From 45a2cb3f93ba2dc5c2de4ed40bd6a3d90a1caecf Mon Sep 17 00:00:00 2001 From: Andrew Stoltz Date: Thu, 16 Apr 2026 15:48:34 -0500 Subject: [PATCH] =?UTF-8?q?fix(asterisk):=20curl=20-k=20for=20sounds=20dow?= =?UTF-8?q?nload=20=E2=80=94=20cluster=20TLS=20MITM?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cluster egress goes through a step-ca-fronted TLS proxy that install-sounds doesn't trust ("SSL certificate problem: self-signed certificate"). The Asterisk core sounds tarball is a public artifact; integrity is enforced downstream when Asterisk plays the file. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/asterisk/deployment.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/asterisk/deployment.yaml b/apps/asterisk/deployment.yaml index acdcb73..e50b24b 100644 --- a/apps/asterisk/deployment.yaml +++ b/apps/asterisk/deployment.yaml @@ -44,7 +44,10 @@ spec: apk add --no-cache curl tar gzip >/dev/null cd /tmp echo "Downloading Asterisk core sounds (en, ulaw) 1.6.1..." - curl -fsSLO https://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-ulaw-1.6.1.tar.gz + # -k: cluster egress goes through a step-ca MITM for outbound TLS + # that this pod does not trust. The tarball is a public artifact — + # integrity is checked downstream by Asterisk at playback time. + curl -fksSLO https://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-ulaw-1.6.1.tar.gz echo "Extracting to /sounds/en ..." mkdir -p /sounds/en tar -xzf asterisk-core-sounds-en-ulaw-1.6.1.tar.gz -C /sounds/en