> GlobalSign_Root_R46.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 01419da9.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 0179095f.0 -> BJCA_Global_Root_CA1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 04f60c28.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root    50 May 16 06:24 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 0708417d.0 -> Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 08063a00.0 -> Security_Communication_RootCA3.pem
lrwxrwxrwx 1 root root    54 May 16 06:24 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 0a775a30.0 -> GTS_Root_R3.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 0b1b94ef.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 0b7c536a.0 -> D-TRUST_Root_CA_3_2013.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 0b9bc432.0 -> ISRG_Root_X2.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 0c4c9b6c.0 -> Global_Chambersign_Root_-_2008.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 0d01cc9c.0 -> GlobalSign_Secure_Mail_Root_R45.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 0d69c7e1.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 0d972af8.0 -> GlobalSign_Secure_Mail_Root_R45.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 0f5dc4f3.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 1001acf7.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root    54 May 16 06:24 10531352.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    46 May 16 06:24 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 11f154d6.0 -> Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 128f4b91.0 -> Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 1320b215.0 -> Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 1422d63c.0 -> DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 1766e401.0 -> GlobalSign_Secure_Mail_Root_E45.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 18856ac4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 19dbc0dd.0 -> DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 1ae85e5e.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 1b0f7e5c.0 -> GlobalSign_Root_R46.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 1df5a75f.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 1e1eab7c.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 1e8e7201.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 1eb37bdf.0 -> Chambers_of_Commerce_Root_-_2008.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 1ec40989.0 -> GLOBALTRUST_2020.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 1f58a078.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 219d9499.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 23f4c490.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 24a5a1df.0 -> Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem
lrwxrwxrwx 1 root root    33 May 16 06:24 252252d2.0 -> DigiCert_TLS_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 26312675.0 -> Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 2923b3f9.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 2add47b6.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 2ae6433e.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 2b349938.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 2c63f966.0 -> SSL.com_TLS_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 2c9bcd6c.0 -> LAWtrust_Root_CA2__4096_.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 2d21b73c.0 -> Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 2d9dafe4.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 2dab9e33.0 -> HARICA_Client_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 302904dd.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 304d27c3.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 31188b5e.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 3136ea36.0 -> Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem
lrwxrwxrwx 1 root root    59 May 16 06:24 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 33ee480d.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 35105088.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 3513523f.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 399e7759.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 3a3b02ce.0 -> OISTE_WISeKey_Global_Root_GA_CA.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 3ad48a91.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 3afde786.0 -> Sectigo_Public_Server_Authentication_Root_E46.pem
lrwxrwxrwx 1 root root    61 May 16 06:24 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 3bde41ac.1 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 3c860d51.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 3c899c73.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root    13 May 16 06:24 3c9a4d3b.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 3d3ee9f3.0 -> DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 3e359ba6.0 -> BJCA_Global_Root_CA2.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 3e7271e8.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 40193066.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 4042bcee.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 40547a79.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 406c9bb1.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 41a3f684.0 -> Certum_EC-384_CA.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 442adcac.0 -> Certum_Root_CA.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 455f1b52.0 -> Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 4632c230.0 -> HARICA_Client_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root    14 May 16 06:24 48a195d8.