On 2/28/19 4:30 PM, James Pooton wrote: > >> What version of the openssl package is installed? > > Currently we’ve got the following versions getting installed: > > openssl: Installed: 1.1.1a-1 Candidate: 1.1.1a-1 Version table: *** > 1.1.1a-1 500 500 http://deb.debian.org/debian buster/main armhf > Packages 100 /var/lib/dpkg/status > > ca-certificates: Installed: 20190110 Candidate: 20190110 Version > table: *** 20190110 500 500 http://deb.debian.org/debian buster/main > armhf Packages 100 /var/lib/dpkg/status > > >> This does sound like a potential issue with `openssl rehash`. Your >> workaround looks OK for the moment, but the problem is that the >> openssl devs would like to remove the deprecated `c_rehash` >> utility. At this point in the release cycle, it's possible c_rehash >> may stick around for Buster, but no guarantees from me on that one >> - that's up to the openssl folks. > > Yep.. I actually read about that in the issue where that was > changed. Just wasn’t able to get ‘openssl rehash’ to work myself > either, so fell back to the deprecated call for now. > > >>> qemu: Unsupported syscall: 382 >> >> I can't find what syscall 382 should be, it seems to be higher than >> all the numbers I can find, the higest number is 294. > > I’m with you on that. It’s odd, but that’s the syscall number I’ve > seen on Docker for Mac, Windows, and Linux using QEMU. Linux also > kicks out some 384 but it didn’t appear related. > >> Can you give combination of ca-certificates / openssl that works / >> fails? > > I actually was looking to see if I could just apt install the > previous packages to verify things, but they don’t seem to be options > in the repo any more according to apt-cache. But I’ll see if I can’t > find the previous packages that were being install when things were > building fine. I’ll let you know.
20170717 was the previous version in testing (20180409 introduced the `openssl rehash` usage and was kept from testing for an important bug). 20170717 used the perl c_rehash utility. If you need it, here it is! http://snapshot.debian.org/package/ca-certificates/20170717/#ca-certificates_20170717 -- Kind regards, Michael