From 858a4ee8336789c10c5c2189c3718f9a605d0eeb Mon Sep 17 00:00:00 2001
From: alexz <azvyagintsev@mirantis.com>
Date: Fri, 31 Jul 2015 18:59:51 +0300
Subject: [PATCH] sandbox.mk : Custom https\ssl cert

Copying local certificates and CA to chroot
Useful in  case deb repositories behind https

Change-Id: I44fe3126cb5a817dc317afbe7c56d37e61dac392
Partial-Bug:#1420793
---
 config.mk  | 4 ++++
 sandbox.mk | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/config.mk b/config.mk
index 512742f94..303bc41cc 100644
--- a/config.mk
+++ b/config.mk
@@ -286,3 +286,7 @@ SANDBOX_MIRROR_CENTOS_UPSTREAM_OS_BASEURL:=$(SANDBOX_MIRROR_CENTOS_UPSTREAM)/os/
 SANDBOX_MIRROR_CENTOS_UPDATES_OS_BASEURL:=$(SANDBOX_MIRROR_CENTOS_UPSTREAM)/updates/$(CENTOS_ARCH)/
 SANDBOX_MIRROR_EPEL?=http://mirror.yandex.ru/epel/
 SANDBOX_MIRROR_EPEL_OS_BASEURL:=$(SANDBOX_MIRROR_EPEL)/$(CENTOS_MAJOR)/$(CENTOS_ARCH)/
+
+# Copy local /etc/ssl certs inside SANDBOX, which used for build deb mirror and packages.
+# This option should be enabled, in case you have to pass https repos for Ubuntu.
+SANDBOX_COPY_CERTS?=0
diff --git a/sandbox.mk b/sandbox.mk
index 1d06bb8d1..0b96206a5 100644
--- a/sandbox.mk
+++ b/sandbox.mk
@@ -142,7 +142,7 @@ touch $(SANDBOX_UBUNTU)/etc/init.d/.legacy-bootordering
 mkdir -p $(SANDBOX_UBUNTU)/usr/sbin
 cp -a $(BUILD_DIR)/policy-rc.d $(SANDBOX_UBUNTU)/usr/sbin
 echo "Running debootstrap"
-sudo debootstrap --no-check-gpg --arch=$(UBUNTU_ARCH) $(UBUNTU_RELEASE) $(SANDBOX_UBUNTU) http://$(MIRROR_UBUNTU)$(MIRROR_UBUNTU_SUFFIX)
+sudo debootstrap --no-check-gpg --include=ca-certificates --arch=$(UBUNTU_ARCH) $(UBUNTU_RELEASE) $(SANDBOX_UBUNTU) http://$(MIRROR_UBUNTU)$(MIRROR_UBUNTU_SUFFIX)
 if [ -e $(SANDBOX_UBUNTU)/etc/resolv.conf ]; then sudo cp -a $(SANDBOX_UBUNTU)/etc/resolv.conf $(SANDBOX_UBUNTU)/etc/resolv.conf.orig; fi
 sudo cp /etc/resolv.conf $(SANDBOX_UBUNTU)/etc/resolv.conf
 if [ -e $(SANDBOX_UBUNTU)/etc/hosts ]; then sudo cp -a $(SANDBOX_UBUNTU)/etc/hosts $(SANDBOX_UBUNTU)/etc/hosts.orig; fi
@@ -164,6 +164,13 @@ sudo cp $(BUILD_DIR)/mirror/ubuntu/sources.list $(SANDBOX_UBUNTU)/etc/apt/
 sudo cp $(BUILD_DIR)/policy-rc.d $(SANDBOX_UBUNTU)/usr/sbin
 echo "Allowing using unsigned repos"
 echo "APT::Get::AllowUnauthenticated 1;" | sudo tee $(SANDBOX_UBUNTU)/etc/apt/apt.conf.d/02mirantis-unauthenticated
+if [ "$(SANDBOX_COPY_CERTS)" = "1" ] ; then
+echo "Copying local certificates and CA to chroot"
+sudo bash -c "mkdir -p $(SANDBOX_UBUNTU)/usr/share/ca-certificates/ ; rsync -arzL /etc/ssl/certs/ $(SANDBOX_UBUNTU)/usr/share/ca-certificates/local/"
+echo "Acquire::https {  Verify-Peer \"true\";  Verify-Host \"true\"; }; " | sudo tee -a $(SANDBOX_UBUNTU)/etc/apt/apt.conf.d/05-local-ssl-certs
+sudo chroot $(SANDBOX_UBUNTU) sh -xc "(cd  /usr/share/ca-certificates; find local -type f) >> /etc/ca-certificates.conf"
+sudo chroot $(SANDBOX_UBUNTU) update-ca-certificates
+fi
 echo "Updating apt package database"
 sudo chroot $(SANDBOX_UBUNTU) bash -c "(mkdir -p '$${TEMP}'; mkdir -p /tmp/user/0)"
 sudo chroot $(SANDBOX_UBUNTU) apt-get update