I have a Bash script that creates an .img file that will be copied on SD cards for ARM devices.
The debootstrap command is executed to install a minimal Debian Stretch system (armhf), then a script is executed in chroot (software installation, user creation...).
Recently, as I needed to upgrade on Buster, I changed the debootstrap command distribution parameter to "buster". However I get an error when I try to install software with bundle install
: SSL error : unable to get local issuer certificate. It turns out even curl
fails on HTTPS websites with a similar error.
What I checked
- ca-certificates is installed,
update-ca-certificates
has been run. - /etc/ssl/certs content seems similar to the one my computer.
What I tried
openssl s_client -connect ifconfig.me:443
fails, withunable to get local issuer certificate
curl -k
obviously workscurl --cacert /etc/ssl/certs/ca-certificates.crt
works- I tried to generate an .img file with Buster on amd64,
curl
andbundle install
works
How to reproduce the issue
touch buster_arm.img
truncate --size=2G buster_arm.img # 1G might not be enough
losetup --show --find --partscan --nooverlap buster_arm.img # should be /dev/loop0
parted --align optimal --script /dev/loop0 mklabel msdos mkpart primary 0% 100%
mkfs.ext4 /dev/loop0p1
mount /dev/loop0p1 /mnt/buster_arm
# replace buster by stretch and curl will work
# replace armhf by amd64 and curl will work
debootstrap --arch armhf --variant=minbase buster /mnt/buster_arm https://deb.debian.org/debian/
mount --bind /dev/ /mnt/buster_arm/dev
mount --bind /dev/pts /mnt/buster_arm/dev/pts
cp "$(command -v qemu-arm-static)" /mnt/buster_arm/usr/bin/qemu-arm-static # bypass architecture (my computer is not on armhf)
chroot /mnt/buster_arm /bin/bash
apt-get update && apt-get install ca-certificates curl apt-transport-https && update-ca-certificate
curl https://google.fr
I am really confused, does anyone have ever face this kind of issue ?
Thank you for your help !