diff mbox series

[PATCHv2] Add NODE_EXTRA_CA_CERTS to export list

Message ID 20230207221022.4346-1-george.kelly1097@gmail.com
State New
Headers show
Series [PATCHv2] Add NODE_EXTRA_CA_CERTS to export list | expand

Commit Message

George Kelly Feb. 7, 2023, 10:10 p.m. UTC
If you are behind a corporate proxy, the npm fetcher uses
the proxy IP address already passed in the list of exports.
However, it will error if the proxy injects its own root
CA certificate. Thus, the NODE_EXTRA_CA_CERTS environment
variable must be passed so the user can include their
company's root CA as a trusted CA inside node's
certificate store.

Signed-off-by: George Kelly <george.kelly1097@gmail.com>
---
 lib/bb/fetch2/__init__.py | 1 +
 1 file changed, 1 insertion(+)

Comments

Luca Ceresoli Feb. 8, 2023, 10:14 a.m. UTC | #1
Hello George,

On Tue,  7 Feb 2023 17:10:22 -0500
"George Kelly" <george.kelly1097@gmail.com> wrote:

> If you are behind a corporate proxy, the npm fetcher uses
> the proxy IP address already passed in the list of exports.
> However, it will error if the proxy injects its own root
> CA certificate. Thus, the NODE_EXTRA_CA_CERTS environment
> variable must be passed so the user can include their
> company's root CA as a trusted CA inside node's
> certificate store.
> 
> Signed-off-by: George Kelly <george.kelly1097@gmail.com>

Your subject and commit message looks definitely good now, thanks! I
added your patch to my testing branch.
Peter Kjellerstedt Feb. 8, 2023, 10:55 a.m. UTC | #2
> -----Original Message-----
> From: bitbake-devel@lists.openembedded.org <bitbake-
> devel@lists.openembedded.org> On Behalf Of Luca Ceresoli via
> lists.openembedded.org
> Sent: den 8 februari 2023 11:15
> To: George Kelly <george.kelly1097@gmail.com>
> Cc: bitbake-devel@lists.openembedded.org
> Subject: Re: [bitbake-devel] [bitbake][PATCHv2] Add NODE_EXTRA_CA_CERTS to export list

There should be a prefix for the subject, e.g., "fetch2: "

> 
> Hello George,
> 
> On Tue,  7 Feb 2023 17:10:22 -0500
> "George Kelly" <george.kelly1097@gmail.com> wrote:
> 
> > If you are behind a corporate proxy, the npm fetcher uses
> > the proxy IP address already passed in the list of exports.
> > However, it will error if the proxy injects its own root
> > CA certificate. Thus, the NODE_EXTRA_CA_CERTS environment
> > variable must be passed so the user can include their
> > company's root CA as a trusted CA inside node's
> > certificate store.
> >
> > Signed-off-by: George Kelly <george.kelly1097@gmail.com>
> 
> Your subject and commit message looks definitely good now, thanks! I
> added your patch to my testing branch.
> 
> --
> Luca Ceresoli, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com

//Peter
diff mbox series

Patch

diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
index 5a7a6024..747356df 100644
--- a/lib/bb/fetch2/__init__.py
+++ b/lib/bb/fetch2/__init__.py
@@ -851,6 +851,7 @@  FETCH_EXPORT_VARS = ['HOME', 'PATH',
                      'DBUS_SESSION_BUS_ADDRESS',
                      'P4CONFIG',
                      'SSL_CERT_FILE',
+                     'NODE_EXTRA_CA_CERTS',
                      'AWS_PROFILE',
                      'AWS_ACCESS_KEY_ID',
                      'AWS_SECRET_ACCESS_KEY',