Feature request: add option for skipping SSL verification when using Git

Question

Feature request: add option for skipping SSL verification when using Git

alexandreroman opened this issue 2 years ago · 6 comments

Describe the problem/challenge you have
vendir has no option for setting GIT_SSL_NO_VERIFY=true, which could be used with Git repos using a self-signed certificate.
This environment variable tells Git not to verify SSL certificates.

Describe the solution you'd like
The current implementation already sets a few environment variables when using Git, such as GIT_LFS_SKIP_SMUDGE=1 to skip downloading lfs files.

I wish there was a way to disable SSL verification when using Git, by adding a flag in the Git configuration.

For example:

git:
      url: https://github.com/cloudfoundry/cf-k8s-networking
      ref: origin/master
      # skip SSL verification
      skipSslVerification: true

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

Answer 1 · 2023-06-02T20:32:48.000Z

Thanks for submitting this issue @alexandreroman , would you be interesting in making a PR with the change?

Answer 2 · 2023-06-05T13:20:16.000Z

I'm not into Go, but I'm happy to help with testing when you get something ready.

Answer 3 · 2023-08-08T15:39:26.000Z

Response from @alexandreroman -
The problem is: I ran into this issue with my customer when using kapp-controller (through TAP namespace-provisioner) and a private Git repo with a self-signed certificate. Ultimately we’d need to add a setting in kapp-controller to skip TLS validation for Git repos - maybe using the flag dangerousSkipTLSVerify?

As per above message seems like we need to implement this in kapp-controller.

Answer 4 · 2023-09-21T17:10:13.000Z

Correct: from a user perspective, kapp-controller will have to configure vendir to skip TLS verification (this is my use case). Reusing the existing flag dangerousSkipTLSVerify would be great.

Answer 5 · 2023-10-04T17:42:48.000Z

@alexandreroman - Here is the PR (#265) for adding option for skipping SSL verification when using Git. I have merged this PR to develop. This feature should be available with the next release of vendir.

Answer 6 · 2023-11-01T19:18:50.000Z

Fixed in release v0.36.0