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 48bec511.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 4be590e0.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 4c3982f2.0 -> HARICA_TLS_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 4c3cbf99.0 -> Sectigo_Public_Email_Protection_Root_E46.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 4c95c52e.0 -> DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 4f316efb.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 5046c355.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 52b525c7.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 53a1b57a.0 -> HiPKI_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 54657681.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root    50 May 16 06:24 583d0756.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 5860aaa6.0 -> Security_Communication_ECC_RootCA1.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 5931b5bc.0 -> D-TRUST_EV_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 5a250ea7.0 -> Staat_der_Nederlanden_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 5a3f0ff8.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 5a4d6896.0 -> Staat_der_Nederlanden_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 5acf816d.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 5ad8a5d6.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 5c79eb85.0 -> Sectigo_Public_Email_Protection_Root_R46.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 5f15c80c.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 5f47b495.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 5f618aec.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root    39 May 16 06:24 5f9a69fa.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 5fdd185d.0 -> Certainly_Root_E1.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 607986c7.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root    48 May 16 06:24 60afe812.0 -> NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 6187b673.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 626dceaf.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 63a2c897.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 653b494a.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 661273b5.0 -> SSL.com_Client_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 68dd7389.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 69105f4f.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 6b03dec0.0 -> GTS_Root_R3.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 6b99d060.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 6d41d539.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 6e8bf996.0 -> Certum_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 6f7454b3.0 -> Security_Communication_RootCA3.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 706f604c.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 749e9e03.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 75680d2e.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 76579174.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 76763419.0 -> DigiCert_SMIME_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 76faf6c0.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 779a714a.0 -> DigiCert_SMIME_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    47 May 16 06:24 7892ad52.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    17 May 16 06:24 7a3adc42.0 -> vTrus_Root_CA.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 7a780d93.0 -> Certainly_Root_R1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 7a7c655d.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 7a819ef2.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 7e067d03.0 -> BJCA_Global_Root_CA2.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 7ffa47b4.0 -> SSL.com_Client_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 81b9768f.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 82223c44.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 83e9984f.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 8508e720.0 -> Certainly_Root_E1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 85cde254.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 86212b19.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 865fbdf9.0 -> SSL.com_TLS_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 869fbf79.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 8794b4e3.0 -> ISRG_Root_X2.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 882de061.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 88950faa.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 896c8bb4.0 -> Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 89c02a45.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 8cb5ee0f.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 8d6437c3.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 8d86cdd1.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 8f103249.0 -> Telia_Root_CA_v2.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 9046744a.0 -> Sectigo_Public_Server_Authentication_Root_R46.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 90c5a3c8.0 -> HiPKI_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    16 May 16 06:24 9282e51c.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 930ac5d2.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 9339512a.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 93851c9e.0 -> ANF_Secure_Server_Root_CA.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 93bc0acc.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 9479c8c3.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 9482e63a.0 -> Certum_EC-384_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 94bd6eb5.0 -> HARICA_Client_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 9576d26b.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 9591a472.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 95aff9e3.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root    33 May 16 06:24 9846683b.0 -> DigiCert_TLS_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 985c1f52.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root    48 May 16 06:24 988a38cb.0 -> NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
