CI: Work around tinyipa build issues

The qemu git server has updated it's ssl certificate, and can no longer
be verified by the software libraries and embedded tinycore data for
the 10.x release. Unfortunately, we have CI hard coded to an older
release and we cannot release a newer, older version of the tinycore
10.x supporting packages.

So, for our CI purposes, we just need a working build, so that
is all this patch attempts to do, get our CI in a working state
for the older branches.

It is an awful change. None of us like it, but we're stuck and
this is the only path forward short of completely abandoning
the use of the software builds on these branches.

Change-Id: I44f2a05c3f37a6dad0b9c88e2a7f6c66be8a1b78
This commit is contained in:
Julia Kreger 2021-11-18 06:47:49 -08:00
parent a71526bf65
commit 6478d03d29
2 changed files with 14 additions and 0 deletions

View File

@ -2697,6 +2697,12 @@ function build_tinyipa_ramdisk {
export AUTHORIZE_SSH=true
export SSH_PUBLIC_KEY=$IRONIC_ANSIBLE_SSH_KEY.pub
fi
# NOTE(TheJulia): This is awful, but we need it to continue to keep CI working
# on the train and ussuri branches. Essentially, Tinycore 10.x can't be used
# in the field, and we're unable to fix it due to a confluence of issues.
sed -i 's/git\ clone\ --branch/\ \ \ \git config --global http.sslVerify false\n\ \ \ \ git\ clone\ --branch/' build-tinyipa.sh
# NOTE(TheJulia): qemu pulls in submodules and fails if you disable them. So we need to update it's perception of git.
sed -i "s/qemu\ \&\&\ .\/configure\ --disable-system/qemu\ \&\&\ .\/configure\ --with-git='env\ GIT_SSL_NO_VERIFY=true\ git'\ --disable-system/" build-tinyipa.sh
make
cp tinyipa.gz $ramdisk_path
cp tinyipa.vmlinuz $kernel_path

View File

@ -0,0 +1,8 @@
---
issues:
- |
TinyCore Linux 10.x, which powers the TinyIPA ramdisk in the Ussuri and
Train releases of OpenStack, is no longer able to be built due to
certificate verification issues as time moves forward. We have embedded
a fix for use by Ironic's CI only. As a general reminder, TinyIPA
should not be used in production deployments.