[Bug 1061500] New: osc is missing an install dependency on ca-certificates
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500 Bug ID: 1061500 Summary: osc is missing an install dependency on ca-certificates Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: openSUSE 42.3 Status: NEW Severity: Normal Priority: P5 - None Component: Development Assignee: bnc-team-screening@forge.provo.novell.com Reporter: florian.haas@hastexo.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/61.0.3163.79 Chrome/61.0.3163.79 Safari/537.36 Build Identifier: I'm running Leap 42.3 in an LXC container (using a download image from images.linuxcontainers.org), and I can install osc just fine with "zypper in osc". However, all subsequent osc commands that try to access the build.opensuse.org API fail, because osc is unable to verify the TLS certs. Installing ca-certificates* fixes the issue; osc should probably get that as an install dependency. Reproducible: Always Steps to Reproduce: 1. Start a Leap 42.3 LXC container (I run on Ubuntu, and use "lxc-create -n <name> -t download -- --dist opensuse --release 42.3 --arch amd64"), and attach to it with lxc-attach. 2. Run "zypper in osc" as root. 3. Try "osc ls home:<name>" as a regular user. 4. Give your username and password, observe failure to verify CA cert. 5. Run "zypper in ca-certificates*" as root. 6. Retry step 4, which now succeeds. Actual Results: osc is non-functional without manually installing the ca-certificates* packages. Expected Results: The osc package should have an installation dependency on the ca-certificates* packages, so that "zypper in osc" automatically installs those packages. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c2
--- Comment #2 from Florian Haas
The osc devs say that this should be a "recommends", not a "requires".
Hmmm... under what circumstances would osc ever *not* need certificate verification? If the answer is "none", then a hard requirement would seem more appropriate to me than a recommendation. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
Florian Haas
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c3
--- Comment #3 from Adrian Schröter
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c4
--- Comment #4 from Florian Haas
when using it against an OBS with an own CA or no SSL at all or if the user want's a different ca certificate package.
Sounds reasonable — except the "no SSL at all" part :) — but maybe you want to add an additional error message to make this clearer to the user. Something like "Unable to verify certificate. Does your system have the correct CA certificate installed?" Just my two cents, of course. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c6
--- Comment #6 from Marco Strigl
Reproducible: Always
Steps to Reproduce: 1. Start a Leap 42.3 LXC container (I run on Ubuntu, and use "lxc-create -n <name> -t download -- --dist opensuse --release 42.3 --arch amd64"), and attach to it with lxc-attach. 2. Run "zypper in osc" as root. 3. Try "osc ls home:<name>" as a regular user. 4. Give your username and password, observe failure to verify CA cert. 5. Run "zypper in ca-certificates*" as root. 6. Retry step 4, which now succeeds. Actual Results: osc is non-functional without manually installing the ca-certificates* packages.
I can not reproduce this. I start a Leap42.3 container an run zypper in osc as root and this are the deps that get resolved: The following 328 NEW packages are going to be installed: Mesa Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 Mesa-libva PackageKit PackageKit-backend-zypp PackageKit-branding-openSUSE PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang adwaita-icon-theme at-spi2-core bash-completion binutils bsdtar build build-mkbaselibs build-mkdrpms bzr bzr-lang ca-certificates ca-certificates-mozilla cantarell-fonts cpp cpp48 cups-libs dbus-1-glib dbus-1-python deltarpm desktop-translations file fontconfig fuse gcc gcc48 gcr-data gcr-lang gcr-prompter gcr-viewer gd gdk-pixbuf-lang gdk-pixbuf-loader-rsvg gdk-pixbuf-query-loaders gettext-runtime gettext-tools girepository-1_0 git-core glib-networking glib-networking-lang glibc-32bit glibc-devel glibc-locale gnome-online-accounts gnome-online-accounts-lang gptfdisk gsettings-desktop-schemas gsettings-desktop-schemas-lang gstreamer gstreamer-lang gstreamer-plugins-base gstreamer-plugins-base-lang gtk3-branding-openSUSE gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-lang gtk3-metatheme-adwaita gtk3-tools gvfs gvfs-backend-afc