Git CA cert in chrooted jail

Discussion in 'Installation/Configuration' started by Blaasbalg, Aug 18, 2016.

  1. Blaasbalg

    Blaasbalg Member

    Hi,
    I'm trying to get Git to work inside a jail using JailKit on CentOS 7. Everytime I try to clone a Git repo, I'm presented with the following error:
    Code:
    fatal: unable to access '[removed]': Problem with the SSL CA cert (path? access rights?)
    I have tried to add the system CA cert file to the jail, to no avail. I have even tried adding the entire /etc/ssl and /etc/pki directories to the jail (just for testing), still without luck.

    I'm clueless as to why it seems to be unable to reach the CA cert file... What am I missing here?
     
  2. Blaasbalg

    Blaasbalg Member

    I've tried to run the command with verbose output to see what's going on:
    Code:
    GIT_CURL_VERBOSE=1 git clone https://github.com/[removed].git
    Output:
    Code:
    Cloning into '[removed]'...
    * Couldn't find host github.com in the .netrc file; using defaults
    * About to connect() to github.com port 443 (#0)
    *   Trying 192.30.253.113...
    * Connected to github.com (192.30.253.113) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * Unable to initialize NSS database
    * Initializing NSS with certpath: none
    * Unable to initialize NSS
    * Closing connection 0
    fatal: unable to access 'https://github.com/[removed].git/': Problem with the SSL CA cert (path? access rights?)
    Given the new information I assumed Git needed access to SQLite since it tries to open a .db file. I tried to add SQLite to the jail, but the problem persists.
     
  3. Blaasbalg

    Blaasbalg Member

    Having run out of ideas, I tried to add pretty much everything related to NSS to the jail, but I still can't get it to work. Git works fine in a non jailed shell, so there must be something I'm missing which should be added to the jail as well, but I have no idea what... :confused:
     

Share This Page