From 9410b1effd98a8e46098b5bfaee42d3d04536997 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Mon, 9 Mar 2026 09:29:30 +0000 Subject: [PATCH] libnvidia-container: fix TLS verification for build-time downloads Replace `curl --insecure` with proper CA certificate configuration using CURL_CA_BUNDLE pointing to the native sysroot certificates. --- .../libnvidia-container/libnvidia-container_1.00.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-nvidia/recipes-graphics/libnvidia-container/libnvidia-container_1.00.bb b/meta-nvidia/recipes-graphics/libnvidia-container/libnvidia-container_1.00.bb index 2d80136..107fee9 100644 --- a/meta-nvidia/recipes-graphics/libnvidia-container/libnvidia-container_1.00.bb +++ b/meta-nvidia/recipes-graphics/libnvidia-container/libnvidia-container_1.00.bb @@ -39,7 +39,8 @@ do_compile() { export SOURCE_DATE_EPOCH="${@d.getVar('SOURCE_DATE_EPOCH') or '0'}" export CGO_LDFLAGS="${CGO_LDFLAGS} -Wl,--build-id=none" - export CURL="curl --insecure" + # Point curl to the correct CA certificates in the native sysroot + export CURL_CA_BUNDLE="${RECIPE_SYSROOT_NATIVE}/etc/ssl/certs/ca-certificates.crt" oe_runmake }