fix: copy AWF CA cert to chroot-accessible path for ssl-bump (#1555)

lpcox · Copilot · Copilot · web-flow · commit f7361c5de540 · 2026-04-01T12:54:28.000-07:00
* fix: copy AWF CA cert to chroot-accessible path for ssl-bump When ssl-bump and chroot are both active, NODE_EXTRA_CA_CERTS points to /usr/local/share/ca-certificates/awf-ca.crt which is a Docker volume mount on the container's overlay filesystem. After chroot /host, this path is inaccessible, causing TLS failures (transaction-end-before-headers in Squid, EHOSTUNREACH in Claude Code after 10 retries). Fix: copy the CA cert to /host/tmp/awf-lib/awf-ca.crt before chroot activates (same pattern as one-shot-token.so and get-claude-key.sh), then update NODE_EXTRA_CA_CERTS to the chroot-relative path. Also set SSL_CERT_FILE and REQUESTS_CA_BUNDLE so non-Node.js tools (curl, git, Python requests, Ruby) trust the AWF CA in both chroot and non-chroot ssl-bump modes. Cleanup is handled by the existing /tmp/awf-lib removal in the EXIT trap. Fixes #1546 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update containers/agent/entrypoint.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: address PR review feedback on ssl-bump chroot CA - Verify destination file exists after copy ([ -f ] check) - Log warning when mkdir /host/tmp/awf-lib fails - Include CHROOT_KEY_HELPER in cleanup condition to prevent /tmp/awf-lib leak when only key helper was copied Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
diff --git a/containers/agent/entrypoint.sh b/containers/agent/entrypoint.sh
@@ -107,9 +107,14 @@ if [ "${AWF_SSL_BUMP_ENABLED}" = "true" ]; then
   echo "[entrypoint] SSL Bump mode detected - updating CA certificates..."
   if [ -f /usr/local/share/ca-certificates/awf-ca.crt ]; then
     update-ca-certificates 2>/dev/null
+    AWF_CA_PATH="/usr/local/share/ca-certificates/awf-ca.crt"
     # Set NODE_EXTRA_CA_CERTS so Node.js tools (Yarn 4, Corepack, npm) trust the AWF CA.
     # Node.js uses its own CA bundle, not the system CA store updated by update-ca-certificates.
-    export NODE_EXTRA_CA_CERTS="/usr/local/share/ca-certificates/awf-ca.crt"
+    export NODE_EXTRA_CA_CERTS="$AWF_CA_PATH"
+    # SSL_CERT_FILE is respected by curl, git, Python requests, Ruby, and most
+    # OpenSSL-based tools that don't use the system CA store updated above.
+    export SSL_CERT_FILE="$AWF_CA_PATH"
+    export REQUESTS_CA_BUNDLE="$AWF_CA_PATH"
     echo "[entrypoint] CA certificates updated for SSL Bump"
     echo "[entrypoint] NODE_EXTRA_CA_CERTS set to $NODE_EXTRA_CA_CERTS"
     echo "[entrypoint] ⚠️  WARNING: HTTPS traffic will be intercepted for URL inspection"
@@ -473,6 +478,33 @@ if [ "${AWF_CHROOT_ENABLED}" = "true" ]; then
     fi
   fi
 
+  # Copy AWF CA certificate to chroot-accessible path for ssl-bump TLS trust.
+  # NODE_EXTRA_CA_CERTS points to /usr/local/share/ca-certificates/awf-ca.crt which
+  # is a Docker volume mount on the container's overlay filesystem. After chroot /host,
+  # this path is inaccessible. Copy to /tmp/awf-lib/ (always writable) and update the
+  # env var so Node.js (Claude Code), curl, git, Python, etc. trust the Squid CA.
+  AWF_CA_CHROOT=""
+  if [ "${AWF_SSL_BUMP_ENABLED}" = "true" ] && [ -f /usr/local/share/ca-certificates/awf-ca.crt ]; then
+    if mkdir -p /host/tmp/awf-lib 2>/dev/null; then
+      if cp /usr/local/share/ca-certificates/awf-ca.crt /host/tmp/awf-lib/awf-ca.crt 2>/dev/null && \
+         [ -f /host/tmp/awf-lib/awf-ca.crt ]; then
+        AWF_CA_CHROOT="/tmp/awf-lib/awf-ca.crt"
+        export NODE_EXTRA_CA_CERTS="$AWF_CA_CHROOT"
+        # SSL_CERT_FILE is respected by curl, git, Python requests, Ruby, and most
+        # OpenSSL-based tools. This ensures non-Node.js tools also trust the AWF CA.
+        export SSL_CERT_FILE="$AWF_CA_CHROOT"
+        export REQUESTS_CA_BUNDLE="$AWF_CA_CHROOT"
+        echo "[entrypoint] AWF CA certificate copied to chroot at $AWF_CA_CHROOT"
+        echo "[entrypoint] NODE_EXTRA_CA_CERTS updated to $AWF_CA_CHROOT"
+        echo "[entrypoint] SSL_CERT_FILE updated to $AWF_CA_CHROOT"
+      else
+        echo "[entrypoint][WARN] Could not copy AWF CA certificate to chroot — ssl-bump TLS may fail"
+      fi
+    else
+      echo "[entrypoint][WARN] Could not create /host/tmp/awf-lib for CA cert — ssl-bump TLS may fail in chroot"
+    fi
+  fi
+
   # Verify capsh is available on the host (required for privilege drop)
   if ! chroot /host which capsh >/dev/null 2>&1; then
     echo "[entrypoint][ERROR] capsh not found on host system"
@@ -697,8 +729,8 @@ AWFEOF
     CLEANUP_CMD="${CLEANUP_CMD}; sed -i '/^[0-9.]\\+[[:space:]]\\+host\\.docker\\.internal\$/d' /etc/hosts 2>/dev/null || true"
     echo "[entrypoint] host.docker.internal will be removed from /etc/hosts on exit"
   fi
-  # Clean up the one-shot-token library if it was copied
-  if [ -n "${ONE_SHOT_TOKEN_LIB}" ]; then
+  # Clean up /tmp/awf-lib if anything was copied (one-shot-token, CA cert, key helper)
+  if [ -n "${ONE_SHOT_TOKEN_LIB}" ] || [ -n "${AWF_CA_CHROOT}" ] || [ -n "${CHROOT_KEY_HELPER}" ]; then
     CLEANUP_CMD="${CLEANUP_CMD}; rm -rf /tmp/awf-lib 2>/dev/null || true"
   fi
 