lrwxrwxrwx 1 root root    17 May 16 06:24 99e1b953.0 -> vTrus_Root_CA.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 9aef356c.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 9b46e03d.0 -> Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 9d6523ce.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 9eeb53aa.0 -> DigiCert_SMIME_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 9ef4a08a.0 -> D-TRUST_BR_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 9f533518.0 -> Global_Chambersign_Root_-_2008.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.pem
-r--r--r-- 1 root root  2837 May 16 06:24 ACCVRAIZ1.pem
-r--r--r-- 1 root root  2033 May 16 06:24 AC_RAIZ_FNMT-RCM.pem
-r--r--r-- 1 root root   989 May 16 06:24 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
-r--r--r-- 1 root root  2191 May 16 06:24 ANF_Secure_Server_Root_CA.pem
-r--r--r-- 1 root root  2138 May 16 06:24 Actalis_Authentication_Root_CA.pem
-r--r--r-- 1 root root  1273 May 16 06:24 AffirmTrust_Commercial.pem
-r--r--r-- 1 root root  1273 May 16 06:24 AffirmTrust_Networking.pem
-r--r--r-- 1 root root  1951 May 16 06:24 AffirmTrust_Premium.pem
-r--r--r-- 1 root root   822 May 16 06:24 AffirmTrust_Premium_ECC.pem
-r--r--r-- 1 root root  1261 May 16 06:24 Amazon_Root_CA_1.pem
-r--r--r-- 1 root root  1955 May 16 06:24 Amazon_Root_CA_2.pem
-r--r--r-- 1 root root   729 May 16 06:24 Amazon_Root_CA_3.pem
-r--r--r-- 1 root root   810 May 16 06:24 Amazon_Root_CA_4.pem
-r--r--r-- 1 root root  1342 May 16 06:24 Atos_TrustedRoot_2011.pem
-r--r--r-- 1 root root   907 May 16 06:24 Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem
-r--r--r-- 1 root root   871 May 16 06:24 Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
-r--r--r-- 1 root root  2053 May 16 06:24 Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem
-r--r--r-- 1 root root  2016 May 16 06:24 Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
-r--r--r-- 1 root root  2297 May 16 06:24 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem
-r--r--r-- 1 root root  2297 May 16 06:24 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
-r--r--r-- 1 root root  2029 May 16 06:24 BJCA_Global_Root_CA1.pem
-r--r--r-- 1 root root   883 May 16 06:24 BJCA_Global_Root_CA2.pem
-r--r--r-- 1 root root  1346 May 16 06:24 Baltimore_CyberTrust_Root.pem
-r--r--r-- 1 root root  1984 May 16 06:24 Buypass_Class_2_Root_CA.pem
-r--r--r-- 1 root root  1984 May 16 06:24 Buypass_Class_3_Root_CA.pem
-r--r--r-- 1 root root  2008 May 16 06:24 CA_Disig_Root_R2.pem
-r--r--r-- 1 root root  2041 May 16 06:24 CFCA_EV_ROOT.pem
-r--r--r-- 1 root root  1578 May 16 06:24 COMODO_Certification_Authority.pem
-r--r--r-- 1 root root  1037 May 16 06:24 COMODO_ECC_Certification_Authority.pem
-r--r--r-- 1 root root  2183 May 16 06:24 COMODO_RSA_Certification_Authority.pem
-r--r--r-- 1 root root   802 May 16 06:24 Certainly_Root_E1.pem
-r--r--r-- 1 root root  1951 May 16 06:24 Certainly_Root_R1.pem
-r--r--r-- 1 root root  1391 May 16 06:24 Certigna.pem
-r--r--r-- 1 root root  2337 May 16 06:24 Certigna_Root_CA.pem
-r--r--r-- 1 root root   964 May 16 06:24 Certum_EC-384_CA.pem
-r--r--r-- 1 root root  1175 May 16 06:24 Certum_Root_CA.pem
-r--r--r-- 1 root root  1440 May 16 06:24 Certum_Trusted_Network_CA.pem
-r--r--r-- 1 root root  2167 May 16 06:24 Certum_Trusted_Network_CA_2.pem
-r--r--r-- 1 root root  2134 May 16 06:24 Certum_Trusted_Root_CA.pem
-r--r--r-- 1 root root  2675 May 16 06:24 Chambers_of_Commerce_Root_-_2008.pem
-r--r--r-- 1 root root  1598 May 16 06:24 Comodo_AAA_Services_root.pem
-r--r--r-- 1 root root  1123 May 16 06:24 D-TRUST_BR_Root_CA_1_2020.pem
-r--r--r-- 1 root root  1123 May 16 06:24 D-TRUST_EV_Root_CA_1_2020.pem
-r--r--r-- 1 root root  1533 May 16 06:24 D-TRUST_Root_CA_3_2013.pem
-r--r--r-- 1 root root  1594 May 16 06:24 D-TRUST_Root_Class_3_CA_2_2009.pem
-r--r--r-- 1 root root  1622 May 16 06:24 D-TRUST_Root_Class_3_CA_2_EV_2009.pem
-r--r--r-- 1 root root   980 May 16 06:24 DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem
-r--r--r-- 1 root root  2118 May 16 06:24 DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem
-r--r--r-- 1 root root  1435 May 16 06:24 DigiCert_Assured_ID_Root_CA.pem
-r--r--r-- 1 root root  1391 May 16 06:24 DigiCert_Assured_ID_Root_G2.pem
-r--r--r-- 1 root root   936 May 16 06:24 DigiCert_Assured_ID_Root_G3.pem
-r--r--r-- 1 root root  1419 May 16 06:24 DigiCert_Global_Root_CA.pem
-r--r--r-- 1 root root  1375 May 16 06:24 DigiCert_Global_Root_G2.pem
-r--r--r-- 1 root root   924 May 16 06:24 DigiCert_Global_Root_G3.pem
-r--r--r-- 1 root root  1464 May 16 06:24 DigiCert_High_Assurance_EV_Root_CA.pem
-r--r--r-- 1 root root   871 May 16 06:24 DigiCert_SMIME_ECC_P384_Root_G5.pem
-r--r--r-- 1 root root  2016 May 16 06:24 DigiCert_SMIME_RSA4096_Root_G5.pem
-r--r--r-- 1 root root   867 May 16 06:24 DigiCert_TLS_ECC_P384_Root_G5.pem
-r--r--r-- 1 root root  2008 May 16 06:24 DigiCert_TLS_RSA4096_Root_G5.pem
-r--r--r-- 1 root root  2073 May 16 06:24 DigiCert_Trusted_Root_G4.pem
-r--r--r-- 1 root root  1610 May 16 06:24 Entrust.net_Premium_2048_Secure_Server_CA.pem
