Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address comments on the "rootless CA certs" patch #572

Merged
merged 1 commit into from
Jul 24, 2024

Conversation

rassie
Copy link
Contributor

@rassie rassie commented Jun 3, 2024

Address the following problems with #538:

  1. Correct the shell selection for entrypoint, Ubuntu flavours still need explicit bash for variables with dots in their names
  2. Change unhelpful exported variable name (changed from CACERT to JRE_CACERTS_PATH)
  3. Change which to more-POSIX-compatible command -v
  4. More cleanup
  5. Explicitely use TMPDIR when available instead of hard-coded /tmp
  6. Support multi-certificate files (again)
  7. Make output less verbose

Fixes: #612

@rassie
Copy link
Contributor Author

rassie commented Jun 3, 2024

Ubuntu flavours are broken, I'm on it.

@karianna karianna requested review from gdams and sxa June 3, 2024 09:18
@karianna
Copy link
Contributor

karianna commented Jun 3, 2024

CC @tianon

@tianon
Copy link

tianon commented Jun 6, 2024

This is an improvement, yes, thanks ❤️

(definitely like your idea in #573 though, and wonder if, since this rootless functionality hasn't been officially released yet, it could happen sooner and then this is moot?)

@rassie
Copy link
Contributor Author

rassie commented Jun 6, 2024

wonder if, since this rootless functionality hasn't been officially released yet, it could happen sooner and then this is moot?

That's my thinking too, but since I'm not involved in and not knowledgeable about the release process and its deadlines, I'm offerring both possibilities. #573 still needs to be implemented, tested, documented and experimented with after all and if "July release" is what I think it is, the timeline is rather tight. "rootless" improves on the current process, which is probably valuable by itself, even if we know how it could be improved further.

@karianna karianna force-pushed the ca-certs-rework-fixes branch from 4db09df to 474b3fe Compare June 10, 2024 01:14
@rassie rassie force-pushed the ca-certs-rework-fixes branch from bd5d0f1 to 6de6f41 Compare June 12, 2024 07:25
@rassie rassie force-pushed the ca-certs-rework-fixes branch from 6de6f41 to 089349e Compare June 26, 2024 09:15
@rassie
Copy link
Contributor Author

rassie commented Jun 26, 2024

@karianna Are you aware of anything blocking the review and merge here? I would like to get this in before the July release as QOL improvement.

@karianna
Copy link
Contributor

karianna commented Jul 1, 2024

@sxa and/or @gdams up next to review and merge.

@karianna
Copy link
Contributor

@rassie Apologies for the rebase requirement but I think our release has created conflict for this PR

Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.

If this pull request needs to be merged during the release cycle then please comment /merge and a PMC member will be able to remove the block.

If the code freeze is over you can remove this block by commenting /thaw.

@rassie rassie force-pushed the ca-certs-rework-fixes branch from 089349e to 2ae4198 Compare July 23, 2024 07:54
@rassie
Copy link
Contributor Author

rassie commented Jul 23, 2024

@karianna rebase done. I hope we can squeeze this patch into the release. Fingers crossed it will help the pain points not exacerbate them.

@rassie
Copy link
Contributor Author

rassie commented Jul 23, 2024

@karianna I believe you need to re-trigger that one failing Windows test, it's just flaky.

@tianon
Copy link

tianon commented Jul 24, 2024

Doh, this should've been part of all those recent updates, right?

@rassie
Copy link
Contributor Author

rassie commented Jul 24, 2024

Doh, this should've been part of all those recent updates, right?

Probably. I've asked multiple times for a review, but nothing happened. I guess the release happened a couple of days ago and then #612 has been reported, so I thought I'd need to fix that as well.

@gdams
Copy link
Member

gdams commented Jul 24, 2024

Doh, this should've been part of all those recent updates, right?

yeah we're working on it, it would appear we've broken some users so I want to get this merged and update the official images soon

@gdams
Copy link
Member

gdams commented Jul 24, 2024

@rassie if you can help us resolve #612 in this PR we'll get it merged and kick off a republish

@rassie
Copy link
Contributor Author

rassie commented Jul 24, 2024

Hold your horses, this build isn't even green yet :)

@gdams
Copy link
Member

gdams commented Jul 24, 2024

Hold your horses, this build isn't even green yet :)

yeah just spotted the failing CI, I'll wait until it's green

Address the following problems with adoptium#538:

1. Correct the shell selection for entrypoint, Ubuntu flavours still need explicit `bash` for variables with dots in
their names
2. Change unhelpful exported variable name (changed from `CACERT` to `JRE_CACERTS_PATH`)
3. Change `which` to more-POSIX-compatible `command -v`
4. More cleanup
5. Explicitely use `TMPDIR` when available instead of hard-coded `/tmp`
6. Support multi-certificate files (again)
7. Make output less verbose
@rassie rassie force-pushed the ca-certs-rework-fixes branch from 5449635 to 7c088a6 Compare July 24, 2024 22:08
@rassie
Copy link
Contributor Author

rassie commented Jul 24, 2024

@rassie if you can help us resolve #612 in this PR we'll get it merged and kick off a republish

This is what is happening, the latest push as of right now should become green. Would still appreciate a closer look at the source from you, I'm quite anxious about breaking more stuff, even though I believe that the tests are solid.

Copy link
Member

@gdams gdams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with the latest changes

@gdams
Copy link
Member

gdams commented Jul 24, 2024

@rassie if you can help us resolve #612 in this PR we'll get it merged and kick off a republish

This is what is happening, the latest push as of right now should become green. Would still appreciate a closer look at the source from you, I'm quite anxious about breaking more stuff, even though I believe that the tests are solid.

This looks good to me, the tests are solid and the changes all seem as expected.

@gdams
Copy link
Member

gdams commented Jul 24, 2024

/merge

Copy link
Contributor

Approval to merge during the lockdown cycle

Please can two Adoptium PMC members comment /approve?

@gdams
Copy link
Member

gdams commented Jul 24, 2024

/approve

@rassie
Copy link
Contributor Author

rassie commented Jul 24, 2024

Thanks!

@smlambert
Copy link
Contributor

/approve

@github-actions github-actions bot dismissed their stale review July 24, 2024 22:15

Thank you @gdams and @smlambert for your approvals, this pull request is now approved to merge during release.

@gdams
Copy link
Member

gdams commented Jul 24, 2024

@tianon I'll get this merged and update docker-library/official-images#17249 to include these changes shortly

@gdams gdams merged commit 43fcefc into adoptium:main Jul 24, 2024
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: Importing Ca certificates with USE_SYSTEM_CA_CERTS is slower than it used to be
5 participants