brianloss commented on a change in pull request #411:
URL: https://github.com/apache/fluo-muchos/pull/411#discussion_r722398740
##########
File path: ansible/roles/common/tasks/main.yml
##########
@@ -21,6 +21,13 @@
retries: 10
delay: 15
until: epelresult is not failed
+# Update ca-certificates to ensure that CA certificates are new enough
+# to support SSL verification against websites used to download software
+- name: "update ca-certificates package to latest version"
+ yum:
+ name: 'ca-certificates*'
Review comment:
On CentOS 7.5, ca-certificates appears like it would be enough. I didn't
try to check all the potential distros, so that's part of why the wildcard at
the end. Note that it will only update and not install any new packages if the
wildcard matches multiple. I checked on an ubuntu machine and `apt search
ca-certificates` shows matches for ca-certificates, ca-certificates-java, and
ca-certificates-mono. Seems like it would be good to keep those in sync if they
were installed (ca-certificates and ca-certificates-java were installed on my
system).
That being said, I'm happy to reduce this to ca-certificates with no
wildcard if you have concerns. Just let me know.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
