http://bugzilla.opensuse.org/show_bug.cgi?id=1061500 http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c2 --- Comment #2 from Florian Haas --- (In reply to Andreas Stieger from comment #1)

The osc devs say that this should be a "recommends", not a "requires".

Hmmm... under what circumstances would osc ever *not* need certificate verification? If the answer is "none", then a hard requirement would seem more appropriate to me than a recommendation. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1061500 http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c3 --- Comment #3 from Adrian Schröter --- when using it against an OBS with an own CA or no SSL at all or if the user want's a different ca certificate package. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1061500 http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c6 --- Comment #6 from Marco Strigl ---

Reproducible: Always

Steps to Reproduce: 1. Start a Leap 42.3 LXC container (I run on Ubuntu, and use "lxc-create -n <name> -t download -- --dist opensuse --release 42.3 --arch amd64"), and attach to it with lxc-attach. 2. Run "zypper in osc" as root. 3. Try "osc ls home:<name>" as a regular user. 4. Give your username and password, observe failure to verify CA cert. 5. Run "zypper in ca-certificates*" as root. 6. Retry step 4, which now succeeds. Actual Results: osc is non-functional without manually installing the ca-certificates* packages.

I can not reproduce this. I start a Leap42.3 container an run zypper in osc as root and this are the deps that get resolved: The following 328 NEW packages are going to be installed: Mesa Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 Mesa-libva PackageKit PackageKit-backend-zypp PackageKit-branding-openSUSE PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang adwaita-icon-theme at-spi2-core bash-completion binutils bsdtar build build-mkbaselibs build-mkdrpms bzr bzr-lang ca-certificates ca-certificates-mozilla cantarell-fonts cpp cpp48 cups-libs dbus-1-glib dbus-1-python deltarpm desktop-translations file fontconfig fuse gcc gcc48 gcr-data gcr-lang gcr-prompter gcr-viewer gd gdk-pixbuf-lang gdk-pixbuf-loader-rsvg gdk-pixbuf-query-loaders gettext-runtime gettext-tools girepository-1_0 git-core glib-networking glib-networking-lang glibc-32bit glibc-devel glibc-locale gnome-online-accounts gnome-online-accounts-lang gptfdisk gsettings-desktop-schemas gsettings-desktop-schemas-lang gstreamer gstreamer-lang gstreamer-plugins-base gstreamer-plugins-base-lang gtk3-branding-openSUSE gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-lang gtk3-metatheme-adwaita gtk3-tools gvfs gvfs-backend-afc gvfs-backends gvfs-fuse gvfs-lang hicolor-icon-theme hunspell hunspell-tools json-glib-lang less libLLVM libX11-xcb1 libXcomposite1 libXcursor1 libXdamage1 libXext6 libXfixes3 libXft2 libXi6 libXinerama1 libXpm4 libXrandr2 libXrender1 libXtst6 libXv1 libXxf86vm1 libapr-util1 libapr1 libarchive13 libasan0 libasound2 libaspell15 libatasmart4 libatk-1_0-0 libatk-bridge-2_0-0 libatomic1 libatspi0 libavahi-client3 libavahi-common3 libavahi-glib1 libbluray2 libcairo-gobject2 libcairo2 libcdda_interface0 libcdda_paranoia0 libcdio16 libcdio_cdda2 libcdio_paranoia2 libcloog-isl4 libcolord2 libcroco-0_6-3 libdatrie1 libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 libenchant1 libepoxy0 libexif12 libfreetype6 libfuse2 libgbm1 libgcc_s1-32bit libgck-1-0 libgcr-3-1 libgdata-lang libgdata22 libgdbm4 libgdk_pixbuf-2_0-0 libgirepository-1_0-1 libgnutls28 libgoa-1_0-0 libgoa-backend-1_0-1 libgomp1 libgphoto2-6 libgphoto2-6-lang libgraphite2-3 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstpbutils-1_0-0 