Is it possible to remove ca-certificate dependency from stand-alone mender 2.0?


I’m using Mender 2.0 in stand-alone mode and as part of the security requirements, I need to remove the ca-certificate from the Yocto (we are using sumo version).

When I removed the ca-certificate, the below error pop ups:

I would like to know whether mender stand-alone required ca-certificate? If not, then may I know how to remove it?

Have you tried creating a mender_%.bbappend file in your own projects layer and adding something along the lines of to remove the RDEPENDS addition by the mender-install feature.


the syntax above may not be totally correct, so further reading can be found below:

1 Like

Thank you for your quick support.

I tired to remove the ca-certificates directly from the meta-mender-core layer (meta-mender-core/recipes-mender/mender/ as below:


PACKAGECONFIG[mender-install] = ",,,mender-artifact-info ca-certificates"


PACKAGECONFIG[mender-install] = ",,,mender-artifact-info"

This build without any error. I hope removing the ca-certificate from here will not impact the stand-alone mender functionalities.

However, your method is more standard and preferred because we don’t have to modify the default mender layer configurations. I will try to do the same.

Thank you again :+1:

1 Like

Thank you @dellgreen for your support.
I tried to add the removal part in the mender_%.bbappend file from our own project layer.
However, the ca-certificates couldn’t able remove using any of the below trials:

  1. PACKAGECONFIG_remove[mender-install] = “ca-certificates”
  2. PACKAGECONFIG[mender-install]_remove(“ca-certificates”)
  3. PACKAGECONFIG[mender-install]_remove = “ca-certificates”

All the above 3 methods gave build error :exploding_head:

I know this is basic Yocto, however, I would like to know what is the correct syntax for removing the ca-certificates from mender-install which is mentioned in the mender core layer?

That’s an interesting idea; I’ve never tried that myself and honestly I’d be surprised if it worked. I think you may need to simply override the entire PACKAGECONFIG[mender-install] definition in your bbappend file using the syntax you specified above:

PACKAGECONFIG[mender-install] = “,mender-artifact-info”

1 Like

I haven’t tried this, but given that the package config instruction looks like it indirectly is adding to the RDEPENDS variable, I would check this variable when running the mender recipe with bitbake -e mender | grep RDEPENDS to see if it’s updated. If so you could try something like RDEPENDS_${PN}_remove = “ca-certificates” in you bbappend recipe

1 Like