Skip to content

fix: detect and expose system CA bundle for RHEL/Amazon Linux in chroot#5783

Merged
lpcox merged 4 commits into
mainfrom
fix-split-fs-test-macos
Jul 1, 2026
Merged

fix: detect and expose system CA bundle for RHEL/Amazon Linux in chroot#5783
lpcox merged 4 commits into
mainfrom
fix-split-fs-test-macos

Conversation

@lpcox

@lpcox lpcox commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

Fixes #5733

On Amazon Linux / RHEL-family self-hosted runners, the system CA bundle lives under /etc/pki/ which is not mounted into the AWF chroot. This causes TLS failures for tools like Copilot CLI running inside the sandbox:

No CA certificates were loaded from the system

Changes

Adds a copy_system_ca_bundle() function to the agent container entrypoint that:

  1. Detects the host system CA bundle from known candidate paths:

    • /etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu)
    • /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL/Amazon Linux)
    • /etc/pki/tls/certs/ca-bundle.crt (RHEL/CentOS)
    • /etc/pki/tls/cert.pem (Fedora)
    • /etc/ssl/cert.pem (macOS/Alpine)
  2. If already accessible in the chroot (under /etc/ssl/ or /etc/ca-certificates/ which are already mounted), sets TLS environment variables pointing to it.

  3. If not accessible (e.g., /etc/pki/ paths), copies the bundle to /tmp/awf-lib/system-ca-certificates.crt and sets:

    • SSL_CERT_FILE
    • NODE_EXTRA_CA_CERTS
    • REQUESTS_CA_BUNDLE
    • CURL_CA_BUNDLE
    • GIT_SSL_CAINFO
  4. When SSL Bump is active, appends the system CA bundle to the AWF CA cert so tools trust both the proxy CA and upstream CAs.

Design Decision

The issue proposed two approaches. This implements the preferred "copy-a-single-resolved-bundle" approach rather than mounting /etc/pki into the chroot, because it exposes less of the host filesystem to the agent.

Testing

  • All 3387 unit tests pass
  • Entrypoint phase function tests updated and passing (44/44)
  • bash -n syntax validation passes

lpcox and others added 2 commits July 1, 2026 13:22
The compose-generator test 'filters out workDir and home dot-directory
bind mounts on split-fs' hardcoded '/host/home' as the prefix for
filtering home-target volumes. This only works on Linux where home
directories are under /home/. On macOS (home under /Users/), the filter
matched nothing, causing the workspace mount assertion to fail.

Use getRealUserHome() to derive the actual home prefix, making the test
portable across platforms.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
On Amazon Linux / RHEL-family runners, the system CA bundle lives under
/etc/pki/ which is not mounted into the AWF chroot. This causes TLS
failures ('No CA certificates were loaded from the system') for tools
like Copilot CLI running inside the sandbox.

Add copy_system_ca_bundle() to the agent entrypoint that:
- Detects the host CA bundle from known candidate paths
- If already accessible via existing /etc/ssl mounts, sets TLS env vars
- If under /etc/pki (not mounted), copies to /tmp/awf-lib/ and sets
  SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, REQUESTS_CA_BUNDLE, CURL_CA_BUNDLE,
  GIT_SSL_CAINFO
- When SSL Bump is active, appends system bundle to AWF CA cert

Fixes #5733

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 1, 2026 21:10
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 958775b

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 98.64% 98.68% 📈 +0.04%
Statements 98.53% 98.56% 📈 +0.03%
Functions 99.56% 99.56% ➡️ +0.00%
Branches 94.51% 94.51% ➡️ +0.00%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/workdir-setup.ts 93.0% → 94.8% (+1.74%) 93.0% → 94.8% (+1.74%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses TLS failures in AWF chroot mode on RHEL/Amazon Linux self-hosted runners by ensuring a host system CA bundle is discoverable inside the chroot (without mounting /etc/pki), aligning with the “copy a resolved bundle” mitigation described in #5733.