-r--r--r-- 1 root root  1732 May 16 06:24 Entrust_Root_Certification_Authority.pem
-r--r--r-- 1 root root  1200 May 16 06:24 Entrust_Root_Certification_Authority_-_EC1.pem
-r--r--r-- 1 root root  1639 May 16 06:24 Entrust_Root_Certification_Authority_-_G2.pem
-r--r--r-- 1 root root  2350 May 16 06:24 Entrust_Root_Certification_Authority_-_G4.pem
-r--r--r-- 1 root root  2045 May 16 06:24 GDCA_TrustAUTH_R5_ROOT.pem
-r--r--r-- 1 root root  2045 May 16 06:24 GLOBALTRUST_2020.pem
-r--r--r-- 1 root root  1980 May 16 06:24 GTS_Root_R1.pem
-r--r--r-- 1 root root  1980 May 16 06:24 GTS_Root_R2.pem
-r--r--r-- 1 root root   834 May 16 06:24 GTS_Root_R3.pem
-r--r--r-- 1 root root   834 May 16 06:24 GTS_Root_R4.pem
-r--r--r-- 1 root root   794 May 16 06:24 GlobalSign_ECC_Root_CA_-_R4.pem
-r--r--r-- 1 root root   883 May 16 06:24 GlobalSign_ECC_Root_CA_-_R5.pem
-r--r--r-- 1 root root  1334 May 16 06:24 GlobalSign_Root_CA.pem
-r--r--r-- 1 root root  1314 May 16 06:24 GlobalSign_Root_CA_-_R3.pem
-r--r--r-- 1 root root  2053 May 16 06:24 GlobalSign_Root_CA_-_R6.pem
-r--r--r-- 1 root root   834 May 16 06:24 GlobalSign_Root_E46.pem
-r--r--r-- 1 root root  1980 May 16 06:24 GlobalSign_Root_R46.pem
-r--r--r-- 1 root root   879 May 16 06:24 GlobalSign_Secure_Mail_Root_E45.pem
-r--r--r-- 1 root root  2025 May 16 06:24 GlobalSign_Secure_Mail_Root_R45.pem
-r--r--r-- 1 root root  2666 May 16 06:24 Global_Chambersign_Root_-_2008.pem
-r--r--r-- 1 root root  1525 May 16 06:24 Go_Daddy_Class_2_CA.pem
-r--r--r-- 1 root root  1460 May 16 06:24 Go_Daddy_Root_Certificate_Authority_-_G2.pem
-r--r--r-- 1 root root   956 May 16 06:24 HARICA_Client_ECC_Root_CA_2021.pem
-r--r--r-- 1 root root  2102 May 16 06:24 HARICA_Client_RSA_Root_CA_2021.pem
-r--r--r-- 1 root root   944 May 16 06:24 HARICA_TLS_ECC_Root_CA_2021.pem
-r--r--r-- 1 root root  2090 May 16 06:24 HARICA_TLS_RSA_Root_CA_2021.pem
-r--r--r-- 1 root root  1151 May 16 06:24 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
-r--r--r-- 1 root root  2280 May 16 06:24 Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
-r--r--r-- 1 root root  2000 May 16 06:24 HiPKI_Root_CA_-_G1.pem
-r--r--r-- 1 root root  2142 May 16 06:24 Hongkong_Post_Root_CA_3.pem
-r--r--r-- 1 root root  1992 May 16 06:24 ISRG_Root_X1.pem
-r--r--r-- 1 root root   846 May 16 06:24 ISRG_Root_X2.pem
-r--r--r-- 1 root root  2016 May 16 06:24 IdenTrust_Commercial_Root_CA_1.pem
-r--r--r-- 1 root root  2029 May 16 06:24 IdenTrust_Public_Sector_Root_CA_1.pem
-r--r--r-- 1 root root  2171 May 16 06:24 Izenpe.com.pem
-r--r--r-- 1 root root  2069 May 16 06:24 LAWtrust_Root_CA2__4096_.pem
-r--r--r-- 1 root root  1553 May 16 06:24 Microsec_e-Szigno_Root_CA_2009.pem
-r--r--r-- 1 root root   972 May 16 06:24 Microsoft_ECC_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root  2122 May 16 06:24 Microsoft_RSA_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root  2106 May 16 06:24 NAVER_Global_Root_Certification_Authority.pem
-r--r--r-- 1 root root  1586 May 16 06:24 NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
-r--r--r-- 1 root root  1509 May 16 06:24 OISTE_WISeKey_Global_Root_GA_CA.pem
-r--r--r-- 1 root root  1440 May 16 06:24 OISTE_WISeKey_Global_Root_GB_CA.pem
-r--r--r-- 1 root root   989 May 16 06:24 OISTE_WISeKey_Global_Root_GC_CA.pem
-r--r--r-- 1 root root  2004 May 16 06:24 QuoVadis_Root_CA_1_G3.pem
-r--r--r-- 1 root root  2118 May 16 06:24 QuoVadis_Root_CA_2.pem
-r--r--r-- 1 root root  1992 May 16 06:24 QuoVadis_Root_CA_2_G3.pem
-r--r--r-- 1 root root  2431 May 16 06:24 QuoVadis_Root_CA_3.pem
-r--r--r-- 1 root root  2004 May 16 06:24 QuoVadis_Root_CA_3_G3.pem
-r--r--r-- 1 root root   920 May 16 06:24 SSL.com_Client_ECC_Root_CA_2022.pem
-r--r--r-- 1 root root  2069 May 16 06:24 SSL.com_Client_RSA_Root_CA_2022.pem
-r--r--r-- 1 root root  1050 May 16 06:24 SSL.com_EV_Root_Certification_Authority_ECC.pem
-r--r--r-- 1 root root  2211 May 16 06:24 SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
-r--r--r-- 1 root root  1050 May 16 06:24 SSL.com_Root_Certification_Authority_ECC.pem
-r--r--r-- 1 root root  2199 May 16 06:24 SSL.com_Root_Certification_Authority_RSA.pem
-r--r--r-- 1 root root   907 May 16 06:24 SSL.com_TLS_ECC_Root_CA_2022.pem
-r--r--r-- 1 root root  2057 May 16 06:24 SSL.com_TLS_RSA_Root_CA_2022.pem
-r--r--r-- 1 root root  1326 May 16 06:24 SZAFIR_ROOT_CA2.pem
-r--r--r-- 1 root root   911 May 16 06:24 Sectigo_Public_Email_Protection_Root_E46.pem
-r--r--r-- 1 root root  2061 May 16 06:24 Sectigo_Public_Email_Protection_Root_R46.pem
-r--r--r-- 1 root root   932 May 16 06:24 Sectigo_Public_Server_Authentication_Root_E46.pem
-r--r--r-- 1 root root  2081 May 16 06:24 Sectigo_Public_Server_Authentication_Root_R46.pem
-r--r--r-- 1 root root  1314 May 16 06:24 SecureSign_RootCA11.pem
-r--r--r-- 1 root root  1407 May 16 06:24 SecureTrust_CA.pem
-r--r--r-- 1 root root  1427 May 16 06:24 Secure_Global_CA.pem
-r--r--r-- 1 root root   928 May 16 06:24 Security_Communication_ECC_RootCA1.pem
-r--r--r-- 1 root root  1354 May 16 06:24 Security_Communication_RootCA2.pem
-r--r--r-- 1 root root  2057 May 16 06:24 Security_Communication_RootCA3.pem
-r--r--r-- 1 root root  1314 May 16 06:24 Security_Communication_Root_CA.pem
-r--r--r-- 1 root root  2037 May 16 06:24 Staat_der_Nederlanden_Root_CA_-_G3.pem
-r--r--r-- 1 root root  1545 May 16 06:24 Starfield_Class_2_CA.pem
-r--r--r-- 1 root root  1492 May 16 06:24 Starfield_Root_Certificate_Authority_-_G2.pem
-r--r--r-- 1 root root  1529 May 16 06:24 Starfield_Services_Root_Certificate_Authority_-_G2.pem
-r--r--r-- 1 root root  2126 May 16 06:24 SwissSign_Gold_CA_-_G2.pem
-r--r--r-- 1 root root  2134 May 16 06:24 SwissSign_Silver_CA_-_G2.pem
-r--r--r-- 1 root root  1553 May 16 06:24 Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
