Bug ID | 1221557 |
---|---|
Summary | flatpak runtime org.kde.Platform 6.6 does not reliably verify SSL certs |
Classification | openSUSE |
Product | openSUSE Aeon |
Version | Current |
Hardware | x86-64 |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Flatpak |
Assignee | rbrown@suse.com |
Reporter | vortex@z-ray.de |
QA Contact | qa-bugs@suse.de |
Target Milestone | --- |
Found By | --- |
Blocker | --- |
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0 Build Identifier: Hello there this came to my attention as OBS Studio updated their flatpak from 30.0.2 to 30.1.0 where they also changed the used runtime form KDE Platform 6.5 to 6.6. Since that update browser sources and browser docks do no longer work if they are pointing at an HTTPS protected site. While with runtime 6.5 it still works fine (more details below). Browser docks are only available in a X11 session due to bugs under Wayland but also the only one to actually show an error message while browser sources are completely silent and simply keep empty. Beside the steps to reproduce other findings made in the meantime before reporting here. This happens on openSUSE Leap 15.6, openSUSE Tumbleweed, openSUSE Aeon and openSUSE Kalpa. Running the OBS Studio flatpak on virtually any other Linux distribution (Tested Ubuntu 22.04, Fedora 39, Arch Linux) does work just fine. Nevertheless I report the bug for Aeon as Aeon and Kalpa heavily rely on flatpaks and this issue is more imminent for them than for regular Tumbleweed and Leap. Other things I tried was running the OBS Studio 30.1.0 *.dep package from inside a Ubuntu 22.04 distrobox container running on my openSUSE Aeon host. Browser sources and docks worked just fine. Also I ran a Ubuntu 22.04 VM on my openSUSE Aeon host using Gnome Boxes and the flatpak version of OBS Studio, browser sources and docks worked just fine too. Furthermore I build the OBS Studio flatpak locally using fkatpab-builder from inside a openSUSE Tumbleweed distrobox using runtime 6.5 instead of 6.6. That OBS Studio flatpak did worked just fine on my openSUSE Aeon and inside the openSUSE Tumlbeweed distrobox container. Whilst building it with 6.6 was broken again. To build OBS Studio with a different runtime do the following: 1) git clone --recursive https://github.com/obsproject/obs-studio.git 2) Change the content of obs-studio/build-aux/com.obsproject.Studio to ruse runtime 6.5 instead of 6.6 (line 4) 3) flatpak-builder --force-clean --install-deps-from=flathub --user --install --ccache --mirror-screenshots-url=https://dl.flathub.org/media/ build-dir build-aux/com.obsproject.Studio.json --user --install Reproducible: Always Steps to Reproduce: 1. Install OBS Studio flatpak 30.1.0 2. Add a browser dock or a browser source pointing to an https site 3. See nothing or in case of a dock the error: ERR_CERT_AUTHORITY_INVALID URL: https://obsproject.com/browser-source Actual Results: Empty browser source or a browser dock showing ERR_CERT_AUTHORITY_INVALID URL: https://obsproject.com/browser-source Expected Results: Browser sources and docks to work Thsi bug was firstly reported to OBS Studio where we found out it's actually the runtime causeing the issue: https://github.com/obsproject/obs-studio/issues/10385 And reported to KDE where they asked me to better open up the issue directly for openSUSE as other distributions are not affected over here: https://bugs.kde.org/show_bug.cgi?id=483746