You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you enable the networking unsafe setting on a process, it will enable network access in the sandbox and copy the host's DNS settings. But, this alone isn't enough for HTTPS requests to work most of the time-- we don't add any TLS certificates to the sandbox, so certificate verification will fail out-of-the-box. The simplest workaround today is to add the ca_certificates package as a dependency to the process, which will include some certs and set the $SSL_CERT_FILE env var, which is enough config to get HTTPS requests to work.
I think a better option would be to tweak the sandbox to automatically inherit certificates from the host when the networking setting is set (or falling back to a default set of WebPKI certs bundled with Brioche-- possibly with an explicit config setting to tweak this behavior). Philosophically, I believe the set of TLS certificates to use is "network-level configuration", just like the host's DNS config is. Especially in enterprise contexts, it's not uncommon for a proxy to intercept and re-encrypt all traffic, which would require using the host's TLS certificates to work properly.
Additionally, if a build is locked with an old version of ca_certificates, then the build will eventually fail once the root certificates expire and get rotated. While we should still give the option to use a specific version of ca_certificates, defaulting to a current set of certs (from the host or from WebPKI certs distributed with Brioche) would be a better choice.
The text was updated successfully, but these errors were encountered:
If you enable the
networkingunsafe setting on a process, it will enable network access in the sandbox and copy the host's DNS settings. But, this alone isn't enough for HTTPS requests to work most of the time-- we don't add any TLS certificates to the sandbox, so certificate verification will fail out-of-the-box. The simplest workaround today is to add theca_certificatespackage as a dependency to the process, which will include some certs and set the$SSL_CERT_FILEenv var, which is enough config to get HTTPS requests to work.I think a better option would be to tweak the sandbox to automatically inherit certificates from the host when the
networkingsetting is set (or falling back to a default set of WebPKI certs bundled with Brioche-- possibly with an explicit config setting to tweak this behavior). Philosophically, I believe the set of TLS certificates to use is "network-level configuration", just like the host's DNS config is. Especially in enterprise contexts, it's not uncommon for a proxy to intercept and re-encrypt all traffic, which would require using the host's TLS certificates to work properly.Additionally, if a build is locked with an old version of
ca_certificates, then the build will eventually fail once the root certificates expire and get rotated. While we should still give the option to use a specific version ofca_certificates, defaulting to a current set of certs (from the host or from WebPKI certs distributed with Brioche) would be a better choice.The text was updated successfully, but these errors were encountered: