cloud-init

RFE: make ca-certs work on Fedora

Bug #1599694 reported by Garrett Holmstrom
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cloud-init
Expired
Wishlist
Unassigned

Bug Description

The ca-certs module uses debconf to manage the system's certificates, which means it doesn't work on non-Debian systems. To make this work on Fedora we would need to write to /etc/pki/ca-trust/source/anchors/ca.crt and then run ``update-ca-trust''.

Revision history for this message
Joshua Powers (powersj) wrote :

Hi! Thanks for taking the time to file a bug. As stated in the cc_ca_certs.py file:

**Supported distros:** ubuntu, debian

Therefore, this functionality would need to be added. Marking as wishlist.

Changed in cloud-init:
status: New → Confirmed
importance: Undecided → Wishlist
Revision history for this message
Daniel Gray (dngray) wrote (last edit ):

It would be nice if this worked. I've had to resort to doing this workaround instead:

write_files:
  - path: /etc/ca-certificates/extracted/cadir/MY_CA.pem
    content: |
      -----BEGIN CERTIFICATE-----
      {{ cert }}
      -----END CERTIFICATE-----

runcmd:
  - [ trust, anchor, --store, /etc/ca-certificates/extracted/cadir/MY_CA.pem ]

Fixing this would also make it work on Archlinux.

Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/2689

Changed in cloud-init:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.