Changes:

  • Add copy_system_ca_bundle() to the agent entrypoint to detect common CA bundle locations and, when needed, copy the bundle into /tmp/awf-lib/ and set common TLS env vars.
  • Update chroot-mode documentation to describe the new system CA detection/copy behavior.
  • Update tests to include the new chroot helper phase and improve split-fs home mount filtering assertions.
Show a summary per file
File Description
containers/agent/entrypoint.sh Adds system CA bundle detection/copy and integrates it into the chroot init sequence.
docs/chroot-mode.md Documents system CA bundle detection and the env vars set for chrooted tools.
tests/entrypoint-phase-functions.test.sh Ensures the new entrypoint helper is invoked in the expected chroot phase order.
src/compose-generator.test.ts Adjusts split-fs home mount filtering expectations to use the effective real home path.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 4/4 changed files
  • Comments generated: 2
  • Review effort level: Low

Comment thread containers/agent/entrypoint.sh Outdated
Comment on lines +713 to +735
if [ -n "$AWF_CA_CHROOT" ]; then
# SSL Bump already configured TLS env vars; detect system bundle and append
# it to the AWF CA so tools trust both the AWF proxy CA AND the upstream CAs.
local SYSTEM_BUNDLE=""
for candidate in \
/host/etc/ssl/certs/ca-certificates.crt \
/host/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
/host/etc/pki/tls/certs/ca-bundle.crt \
/host/etc/pki/tls/cert.pem \
/host/etc/ssl/cert.pem; do
if [ -s "$candidate" ]; then
SYSTEM_BUNDLE="$candidate"
break
fi
done
if [ -n "$SYSTEM_BUNDLE" ]; then
# Append system bundle to the AWF CA cert so both are trusted
if cat "$SYSTEM_BUNDLE" >> /host/tmp/awf-lib/awf-ca.crt 2>/dev/null; then
echo "[entrypoint] System CA bundle ($SYSTEM_BUNDLE) appended to AWF CA cert"
fi
fi
return
fi
Comment on lines +774 to +783
if mkdir -p /host/tmp/awf-lib 2>/dev/null; then
if cp "$SYSTEM_BUNDLE" /host/tmp/awf-lib/system-ca-certificates.crt 2>/dev/null && \
[ -s /host/tmp/awf-lib/system-ca-certificates.crt ]; then
local CA_PATH="/tmp/awf-lib/system-ca-certificates.crt"
export SSL_CERT_FILE="$CA_PATH"
export NODE_EXTRA_CA_CERTS="$CA_PATH"
export REQUESTS_CA_BUNDLE="$CA_PATH"
export CURL_CA_BUNDLE="$CA_PATH"
export GIT_SSL_CAINFO="$CA_PATH"
echo "[entrypoint] System CA bundle copied from $SYSTEM_BUNDLE to $CA_PATH"
@lpcox

lpcox commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator Author

@copilot address review feedback

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

✅ Copilot review passed with no inline comments.

@lpcox Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@copilot address review feedback

Addressed in 256091e.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📡 Smoke OTel Tracing reports failed. OTel tracing regression detected. ⚠️

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔌 Smoke Services — Service connectivity failed ⚠️

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (api-key) reports failed. AOAI BYOK (api-key) mode investigation needed...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Security Guard failed. Please review the logs for details.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Claude failed

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Gemini reports failed. Facets need polishing...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK reports failed. BYOK mode investigation needed...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Chroot tests failed Smoke Chroot failed - See logs for details.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔑 Smoke Copilot PAT reports failed. PAT auth path may have issues...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Contribution Check failed. Please review the logs for details.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Build Test Failed Build Test Suite - See logs for details

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Build Test Suite completed successfully!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Security Guard completed successfully!

