Skip to content

fix(sandbox): inject GIT_SSL_CAINFO so git clone trusts the sandbox CA#918

Merged
johntmyers merged 1 commit intoNVIDIA:mainfrom
laitingsheng:fix/790-git-ssl-cainfo
Apr 22, 2026
Merged

fix(sandbox): inject GIT_SSL_CAINFO so git clone trusts the sandbox CA#918
johntmyers merged 1 commit intoNVIDIA:mainfrom
laitingsheng:fix/790-git-ssl-cainfo

Conversation

@laitingsheng
Copy link
Copy Markdown
Contributor

@laitingsheng laitingsheng commented Apr 22, 2026

Summary

Ubuntu Noble's git links against libcurl-gnutls, which does not read SSL_CERT_FILE. Without GIT_SSL_CAINFO, git clone over HTTPS fails inside every community sandbox image with "server certificate verification failed".

Related Issue

Fixes #790
Fixes NVIDIA/NemoClaw#2270
Fixes NVIDIA/NemoClaw#1828

Changes

  • Add GIT_SSL_CAINFO to tls_env_vars pointing at the same combined CA bundle already used by CURL_CA_BUNDLE / REQUESTS_CA_BUNDLE.

Testing

  • mise run pre-commit passes
  • Unit tests added/updated
  • E2E tests added/updated (if applicable)

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@laitingsheng
fix(sandbox): inject GIT_SSL_CAINFO so git clone trusts the sandbox CA
f656309 
Ubuntu Noble's git links against libcurl-gnutls, which does not read
SSL_CERT_FILE. Without GIT_SSL_CAINFO, `git clone` over HTTPS fails
inside every community sandbox image with "server certificate
verification failed".

Add GIT_SSL_CAINFO to tls_env_vars pointing at the same combined CA
bundle already used by CURL_CA_BUNDLE / REQUESTS_CA_BUNDLE.

Fixes #790
Fixes NVIDIA/NemoClaw#2270
Fixes NVIDIA/NemoClaw#1828

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>
@laitingsheng laitingsheng requested a review from a team as a code owner April 22, 2026 17:17
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026
edited
Loading

All contributors have signed the DCO ✍️ ✅
Posted by the DCO Assistant Lite bot.

@laitingsheng
Copy link
Copy Markdown
Contributor Author

laitingsheng commented Apr 22, 2026

I have read the DCO document and I hereby sign the DCO.

@laitingsheng
Copy link
Copy Markdown
Contributor Author

laitingsheng commented Apr 22, 2026

recheck

@johntmyers johntmyers self-assigned this Apr 22, 2026
@johntmyers johntmyers merged commit 2f8e8ac into NVIDIA:main Apr 22, 2026
14 of 15 checks passed
@laitingsheng laitingsheng mentioned this pull request Apr 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johntmyers johntmyers johntmyers approved these changes

Assignees

@johntmyers johntmyers

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@laitingsheng @johntmyers