CI: Try really hard to get updated Windows TLS certs
Windows doesn't actually distribute a full TLS CA certificate store, but pulls them in over time with Windows Update. Try to prime it by manually pulling the certificates and installing them. This bumps the Windows tag to force a rebuild. Acked-by: Michel Dänzer <mdaenzer@redhat.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/9618>
This commit is contained in:
parent
616720d6ae
commit
e6aacec9e1
|
@ -505,7 +505,7 @@ armhf_test:
|
|||
- .set-image
|
||||
variables:
|
||||
MESA_IMAGE_PATH: "windows/x64_build"
|
||||
MESA_IMAGE_TAG: "2021-03-01"
|
||||
MESA_IMAGE_TAG: "2021-03-15-tls"
|
||||
MESA_UPSTREAM_IMAGE: "$CI_REGISTRY/$FDO_UPSTREAM_REPO/$MESA_IMAGE_PATH:${MESA_IMAGE_TAG}--${MESA_TEMPLATES_COMMIT}"
|
||||
|
||||
windows_build_vs2019:
|
||||
|
|
|
@ -1,3 +1,14 @@
|
|||
# Download new TLS certs from Windows Update
|
||||
Get-Date
|
||||
Write-Host "Updating TLS certificate store"
|
||||
$certdir = (New-Item -ItemType Directory -Name "_tlscerts")
|
||||
certutil -syncwithWU "$certdir"
|
||||
Foreach ($file in (Get-ChildItem -Path "$certdir\*" -Include "*.crt")) {
|
||||
Import-Certificate -FilePath $file -CertStoreLocation Cert:\LocalMachine\Root
|
||||
}
|
||||
Remove-Item -Recurse -Path $certdir
|
||||
|
||||
|
||||
Get-Date
|
||||
Write-Host "Installing Chocolatey"
|
||||
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
|
||||
|
@ -41,7 +52,7 @@ if (!$?) {
|
|||
|
||||
# we want more secure TLS 1.2 for most things, but it breaks SourceForge
|
||||
# downloads so must be done after Chocolatey use
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls13;
|
||||
|
||||
Get-Date
|
||||
Write-Host "Cloning LLVM master"
|
||||
|
|
Loading…
Reference in New Issue