gvfs-backends gvfs-fuse gvfs-lang hicolor-icon-theme hunspell hunspell-tools json-glib-lang less libLLVM libX11-xcb1 libXcomposite1 libXcursor1 libXdamage1 libXext6 libXfixes3 libXft2 libXi6 libXinerama1 libXpm4 libXrandr2 libXrender1 libXtst6 libXv1 libXxf86vm1 libapr-util1 libapr1 libarchive13 libasan0 libasound2 libaspell15 libatasmart4 libatk-1_0-0 libatk-bridge-2_0-0 libatomic1 libatspi0 libavahi-client3 libavahi-common3 libavahi-glib1 libbluray2 libcairo-gobject2 libcairo2 libcdda_interface0 libcdda_paranoia0 libcdio16 libcdio_cdda2 libcdio_paranoia2 libcloog-isl4 libcolord2 libcroco-0_6-3 libdatrie1 libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 libenchant1 libepoxy0 libexif12 libfreetype6 libfuse2 libgbm1 libgcc_s1-32bit libgck-1-0 libgcr-3-1 libgdata-lang libgdata22 libgdbm4 libgdk_pixbuf-2_0-0 libgirepository-1_0-1 libgnutls28 libgoa-1_0-0 libgoa-backend-1_0-1 libgomp1 libgphoto2-6 libgphoto2-6-lang libgraphite2-3 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstpbutils-1_0-0 libgstreamer-1_0-0 libgstriff-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 libgtk-3-0 libgudev-1_0-0 libharfbuzz-icu0 libharfbuzz0 libhogweed2 libhyphen0 libicu52_1 libicu52_1-data libimobiledevice6 libisl10 libitm1 libjasper1 libjavascriptcoregtk-4_0-18 libjbig2 libjpeg8 libjson-glib-1_0-0 liblcms2-2 liblockdev1 libltdl7 libmpc3 libmpfr4 libmtp-udev libmtp9 libnettle4 libnfs8 libnotify4 liboauth0 libogg0 libopus0 liborc-0_4-0 libp11-kit0 libpackagekit-glib2-18 libpango-1_0-0 libpciaccess0 libpixman-1-0 libplist3 libpng16-16 libpython2_7-1_0 librest0 librsvg-2-2 libsecret-1-0 libsecret-lang libserf-1-1 libsoup-2_4-1 libsoup-lang libsqlite3-0 libstdc++6-32bit libtasn1 libtasn1-6 libtelepathy-glib0 libthai-data libthai0 libtheoradec1 libtheoraenc1 libtiff5 libtsan0 libudisks2-0 libusbmuxd4 libvisual libvorbis0 libvorbisenc2 libvpx1 libwayland-client0 libwayland-server0 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang libwebp5 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-render0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxml2-tools libxshmfence1 libxslt1 libyaml-0-2 linux-glibc-devel lockdev make mercurial mercurial-lang metatheme-adwaita-common notification-daemon notification-daemon-lang obs-service-download_files obs-service-format_spec_file obs-service-obs_scm-common obs-service-recompress obs-service-set_version obs-service-source_validator obs-service-tar_scm obs-service-verify_file osc p11-kit p11-kit-tools patch perl perl-Crypt-SSLeay perl-Data-Dump perl-Encode-Locale perl-Error perl-File-Listing perl-HTML-Parser perl-HTML-Tagset perl-HTTP-Cookies perl-HTTP-Daemon perl-HTTP-Date perl-HTTP-Message perl-HTTP-Negotiate perl-IO-HTML perl-IO-Socket-SSL perl-LWP-MediaTypes perl-LWP-Protocol-https perl-Net-HTTP perl-Net-SSLeay perl-TimeDate perl-URI perl-WWW-RobotRules perl-XML-Parser perl-YAML perl-YAML-LibYAML perl-libwww-perl pkg-config python python-M2Crypto python-PyYAML python-SecretStorage python-base python-cffi python-cryptography python-curses python-dateutil python-enum34 python-gobject python-gobject-Gdk python-gobject-cairo python-idna python-ipaddress python-keyring python-packaging python-pyasn1 python-pycparser python-pycurl python-setuptools python-six python-urlgrabber python-xml qemu-linux-user rpm-build rpm-python s2tc s2tc-32bit site-config subversion subversion-bash-completion sudo systemd-rpm-macros timezone typelib-1_0-Atk-1_0 typelib-1_0-GdkPixbuf-2_0 typelib-1_0-Gtk-3_0 typelib-1_0-Pango-1_0 udisks2 udisks2-lang webkit2gtk-4_0-injected-bundles wget xz xz-lang The following 30 recommended packages were automatically selected: bsdtar build build-mkdrpms bzr-lang ca-certificates-mozilla mercurial-lang obs-service-download_files obs-service-format_spec_file obs-service-recompress obs-service-set_version obs-service-source_validator obs-service-tar_scm obs-service-verify_file perl perl-Crypt-SSLeay perl-Data-Dump perl-IO-Socket-SSL perl-LWP-Protocol-https perl-TimeDate perl-URI perl-XML-Parser perl-YAML perl-YAML-LibYAML perl-libwww-perl python-keyring python-packaging qemu-linux-user subversion-bash-completion sudo xz-lang As you can see ca-certificates and ca-certificates-mozilla will be installed. So step 3 works for me. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c7
Ludwig Nussel
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500
http://bugzilla.opensuse.org/show_bug.cgi?id=1061500#c8
--- Comment #8 from Florian Haas
participants (1)
-
bugzilla_noreply@novell.com