-r--r--r-- 1 root root  1553 May 16 06:24 Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
-r--r--r-- 1 root root  1456 May 16 06:24 T-TeleSec_GlobalRoot_Class_2.pem
-r--r--r-- 1 root root  1440 May 16 06:24 T-TeleSec_GlobalRoot_Class_3.pem
-r--r--r-- 1 root root  1679 May 16 06:24 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
-r--r--r-- 1 root root  1960 May 16 06:24 TWCA_Global_Root_CA.pem
-r--r--r-- 1 root root  1362 May 16 06:24 TWCA_Root_Certification_Authority.pem
-r--r--r-- 1 root root  1951 May 16 06:24 TeliaSonera_Root_CA_v1.pem
-r--r--r-- 1 root root  2025 May 16 06:24 Telia_Root_CA_v2.pem
-r--r--r-- 1 root root  2195 May 16 06:24 Trustwave_Global_Certification_Authority.pem
-r--r--r-- 1 root root  1001 May 16 06:24 Trustwave_Global_ECC_P256_Certification_Authority.pem
-r--r--r-- 1 root root  1086 May 16 06:24 Trustwave_Global_ECC_P384_Certification_Authority.pem
-r--r--r-- 1 root root  2098 May 16 06:24 TunTrust_Root_CA.pem
-r--r--r-- 1 root root  1992 May 16 06:24 UCA_Extended_Validation_Root.pem
-r--r--r-- 1 root root  1964 May 16 06:24 UCA_Global_G2_Root.pem
-r--r--r-- 1 root root  1050 May 16 06:24 USERTrust_ECC_Certification_Authority.pem
-r--r--r-- 1 root root  2195 May 16 06:24 USERTrust_RSA_Certification_Authority.pem
-r--r--r-- 1 root root  1602 May 16 06:24 Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
-r--r--r-- 1 root root  1602 May 16 06:24 Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
-r--r--r-- 1 root root  1590 May 16 06:24 XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 a2c66da8.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 a3418fda.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 a3896b44.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 a716d4ed.0 -> D-TRUST_EV_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    19 May 16 06:24 a81e292b.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 a89d74c2.0 -> SSL.com_TLS_RSA_Root_CA_2022.pem
lrwxrwxrwx 1 root root    13 May 16 06:24 a94d09e5.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 a9d40e02.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 ab5346f4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 ab59055e.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 af0a276f.0 -> Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 b0ed035a.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 b0f3e76e.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 b1b8a7f3.0 -> OISTE_WISeKey_Global_Root_GA_CA.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 b30d5fda.0 -> D-TRUST_BR_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root    46 May 16 06:24 b3fb433b.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root    29 May 16 06:24 b433981b.0 -> ANF_Secure_Server_Root_CA.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 b66938e9.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 b6782d18.0 -> Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 b727005e.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 b74d2bd5.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 b7a5b843.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 b7db1890.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 b7fe040a.0 -> Sectigo_Public_Email_Protection_Root_R46.pem
lrwxrwxrwx 1 root root    39 May 16 06:24 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 b872f2b4.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 b92fd57f.0 -> HARICA_TLS_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 b936d1c6.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 bc3f2570.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 bd43e1dd.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 bdacca6f.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root    40 May 16 06:24 bf64f35b.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 c01eb047.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 c44cc0c0.0 -> DigiCert_TLS_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    36 May 16 06:24 c47d9980.0 -> Chambers_of_Commerce_Root_-_2008.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 c491639e.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 c559d742.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 c6127c60.0 -> D-TRUST_Root_CA_3_2013.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 c7f1359b.0 -> Security_Communication_ECC_RootCA1.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 c90bc37d.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 cb1c3204.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 cbb3f32b.0 -> SSL.com_TLS_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 cbd811bd.0 -> SSL.com_Client_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root    14 May 16 06:24 cc450945.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 ccc52f49.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 cd58d51e.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 ce5e74ef.0 -> Amazon_Root_CA_1.pem
-r--r--r-- 1 root root  1249 May 16 06:24 certSIGN_ROOT_CA.pem
