Hi,
Thijs Kinkhorst wrote:
> >> I've read about this bug (and the other one) on d-devel. I uploaded
> >> recently a new version of openssl to unstable (1.1.0h-3)which changes
> >> the exit code of "openssl rehash" to zero in case of a duplicate or if a
> >> certificate can no be open.
> >> I left this bug open in case the maintainer of this package wants to
> >> investigate why there are duplicates or non-existing certificates.
> >
> > Thanks for the update, Sebastian.
> >
> > OpenSSL commit for my own reference and for others, if interested:
> > https://github.com/openssl/openssl/commit/e6a833cb97ed762408b57ea3efa83bd10c1d2a78
>
> Given that this openssl update is now in testing, should we close or at
> least downgrade this bug so ca-certificates can migrate?
I just unhold ca-certificates 20170717 and upgraded it to 20180409 on
one of my affected machines (the i386 one) and unfortunately, the
issue (at least mine, which is #895482 with exit status 4, so only
Cc'ing that bug report) doesn't seem to fixed:
Performing actions...
Preconfiguring packages ...
(Reading database ... 936122 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20180409_all.deb ...
Unpacking ca-certificates (20180409) over (20170717) ...
[…]
Setting up ca-certificates (20180409) ...
Updating certificates in /etc/ssl/certs...
W: /usr/share/ca-certificates/mozilla/GeoTrust_Global_CA_2.crt not found, but
listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Swisscom_Root_CA_1.crt not found, but
listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Swisscom_Root_CA_2.crt not found, but
listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Swisscom_Root_EV_CA_2.crt not found, but
listed in /etc/ca-certificates.conf.
rehash: error: skipping Swisscom_Root_CA_1.pem, cannot open file
rehash: error: skipping Swisscom_Root_CA_2.pem, cannot open file
rehash: error: skipping GeoTrust_Global_CA_2.pem, cannot open file
rehash: error: skipping Swisscom_Root_EV_CA_2.pem, cannot open file
dpkg: error processing package ca-certificates (--configure):
installed ca-certificates package post-installation script subprocess returned
error exit status 4
Processing triggers for hicolor-icon-theme (0.17-2) ...
Setting up libcups2:i386 (2.2.8-3) ...
Setting up libcupsimage2:i386 (2.2.8-3) ...
Processing triggers for libc-bin (2.27-3) ...
Errors were encountered while processing:
ca-certificates
[master c040eace] committing changes in /etc after apt run
45 files changed, 1039 deletions(-)
delete mode 120000 ssl/certs/00673b5b.0
delete mode 120000 ssl/certs/034868d6.0
delete mode 120000 ssl/certs/12d55845.0
delete mode 120000 ssl/certs/1f58a078.0
delete mode 120000 ssl/certs/27af790d.0
delete mode 120000 ssl/certs/399e7759.0
delete mode 120000 ssl/certs/3c860d51.0
delete mode 120000 ssl/certs/3efd4dc0.0
delete mode 120000 ssl/certs/450c6e38.0
delete mode 120000 ssl/certs/4be590e0.0
delete mode 120000 ssl/certs/5046c355.0
delete mode 120000 ssl/certs/524d9b43.0
delete mode 120000 ssl/certs/52b525c7.0
delete mode 120000 ssl/certs/57692373.0
delete mode 120000 ssl/certs/5cf9d536.0
delete mode 120000 ssl/certs/5d66db40.0
delete mode 120000 ssl/certs/5e4e69e7.0
delete mode 120000 ssl/certs/5ed36f99.0
delete mode 120000 ssl/certs/6187b673.0
delete mode 120000 ssl/certs/667c66d4.0
delete mode 120000 ssl/certs/67495436.0
delete mode 120000 ssl/certs/69105f4f.0
delete mode 120000 ssl/certs/7999be0d.0
delete mode 120000 ssl/certs/7a819ef2.0
delete mode 120000 ssl/certs/7d453d8f.0
delete mode 120000 ssl/certs/8028ce6e.0
delete mode 120000 ssl/certs/81b9768f.0
delete mode 120000 ssl/certs/87753b0d.0
delete mode 120000 ssl/certs/9339512a.0
delete mode 120000 ssl/certs/9772ca32.0
delete mode 120000 ssl/certs/9ab62355.0
delete mode 120000 ssl/certs/9f129ada.0
delete mode 120000 ssl/certs/a7d2cf64.0
delete mode 120000 ssl/certs/c7e2a638.0
delete mode 100644 ssl/certs/ca-certificates.crt
delete mode 120000 ssl/certs/cbeee9e2.0
delete mode 120000 ssl/certs/d18e9066.0
delete mode 120000 ssl/certs/d4c339cb.0
delete mode 120000 ssl/certs/e442e424.0
delete mode 120000 ssl/certs/e5662767.0
delete mode 120000 ssl/certs/e60bf0c0.0
delete mode 120000 ssl/certs/e775ed2d.0
delete mode 120000 ssl/certs/e9f92b43.0
delete mode 120000 ssl/certs/facacbc6.0
[…]
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up ca-certificates (20180409) ...
Updating certificates in /etc/ssl/certs...
W: /usr/share/ca-certificates/mozilla/GeoTrust_Global_CA_2.crt not found, but
listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Swisscom_Root_CA_1.crt not found, but
listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Swisscom_Root_CA_2.crt not found, but
listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Swisscom_Root_EV_CA_2.crt not found, but
listed in /etc/ca-certificates.conf.
rehash: error: skipping Swisscom_Root_CA_1.pem, cannot open file
rehash: error: skipping Swisscom_Root_CA_2.pem, cannot open file
rehash: error: skipping GeoTrust_Global_CA_2.pem, cannot open file
rehash: error: skipping Swisscom_Root_EV_CA_2.pem, cannot open file
dpkg: error processing package ca-certificates (--configure):
installed ca-certificates package post-installation script subprocess returned
error exit status 4
Errors were encountered while processing:
ca-certificates
Press Return to continue, 'q' followed by Return to quit.
So I will downgrade to 20170717 again.
If you have any suggestion what kind of data I can gather to help to
debug this issue, feel free to tell me.
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
