On 10/01/2018 04:50 PM, Alberto Spin wrote: > I’m trying to build my c# application for mono with yocto, by using > nuget and msbuild. > > I encountered several problems: > > MsBuild: > > * During the build of msbuild the cibuild.sh script is invoked. This > script uses the tool ‘curl‘ to download the msbuild.zip form > Microsoft. This action failes with a certificate error because there > are no certificates present. I fixed this issue with a bbappend > script for msbuild which contains: > > DEPENDS += "ca-certificates"
I submitted a similar patch last week: https://lists.yoctoproject.org/pipermail/yocto/2018-September/042661.html Note that adding the ca-certificates dependency wasn't enough for me. The curl recipe builds curl with: --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt For curl-native that expands to something like: $HOME/yocto/build/tmp/work/x86_64-linux/curl-native/7.58.0-r0/recipe-sysroot-native/etc/ssl/certs/ca-certificates.crt But if "rm_work" is enabled, this directory is gone by the time you're building msbuild, and it still fails. It should point to the msbuild native sysroot instead. I did that with the CURL_CA_BUNDLE env variable. > Nuget: > > * When trying to restore the packages for my c# application, the > execution of Nuget fails because it has no certificates. > * Apparently NuGet is using the mono certificate store, because it > fails to detect the certificates present in: > /recipe-sysroot-native/etc/ssl/certs > * I also verified that the mono certificate store is empty by issuing > the command: certmgr -list -c Trust > > I tried to extend the recipe that builds my c# application with a > do_configure task, in which I’m trying to synchronize the mono > certificate store with the ca-certifates.crt. > > cert-sync ${sysconfdir}/ssl/certs/ca-certificates.crt > > But the cert-sync tool somehow wants to use a path outside my build > environment /usr/share/.mono, which fails with an access denied error. > > Can anybody help me to get past this problem? I encountered the same problem. I did workaround it with the --user parameter: cert-sync --user ${sysconfdir}/ssl/certs/ca-certificates.crt As you can see from my commit message, it works, but it's not perfect: "Install the CA certificates for mono Mono uses its own CA certificate store. By default it is empty, which causes nuget to fail when trying do download packages over https. This is a very ugly hack. Ideally the CA certificates should be packaged separately and installed system-wide. But unfortunately the cert-sync tool (or the other mono tools) use hardcoded directory paths and thus don't support cross environments. Even with the --user option, the certificates are installed on the host system, and not the yocto native sysroot. Not really great, but at least it works." If you find a better solution, I'm interested to hear about that! Jef -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
