Issues mounting trust store with 11.4 into dagger engine | Dagger | Page 1

elfin pagoda May 23, 2024, 9:14 PM

#

I have been previously running 11.1 with the sdk and mounting /etc/ssl/certs to trust my docker registry. With 11.4 this doesn't work. Additionally it seems to muck with the trust store so I have to re-install my certs. What is the right way to do this with 11.4?

merry viper May 23, 2024, 11:00 PM

#

hey @elfin pagoda is this using dagger functions or the standard SDK? If you're using the SDK, AFAIK this should still work. cc @civic wasp

elfin pagoda May 23, 2024, 11:00 PM

#

Sdk

civic wasp May 23, 2024, 11:01 PM

#

When you say "mounting" do you mean into your containers or into the engine image (i.e. registry.dagger.io/engine:v0.11.4)?

elfin pagoda May 23, 2024, 11:02 PM

#

docker mount of the certs into the engine

civic wasp May 23, 2024, 11:03 PM

#

Oh okay, there were some changes recently though I'm somewhat surprised what you're doing causes any issues. Try mounting them into /usr/local/share/ca-certificates instead now and let me know if that fixes it

elfin pagoda May 23, 2024, 11:05 PM

#

Will try that. Also it corrupted the host directory ssl just FYI. Will try the different directory tomorrow

#

Thanks for the help.

civic wasp May 23, 2024, 11:08 PM

#

elfin pagoda Will try that. Also it corrupted the host directory ssl just FYI. Will try the d...

Ahh okay, the difference is that the engine runs update-ca-certificates now when it starts (to pick up custom CAs from /usr/local/share/ca-certificates). I'm guessing if your system disagrees with the implementation of update-ca-certificates in the engine container that could cause problems with direct bind mounts to the host.

Thanks for letting me know! I'll look into whether there's anything we can do to be more resilient in the bind-mount-from-host case

#Issues mounting trust store with 11.4 into dagger engine