Bug ID | 936709 |
---|---|
Summary | update-ca-certificates does not work in 13.2 |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | 13.2 |
Hardware | x86-64 |
OS | openSUSE 13.2 |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Basesystem |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | novell-ugeuder@sneakemail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Created attachment 639776 [details] example certificate, which reproduces the failure I am aware that this report is a duplicate of https://bugzilla.opensuse.org/show_bug.cgi?id=918944 . Howewever, that report was closed as "works for me" and I can only state it does not work for me. Also https://bugzilla.opensuse.org/show_bug.cgi?id=911202 has a (misplaced) comment where a user mentions that it does not work from him. Steps to reproduce: 1. Copy CA certificate into /etc/pki/trust/anchors (tested certificate attached, I have tried various filenames, but it does not make a difference. I have also tested the undocumented location /etc/pki/trust, that makes no difference either) 2. run update-ca-certificates (as root) Expected result: the certificate is included into /var/lib/ /var/lib/ca-certificates/ca-bundle.pem (you can test using grep 94Uc= /var/lib/ca-certificates/ca-bundle.pem or md5sum /.snapshots/*/snapshot/var/lib/ca-certificates/ca-bundle.pem /var/lib/ca-certificates/ca-bundle.pem if you run snapper) Also the contents of /var/lib/ca-certificates/pem/* should be updated so that grep 94Uc= /var/lib/ca-certificates/pem/* produces a match. Observed result: /var/lib/ca-certificates/ca-bundle.pem is unchanged in 13.2 grep 94Uc= /var/lib/ca-certificates/pem/* produces no match in 13.2 (both tests are successful 13.1) Further debugging: strace -ff -o ucc.strace update-ca-certificates shows that the new certificate gets memory mapped several time without error. Both in the documented location /etc/pki/trust/anchors and in the undocumented location /etc/pki/trust. Could not see from strace what goes wrong that the certificate is not included.