Mesa (master): CI: Try really hard to get updated Windows TLS certs
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Mar 16 12:16:44 UTC 2021
Module: Mesa
Branch: master
Commit: e6aacec9e101d6ce91513cb4cdf3361748d0f48e
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=e6aacec9e101d6ce91513cb4cdf3361748d0f48e
Author: Daniel Stone <daniels at collabora.com>
Date: Mon Mar 15 20:41:30 2021 +0000
CI: Try really hard to get updated Windows TLS certs
Windows doesn't actually distribute a full TLS CA certificate store, but
pulls them in over time with Windows Update. Try to prime it by manually
pulling the certificates and installing them.
This bumps the Windows tag to force a rebuild.
Acked-by: Michel Dänzer <mdaenzer at redhat.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/9618>
---
.gitlab-ci.yml | 2 +-
.gitlab-ci/windows/mesa_deps.ps1 | 13 ++++++++++++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f7e9099a447..674f7011ee4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -505,7 +505,7 @@ armhf_test:
- .set-image
variables:
MESA_IMAGE_PATH: "windows/x64_build"
- MESA_IMAGE_TAG: "2021-03-01"
+ MESA_IMAGE_TAG: "2021-03-15-tls"
MESA_UPSTREAM_IMAGE: "$CI_REGISTRY/$FDO_UPSTREAM_REPO/$MESA_IMAGE_PATH:${MESA_IMAGE_TAG}--${MESA_TEMPLATES_COMMIT}"
windows_build_vs2019:
diff --git a/.gitlab-ci/windows/mesa_deps.ps1 b/.gitlab-ci/windows/mesa_deps.ps1
index 13da8c7c6d4..0e2bc60a9d6 100644
--- a/.gitlab-ci/windows/mesa_deps.ps1
+++ b/.gitlab-ci/windows/mesa_deps.ps1
@@ -1,3 +1,14 @@
+# Download new TLS certs from Windows Update
+Get-Date
+Write-Host "Updating TLS certificate store"
+$certdir = (New-Item -ItemType Directory -Name "_tlscerts")
+certutil -syncwithWU "$certdir"
+Foreach ($file in (Get-ChildItem -Path "$certdir\*" -Include "*.crt")) {
+ Import-Certificate -FilePath $file -CertStoreLocation Cert:\LocalMachine\Root
+}
+Remove-Item -Recurse -Path $certdir
+
+
Get-Date
Write-Host "Installing Chocolatey"
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
@@ -41,7 +52,7 @@ if (!$?) {
# we want more secure TLS 1.2 for most things, but it breaks SourceForge
# downloads so must be done after Chocolatey use
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls13;
Get-Date
Write-Host "Cloning LLVM master"
More information about the mesa-commit
mailing list