-r--r--r-- 1 root root  1955 May 16 06:24 certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 cf701eeb.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 d06393bb.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root    61 May 16 06:24 d16a5865.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root    63 May 16 06:24 d16a5865.1 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 d18e9066.0 -> IdenTrust_Commercial_Root_CA_1.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 d39b0a2c.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 d41b5e2a.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 d4c339cb.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 d52c538d.0 -> DigiCert_TLS_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 d59297b8.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 d6325660.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    37 May 16 06:24 d7746a63.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 d78a75c7.0 -> Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    22 May 16 06:24 d7e8dc79.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root    53 May 16 06:24 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 d96b65e2.0 -> Certainly_Root_R1.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 da0cfd1d.0 -> Sectigo_Public_Server_Authentication_Root_E46.pem
lrwxrwxrwx 1 root root    32 May 16 06:24 da7377f6.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 dbc54cab.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 dbff3a01.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 dc45b0bd.0 -> Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root    59 May 16 06:24 dc99f41e.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 dd8e9d41.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 de6d66f3.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 dfc0fe80.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
-r--r--r-- 1 root root   920 May 16 06:24 e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 e071171e.0 -> Sectigo_Public_Server_Authentication_Root_R46.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 e101c867.0 -> Sectigo_Public_Email_Protection_Root_E46.pem
lrwxrwxrwx 1 root root    12 May 16 06:24 e113c810.0 -> Certigna.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 e13665f9.0 -> TunTrust_Root_CA.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 e35234b1.0 -> Certum_Trusted_Root_CA.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e36a6752.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e442e424.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 e48193cf.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 e53e0c3b.0 -> DigiCert_SMIME_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 e7c037b4.0 -> GlobalSign_Root_E46.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 e8651083.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root    25 May 16 06:24 e868b802.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 e8de2f56.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 e915458f.0 -> HARICA_Client_ECC_Root_CA_2021.pem
-r--r--r-- 1 root root  2130 May 16 06:24 ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root    31 May 16 06:24 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root    27 May 16 06:24 ed39abd0.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 ed858448.0 -> vTrus_ECC_Root_CA.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 edcbddb5.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 edd09502.0 -> GlobalSign_Secure_Mail_Root_E45.pem
lrwxrwxrwx 1 root root    64 May 16 06:24 ee1365c0.0 -> Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
lrwxrwxrwx 1 root root    21 May 16 06:24 ee532fd5.0 -> vTrus_ECC_Root_CA.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 ee64a828.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root    38 May 16 06:24 eed8c118.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.pem
-r--r--r-- 1 root root   895 May 16 06:24 emSign_ECC_Root_CA_-_C3.pem
-r--r--r-- 1 root root   944 May 16 06:24 emSign_ECC_Root_CA_-_G3.pem
-r--r--r-- 1 root root  1334 May 16 06:24 emSign_Root_CA_-_C1.pem
-r--r--r-- 1 root root  1379 May 16 06:24 emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    15 May 16 06:24 f013ecaf.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 f058632f.0 -> Telia_Root_CA_v2.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 f081611a.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root    47 May 16 06:24 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root    45 May 16 06:24 f0cd152c.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root    44 May 16 06:24 f249de83.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root    34 May 16 06:24 f3377b1b.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 f387163d.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root    18 May 16 06:24 f39fc864.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 f459871d.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 f51bb24c.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root    28 May 16 06:24 f84fab51.0 -> LAWtrust_Root_CA2__4096_.pem
lrwxrwxrwx 1 root root    26 May 16 06:24 f8fc53da.0 -> Certum_Trusted_Root_CA.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fa5da96b.0 -> GLOBALTRUST_2020.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fb5fa911.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 fb717492.0 -> Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
lrwxrwxrwx 1 root root    41 May 16 06:24 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fd08c599.0 -> Amazon_Root_CA_1.pem
lrwxrwxrwx 1 root root    20 May 16 06:24 fd64f3fc.0 -> TunTrust_Root_CA.pem
lrwxrwxrwx 1 root root    35 May 16 06:24 fd6aad52.0 -> SSL.com_Client_ECC_Root_CA_2022.pem
lrwxrwxrwx 1 root root    12 May 16 06:24 fde84897.0 -> Certigna.pem
lrwxrwxrwx 1 root root    19 May 16 06:24 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root    23 May 16 06:24 feffd413.0 -> GlobalSign_Root_E46.pem
lrwxrwxrwx 1 root root    49 May 16 06:24 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
lrwxrwxrwx 1 root root    24 May 16 06:24 ffa7f1eb.0 -> BJCA_Global_Root_CA1.pem
-r--r--r-- 1 root root   834 May 16 06:24 vTrus_ECC_Root_CA.pem
-r--r--r-- 1 root root  1968 May 16 06:24 vTrus_Root_CA.pem

@bobmorane83
Copy link
Contributor Author

Removing /var/lib/ca-certificates directory in local/elemental-green-rpi:v2.1.0-g54664f8cf allow to generate the raw disk ...
BTW, removing only openssldirectory lead to the same problem on pem

@frelon
Copy link
Contributor

frelon commented May 24, 2024

Removing /var/lib/ca-certificates directory in local/elemental-green-rpi:v2.1.0-g54664f8cf allow to generate the raw disk ...

BTW, removing only openssldirectory lead to the same problem on pem

That's interesting! Wonder what is special about that dir 🤔

@kxkrx
Copy link

kxkrx commented May 24, 2024

Not sure if this can be helpful, but I encountered a similar issue with an image that had a go package in it (installed via go install as a normal user).

The $HOME/go/pkg/mod folder is read only. So I had a similar issue with elemental-toolkit.

My solution for my specific use case was to use go clean -modcache. I did not have time yet to go through the codebase yet to see if there was a way to fix it for elemental-toolkit.

@bobmorane83
Copy link
Contributor Author

We progress !

The ca-certificates directory is drwxr-xr-x. But with (for test for sure !) chmod -R a+rwx ca-certificates the image is generated !

But why not with other directories ???

And .... putting back to chmod -R 755 ca-certificates no more problem !!!!

It could be added in the Dockerfile I think, but only for Mac ?

Thanks !!!

@bobmorane83
Copy link
Contributor Author

bobmorane83 commented May 24, 2024
edited
Loading

And .... putting back to chmod -R 755 ca-certificates no more problem !!!!

