Merge "CI: Work around tinyipa build issues" into stable/train

devstack/lib/ironic

@@ -2473,6 +2473,12 @@ function build_tinyipa_ramdisk {
         export AUTHORIZE_SSH=true
         export SSH_PUBLIC_KEY=$IRONIC_ANSIBLE_SSH_KEY.pub
     fi
+    # NOTE(TheJulia): This is awful, but we need it to continue to keep CI working
+    # on the train and ussuri branches. Essentially, Tinycore 10.x can't be used
+    # in the field, and we're unable to fix it due to a confluence of issues.
+    sed -i 's/git\ clone\ --branch/\ \ \ \git config --global http.sslVerify false\n\ \ \ \ git\ clone\ --branch/' build-tinyipa.sh
+    # NOTE(TheJulia): qemu pulls in submodules and fails if you disable them. So we need to update it's perception of git.
+    sed -i "s/qemu\ \&\&\ .\/configure\ --disable-system/qemu\ \&\&\ .\/configure\ --with-git='env\ GIT_SSL_NO_VERIFY=true\ git'\ --disable-system/" build-tinyipa.sh
     make
     cp tinyipa.gz $ramdisk_path
     cp tinyipa.vmlinuz $kernel_path

releasenotes/notes/tinycore-10-x-is-no-longer-viable-3673a0615ff207e6.yaml

@@ -0,0 +1,8 @@
+---
+issues:
+  - |
+    TinyCore Linux 10.x, which powers the TinyIPA ramdisk in the Ussuri and
+    Train releases of OpenStack, is no longer able to be built due to
+    certificate verification issues as time moves forward. We have embedded
+    a fix for use by Ironic's CI only. As a general reminder, TinyIPA
+    should not be used in production deployments.