http://bugzilla.opensuse.org/show_bug.cgi?id=936709 Bug ID: 936709 Summary: update-ca-certificates does not work in 13.2 Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: x86-64 OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: novell-ugeuder@sneakemail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 639776 --> http://bugzilla.opensuse.org/attachment.cgi?id=639776&action=edit example certificate, which reproduces the failure I am aware that this report is a duplicate of https://bugzilla.opensuse.org/show_bug.cgi?id=918944 . Howewever, that report was closed as "works for me" and I can only state it does not work for me. Also https://bugzilla.opensuse.org/show_bug.cgi?id=911202 has a (misplaced) comment where a user mentions that it does not work from him. Steps to reproduce: 1. Copy CA certificate into /etc/pki/trust/anchors (tested certificate attached, I have tried various filenames, but it does not make a difference. I have also tested the undocumented location /etc/pki/trust, that makes no difference either) 2. run update-ca-certificates (as root) Expected result: the certificate is included into /var/lib/ /var/lib/ca-certificates/ca-bundle.pem (you can test using grep 94Uc= /var/lib/ca-certificates/ca-bundle.pem or md5sum /.snapshots/*/snapshot/var/lib/ca-certificates/ca-bundle.pem /var/lib/ca-certificates/ca-bundle.pem if you run snapper) Also the contents of /var/lib/ca-certificates/pem/* should be updated so that grep 94Uc= /var/lib/ca-certificates/pem/* produces a match. Observed result: /var/lib/ca-certificates/ca-bundle.pem is unchanged in 13.2 grep 94Uc= /var/lib/ca-certificates/pem/* produces no match in 13.2 (both tests are successful 13.1) Further debugging: strace -ff -o ucc.strace update-ca-certificates shows that the new certificate gets memory mapped several time without error. Both in the documented location /etc/pki/trust/anchors and in the undocumented location /etc/pki/trust. Could not see from strace what goes wrong that the certificate is not included. -- You are receiving this mail because: You are on the CC list for the bug.