PR #5783 security review: System CA bundle detection and copying. No security-weakening changes detected. File operations are safe (source validation with [ -s ], destination within /tmp/awf-lib). SSL Bump handling preserves AWF CA as primary trust anchor. No capabilities added, firewall rules unchanged, cleanup properly tracked.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Contribution Check completed successfully!

PR follows the applicable CONTRIBUTING.md guidelines: clear description with related issue, tests included for the entrypoint change, documentation updated, and files are organized appropriately.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Gemini completed. All facets verified. 💎

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Claude Engine Validation

Check Result
API status ✅ PASS
gh check ✅ PASS
File status ✅ PASS

Overall result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #5783 · 54.4 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Copilot BYOK (Direct) Mode

✅ BYOK Inference Path Active (agent → api-proxy → api.githubcopilot.com)
✅ GitHub.com Connectivity (HTTP 200)
✅ File Write/Read Working
✅ MCP Integration Operational

Status: PASS
Mode: Direct BYOK (COPILOT_PROVIDER_API_KEY) with credential injection

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke test results:

  • MCP connectivity: ✅
  • GitHub.com connectivity: ✅
  • File I/O sandbox: ✅
  • BYOK inference path: ✅

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

Overall: PASS

cc @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions github-actions Bot mentioned this pull request Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@lpcox Smoke Test ✅

  • GitHub MCP PR list: ✅
  • GitHub.com HTTP: ✅
  • File write/read: ✅
  • BYOK inference: ✅

Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw).

Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Copilot PAT Auth — FAIL

Test Result
GitHub.com connectivity ✅ HTTP 200
File write/read ❌ Template var unexpanded
GitHub MCP ❌ Not available in env
Pre-fetched PR data ❌ Template var unexpanded

Overall: FAIL — workflow template variables were not expanded (SMOKE_HTTP_CODE, SMOKE_FILE_PATH, etc. passed as literals).
Auth mode: PAT (COPILOT_GITHUB_TOKEN)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔍 Smoke Test Results

Test Status
GitHub MCP connectivity (list PRs → #5800)
GitHub.com connectivity (HTTP 200)
File write/read ❌ (template vars unsubstituted)

PR: fix: detect and expose system CA bundle for RHEL/Amazon Linux in chroot
Author: @lpcox · No assignees

Overall: FAIL — pre-step template variables were not substituted; file test unverifiable.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📡 Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Result Details
✅ Module Loading PASS otel.js loads successfully; exports 7 public functions: startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled
✅ Test Suite PASS 59 tests passed, 0 failed across 2 test suites (otel.test.js, otel-fanout.test.js)
✅ Env Var Forwarding PASS src/services/api-proxy-env-config.ts forwards all OTEL env vars (GH_AW_OTLP_ENDPOINTS, OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME) to the container
✅ Token Tracker Integration PASS onUsage callback present in token-tracker-http.js (line 324) — invoked post-token-parse as the OTEL hook point
✅ OTEL Diagnostics PASS No OTLP endpoint → falls back to FileSpanExporter writing spans to /var/log/api-proxy/otel.jsonl; isEnabled() returns true (always active with file fallback); graceful degradation confirmed

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Test: Services Connectivity

  • Redis PING: ❌ Network unreachable
  • PostgreSQL pg_isready: ❌ No response
  • PostgreSQL SELECT 1: ❌ Network unreachable

Result: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Test Results

Overall Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color passed ✅ PASS
Go env passed ✅ PASS
Go uuid passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx all passed ✅ PASS
Node.js execa all passed ✅ PASS
Node.js p-limit all passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Notes
  • Java: Maven local repo redirected to /tmp (root-owned ~/.m2/repository); proxy configured with Squid IP 172.30.0.10:3128 directly since squid-proxy hostname not resolvable outside AWF containers.
  • All other ecosystems ran without issues.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #5783 · 51.1 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

AWF chroot does not expose Amazon Linux / RHEL system CA bundle paths, causing Copilot CLI TLS failure

3 participants