Skip to content
Snippets Groups Projects
Commit e6aacec9 authored by Daniel Stone's avatar Daniel Stone
Browse files

CI: Try really hard to get updated Windows TLS certs


Windows doesn't actually distribute a full TLS CA certificate store, but
pulls them in over time with Windows Update. Try to prime it by manually
pulling the certificates and installing them.

This bumps the Windows tag to force a rebuild.

Acked-by: default avatarMichel Dänzer <mdaenzer@redhat.com>
Part-of: <mesa/mesa!9618>
parent 616720d6
No related branches found
Tags mesa-18.0.0-rc3
Loading
...@@ -505,7 +505,7 @@ armhf_test: ...@@ -505,7 +505,7 @@ armhf_test:
- .set-image - .set-image
variables: variables:
MESA_IMAGE_PATH: "windows/x64_build" MESA_IMAGE_PATH: "windows/x64_build"
MESA_IMAGE_TAG: "2021-03-01" MESA_IMAGE_TAG: "2021-03-15-tls"
MESA_UPSTREAM_IMAGE: "$CI_REGISTRY/$FDO_UPSTREAM_REPO/$MESA_IMAGE_PATH:${MESA_IMAGE_TAG}--${MESA_TEMPLATES_COMMIT}" MESA_UPSTREAM_IMAGE: "$CI_REGISTRY/$FDO_UPSTREAM_REPO/$MESA_IMAGE_PATH:${MESA_IMAGE_TAG}--${MESA_TEMPLATES_COMMIT}"
windows_build_vs2019: windows_build_vs2019:
......
# Download new TLS certs from Windows Update
Get-Date
Write-Host "Updating TLS certificate store"
$certdir = (New-Item -ItemType Directory -Name "_tlscerts")
certutil -syncwithWU "$certdir"
Foreach ($file in (Get-ChildItem -Path "$certdir\*" -Include "*.crt")) {
Import-Certificate -FilePath $file -CertStoreLocation Cert:\LocalMachine\Root
}
Remove-Item -Recurse -Path $certdir
Get-Date Get-Date
Write-Host "Installing Chocolatey" Write-Host "Installing Chocolatey"
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
...@@ -41,7 +52,7 @@ if (!$?) { ...@@ -41,7 +52,7 @@ if (!$?) {
# we want more secure TLS 1.2 for most things, but it breaks SourceForge # we want more secure TLS 1.2 for most things, but it breaks SourceForge
# downloads so must be done after Chocolatey use # downloads so must be done after Chocolatey use
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls13;
Get-Date Get-Date
Write-Host "Cloning LLVM master" Write-Host "Cloning LLVM master"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment