8000 ignore CA cert automatically installed by OrbStack by sipsma · Pull Request #10648 · dagger/dagger · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

ignore CA cert automatically installed by OrbStack #10648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

ignore CA cert automatically installed by OrbStack #10648

wants to merge 3 commits into from

Conversation

sipsma
Copy link
Contributor
@sipsma sipsma commented Jun 26, 2025
edited
Loading

OrbStack will by default automatically put a CA cert in containers,
including the dagger engine if the user is running on MacOS w/ OrbStack.

This results in the engine seeing a custom CA cert and deciding to
automatically install it in every container. While this works it
introduces performance overhead for a case that is unlikely to be of any
utility.

This therefore disables automatic CA cert installation when the only CA
cert found is the OrbStack one, keeping the default path case for
OrbStack users simpler and more performant.

@TomChv noticed this after pulling down this change, so the first commit here also improves some busybox symlink handling in the alpine module.

Discord thread for context: https://discord.com/channels/707636530424053791/1387901998283624654

sipsma added 2 commits June 26, 2025 15:28
@sipsma
alpine: install busybox symlinks early
9fc8629 
This handles a corner case where the engine tries to install CA
certificates after the ca-certificates package is installed but can't
because the busybox sh link hasn't been created yet.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
@sipsma
ignore CA cert automatically installed by OrbStack
d66a386 
OrbStack will by default automatically put a CA cert in containers,
including the dagger engine if the user is running on MacOS w/ OrbStack.

This results in the engine seeing a custom CA cert and deciding to
automatically install it in every container. While this works it
introduces performance overhead for a case that is unlikely to be of any
utility.

This therefore disables automatic CA cert installation when the only CA
cert found is the OrbStack one, keeping the default path case for
OrbStack users simpler and more performant.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
@sipsma sipsma added this to the v0.18.12 milestone Jun 26, 2025
@sipsma
add changelog
a6311fa 
Signed-off-by: Erik Sipsma <erik@sipsma.dev>
@sipsma sipsma requested review from jedevc, vito and TomChv June 26, 2025 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jedevc jedevc Awaiting requested review from jedevc

@vito vito Awaiting requested review from vito

@TomChv TomChv Awaiting requested review from TomChv

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.18.12
Development

Successfully merging this pull request may close these issues.
1 participant
@sipsma
0