RUN chmod -R 755 /var/lib/ca-certificates
Not exactly back in fact :(
I don't know the effect on openssl ...

@bobmorane83
Copy link
Contributor Author

bobmorane83 commented May 24, 2024
edited
Loading

Image boot normally and everything sound good :

  • ssh connect : ok
  • ssh-keygen : ok
  • adding authorized_keys : ok
elemental:~ # openssl version -a
OpenSSL 1.1.1l-fips  24 Aug 2021 SUSE release 150500.17.25.1

platform: linux-aarch64
options:  bn(64,64) rc4(char) des(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -Wa,--noexecstack -fno-common -Wall -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -D_FORTIFY_SOURCE=2 -DTERMIO -DPURIFY -D_GNU_SOURCE -DSUSE_OPENSSL_RELEASE=150500.17.25.1 -DOPENSSL_NO_BUF_FREELISTS -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: getrandom-syscall

elemental:~ # openssl s_client -connect www.google.fr:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.fr
verify return:1
---
Certificate chain
 0 s:CN = *.google.fr
   i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEjjCCA3agAwIBAgIRAPPr0OlJPow+EIp0xDPiZi8wDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwNTA2MTQ1NDIyWhcNMjQwNzI5
MTQ1NDIxWjAWMRQwEgYDVQQDDAsqLmdvb2dsZS5mcjBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABG0gQhwQBxlIiGbF01bL2dDch2Yi5OOtzU9+dZghSw20OWHnPyle
JKZiAszfWll7buTMgYc2W7Ytff7u+4JzwIejggJwMIICbDAOBgNVHQ8BAf8EBAMC
B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
yoa7qRilMoV4mjJSqItLZwNbuNMwHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU
83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w
a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv
L2NlcnRzL2d0czFjMy5kZXIwIQYDVR0RBBowGIILKi5nb29nbGUuZnKCCWdvb2ds
ZS5mcjAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1
MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFjMy9RcUZ4Ymk5TTQ4
Yy5jcmwwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgB2/4g/Crb7lVHCYcz1h7o0
tKTNuyncaEIKn+ZnTFo6dAAAAY9OnQGbAAAEAwBHMEUCIQDhct0MgVpnRICW1y4/
1ombFArce11m+vEZGhIW1seObgIgEFwjPZ13eY9ATkrsBK7+Pnl4ImoO+3f+sGw6
VGDBWWUAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY9OnQGP
AAAEAwBIMEYCIQDLeQ+MHJfpTaNdAO15h23QEUWXL4uYlOmP7woR1u3KjAIhAP50
u4hWMhaZIJN5gCjwiCrDxoc0JCTXOLB/pVUOK8tbMA0GCSqGSIb3DQEBCwUAA4IB
AQB+y1c6itWNuuxO0BNKat8R0R+pKnJHQZtWcLhGDkjU4jMrWCLLJkM+H9BPykH7
V/3QCNBSwDS1658Mdy/guWPeUNqSS5WfnqIUCuAQA6AqCkG1qDP6vUMQI/UcaVLg
VXvxCIJUY6lJONNAT2hCBZkUI16H1azrSroHF7dUUYqVmVIHbmiTBvXRL8j95tZ4
tYjXTtKyUQmqMURrtO7dA2Xl/0iW/vzPivV72PwwcgrT/BUoAGSDUx1+RwEzPY1b
CKmbBDJvxMoDBJ046H9pQpbo3XXYYN6n+jpS+AQmlLl77+ULo8z9whKV+7ssmlNz
Luw+UMHb2zd1PhPHim4dmVKE
-----END CERTIFICATE-----
subject=CN = *.google.fr

issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4301 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read:errno=0

elemental:~ # echo | openssl s_client -connect example.org:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Jan 30 00:00:00 2024 GMT
notAfter=Mar  1 23:59:59 2025 GMT

@bobmorane83
Copy link
Contributor Author

The only cleanest way I found working :

RUN chmod -R 744 /var/lib/ca-certificates/openssl
RUN chmod -R 744 /var/lib/ca-certificates/pem

@frelon
Copy link
Contributor

frelon commented May 27, 2024

Great job debugging this! I would be hesitant adding this directly to the examples right now, but if you want to put up a PR with the findings to the troubleshooting guide I would be happy to merge it!

@bobmorane83
Copy link
Contributor Author

BTW I had also to remove the --xattrs option here.

I'll try to make a troubleshooting guide ASAP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
architecture/arm64 area/rawdisk kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bobmorane83 @frelon @kxkrx