Git CA cert in chrooted jail

Discussion in 'Installation/Configuration' started by Blaasbalg, Aug 18, 2016.

  1. Blaasbalg

    Blaasbalg Member

    I'm trying to get Git to work inside a jail using JailKit on CentOS 7. Everytime I try to clone a Git repo, I'm presented with the following error:
    fatal: unable to access '[removed]': Problem with the SSL CA cert (path? access rights?)
    I have tried to add the system CA cert file to the jail, to no avail. I have even tried adding the entire /etc/ssl and /etc/pki directories to the jail (just for testing), still without luck.

    I'm clueless as to why it seems to be unable to reach the CA cert file... What am I missing here?
  2. Blaasbalg

    Blaasbalg Member

    I've tried to run the command with verbose output to see what's going on:
    GIT_CURL_VERBOSE=1 git clone[removed].git
    Cloning into '[removed]'...
    * Couldn't find host in the .netrc file; using defaults
    * About to connect() to port 443 (#0)
    *   Trying
    * Connected to ( port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * Unable to initialize NSS database
    * Initializing NSS with certpath: none
    * Unable to initialize NSS
    * Closing connection 0
    fatal: unable to access '[removed].git/': Problem with the SSL CA cert (path? access rights?)
    Given the new information I assumed Git needed access to SQLite since it tries to open a .db file. I tried to add SQLite to the jail, but the problem persists.
  3. Blaasbalg

    Blaasbalg Member

    Having run out of ideas, I tried to add pretty much everything related to NSS to the jail, but I still can't get it to work. Git works fine in a non jailed shell, so there must be something I'm missing which should be added to the jail as well, but I have no idea what... :confused:

Share This Page