Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement workaround to unbreak LetsEncrypt certificates #118

Merged
merged 2 commits into from
Dec 14, 2023
Merged

Implement workaround to unbreak LetsEncrypt certificates #118

merged 2 commits into from
Dec 14, 2023

Conversation

nshalman
Copy link
Member

Description

Per the workaround documented in ipxe/ipxe#606 (comment) we will be embedding some critical LetsEncrypt certificates.

Why is this needed

Relates to: #117, ipxe/ipxe#606

How Has This Been Tested?

I tested resulting binaries against both https://google.com which does not use LetsEncrypt and https://www.shalman.org which does. Both work with this workaround applied.

How are existing users impacted? What migration steps/scripts do we need?

Checklist:

I have:

  • updated the documentation and/or roadmap (if required)
  • added unit or e2e tests
  • provided instructions on how to upgrade

@nshalman
ipxe/ipxe#606: need certificates to embed
db3a248 
Obtained via
curl -s http://ca.ipxe.org/ca.crt > ca.pem
curl -s https://letsencrypt.org/certs/isrgrootx1.pem > isrgrootx1.pem
curl -s https://letsencrypt.org/certs/lets-encrypt-r3.pem > lets-encrypt-r3.pem

Relates to: tinkerbell#117

Signed-off-by: Nahum Shalman <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Dec 12, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a050d48) 97.28% compared to head (fb650c0) 97.28%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #118   +/-   ##
=======================================
  Coverage   97.28%   97.28%           
=======================================
  Files           5        5           
  Lines         442      442           
=======================================
  Hits          430      430           
  Misses          8        8           
  Partials        4        4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nshalman nshalman force-pushed the letsencrypt-workaround branch from 3fa7d2b to fb650c0 Compare December 13, 2023 16:33
jacobweinstock
jacobweinstock approved these changes Dec 14, 2023
View reviewed changes
Copy link
Member

@jacobweinstock jacobweinstock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @nshalman !

@jacobweinstock jacobweinstock added the ready-to-merge Mergify: Ready for Merging label Dec 14, 2023
@mergify mergify bot merged commit 33e7193 into tinkerbell:main Dec 14, 2023
7 checks passed
@nshalman nshalman mentioned this pull request Dec 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacobweinstock jacobweinstock jacobweinstock approved these changes

Assignees
No one assigned
Labels
ready-to-merge Mergify: Ready for Merging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nshalman @jacobweinstock