libgstreamer-1_0-0 libgstriff-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 libgtk-3-0 libgudev-1_0-0 libharfbuzz-icu0 libharfbuzz0 libhogweed2 libhyphen0 libicu52_1 libicu52_1-data libimobiledevice6 libisl10 libitm1 libjasper1 libjavascriptcoregtk-4_0-18 libjbig2 libjpeg8 libjson-glib-1_0-0 liblcms2-2 liblockdev1 libltdl7 libmpc3 libmpfr4 libmtp-udev libmtp9 libnettle4 libnfs8 libnotify4 liboauth0 libogg0 libopus0 liborc-0_4-0 libp11-kit0 libpackagekit-glib2-18 libpango-1_0-0 libpciaccess0 libpixman-1-0 libplist3 libpng16-16 libpython2_7-1_0 librest0 librsvg-2-2 libsecret-1-0 libsecret-lang libserf-1-1 libsoup-2_4-1 libsoup-lang libsqlite3-0 libstdc++6-32bit libtasn1 libtasn1-6 libtelepathy-glib0 libthai-data libthai0 libtheoradec1 libtheoraenc1 libtiff5 libtsan0 libudisks2-0 libusbmuxd4 libvisual libvorbis0 libvorbisenc2 libvpx1 libwayland-client0 libwayland-server0 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang libwebp5 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-render0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxml2-tools libxshmfence1 libxslt1 libyaml-0-2 linux-glibc-devel lockdev make mercurial mercurial-lang metatheme-adwaita-common notification-daemon notification-daemon-lang obs-service-download_files obs-service-format_spec_file obs-service-obs_scm-common obs-service-recompress obs-service-set_version obs-service-source_validator obs-service-tar_scm obs-service-verify_file osc p11-kit p11-kit-tools patch perl perl-Crypt-SSLeay perl-Data-Dump perl-Encode-Locale perl-Error perl-File-Listing perl-HTML-Parser perl-HTML-Tagset perl-HTTP-Cookies perl-HTTP-Daemon perl-HTTP-Date perl-HTTP-Message perl-HTTP-Negotiate perl-IO-HTML perl-IO-Socket-SSL perl-LWP-MediaTypes perl-LWP-Protocol-https perl-Net-HTTP perl-Net-SSLeay perl-TimeDate perl-URI perl-WWW-RobotRules perl-XML-Parser perl-YAML perl-YAML-LibYAML perl-libwww-perl pkg-config python python-M2Crypto python-PyYAML python-SecretStorage python-base python-cffi python-cryptography python-curses python-dateutil python-enum34 python-gobject python-gobject-Gdk python-gobject-cairo python-idna python-ipaddress python-keyring python-packaging python-pyasn1 python-pycparser python-pycurl python-setuptools python-six python-urlgrabber python-xml qemu-linux-user rpm-build rpm-python s2tc s2tc-32bit site-config subversion subversion-bash-completion sudo systemd-rpm-macros timezone typelib-1_0-Atk-1_0 typelib-1_0-GdkPixbuf-2_0 typelib-1_0-Gtk-3_0 typelib-1_0-Pango-1_0 udisks2 udisks2-lang webkit2gtk-4_0-injected-bundles wget xz xz-lang The following 30 recommended packages were automatically selected: bsdtar build build-mkdrpms bzr-lang ca-certificates-mozilla mercurial-lang obs-service-download_files obs-service-format_spec_file obs-service-recompress obs-service-set_version obs-service-source_validator obs-service-tar_scm obs-service-verify_file perl perl-Crypt-SSLeay perl-Data-Dump perl-IO-Socket-SSL perl-LWP-Protocol-https perl-TimeDate perl-URI perl-XML-Parser perl-YAML perl-YAML-LibYAML perl-libwww-perl python-keyring python-packaging qemu-linux-user subversion-bash-completion sudo xz-lang As you can see ca-certificates and ca-certificates-mozilla will be installed. So step 3 works for me. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1061500 http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c8 --- Comment #8 from Florian Haas --- OK, if you say so. For what it's worth, the osc client on Debian/Ubuntu does have a hard dependency on ca-certificates: https://packages.debian.org/stretch/osc https://packages.ubuntu.com/zesty/osc -- You are receiving this mail because: You are on the CC list for the bug.