Fix opensuse trusted certificates

There's a bug[1] with the combination of the p11-kit and ca-certificates-mozilla packages available on the latest built opensuse-15 node in nodepool (which has not been rebuilt for weeks due to a separate issue[2]) which causes the standard CA bundle to not be installed correctly and causes jobs that call to external HTTPS services to fail. Upgrading both packages in sync fixes the issue. [1] https://bugzilla.suse.com/show_bug.cgi?id=1154871 [2] http://bugzilla.suse.com/show_bug.cgi?id=1166139 Change-Id: Ia8fdfe12fd9089e178adcb2b5eec997eebada262 Needed-by: https://review.opendev.org/713566 (cherry picked from commit 497caf015729d451428d5b608853741689f153b3)
2020-04-03 10:14:07 -07:00 · 2020-04-03 10:14:07 -07:00 · 7921e4673f
commit 7921e4673f
parent e6842e4140
1 changed files with 5 additions and 0 deletions
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@ -257,6 +257,11 @@ function fixup_suse {
    # have been dragged in by some other system dependency
    sudo rm -rf /usr/lib/python3.6/site-packages/ply-*.egg-info
    sudo rm -rf /usr/lib/python3.6/site-packages/six-*.egg-info
+
+    # Ensure trusted CA certificates are up to date
+    # See https://bugzilla.suse.com/show_bug.cgi?id=1154871
+    # May be removed once a new opensuse-15 image is available in nodepool
+    sudo zypper up -y p11-kit ca-certificates-mozilla
 }

 # The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has