Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#215 closed task (fixed)

Update ca-certificates bundle, NSS, and NSPR

Reported by: Lewis Rosenthal Owned by: Silvan Scherrer
Priority: minor Milestone:
Component: *none Version:
Severity: highest Keywords:
Cc: dryeo

Description

Our last ca-certificates bundle update was 2017.11. Likewise NSPR and NSS (and friends) are also well out of date.

Change History (10)

comment:1 by Lewis Rosenthal, 5 years ago

Prior ca-certificates update ticket (with useful links): #105.

comment:2 by Silvan Scherrer, 5 years ago

those among others will be done later this year. when exactly we don't know yet.

comment:3 by Silvan Scherrer, 5 years ago

Component: nss*none
Owner: set to Silvan Scherrer
Priority: majorminor
Severity: highestmedium
Status: newassigned

btw adding one ticket for 3 things is a bad idea per see. You know your own policy I guess :)

but as a small update: ca-certificate is built, but not working as we lack p11-kit.
p11-kit is right now in the porting progress. and some others are already done, as p11-kit needed more of course.
and all repo are moved to github now.

comment:4 by Silvan Scherrer, 5 years ago

Resolution: fixed
Status: assignedclosed

ca-certificates is done and p11-kit as well. it's in exp repo and needs careful testing.
new tickets please in our github pages.

comment:5 by Lewis Rosenthal, 5 years ago

Resolution: fixed
Status: closedreopened

Sorry, but I cannot find a ca-certificates repo at GitHub.

During update of ca-certificates, the following occurs:

Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.noarch 0:2017.11-1.oc00 will be updated
---> Package ca-certificates.noarch 0:2019.2.32-1.oc00 will be an update
ca-certificates-2019.2.32-1.oc00.noarch requires: p11-kit-trust >= 0.23.10
--> Processing Dependency: p11-kit-trust >= 0.23.10 for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: p11-kit-trust
TSINFO: Marking p11-kit-trust-0.23.18.1-1.oc00.pentium4 as install for ca-certificates-2019.2.32-1.oc00.noarch
ca-certificates-2019.2.32-1.oc00.noarch requires: p11-kit-trust >= 0.23.10
--> Processing Dependency: p11-kit-trust >= 0.23.10 for package: ca-certificates-2019.2.32-1.oc00.noarch
Quick matched p11-kit-trust-0.23.18.1-1.oc00.pentium4 to require for p11-kit-trust
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
--> Running transaction check
---> Package ca-certificates.noarch 0:2019.2.32-1.oc00 will be an update
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
---> Package p11-kit-trust.pentium4 0:0.23.18.1-1.oc00 will be installed
p11-kit-trust-0.23.18.1-1.oc00.pentium4 requires: tasn16.dll
--> Processing Dependency: tasn16.dll for package: p11-kit-trust-0.23.18.1-1.oc00.pentium4
Searching pkgSack for dep: tasn16.dll
Error: Package: ca-certificates-2019.2.32-1.oc00.noarch (netlabs-exp)
           Requires: sh
TSINFO: Marking libtasn1-4.14-1.oc00.pentium4 as install for p11-kit-trust-0.23.18.1-1.oc00.pentium4
--> Running transaction check
---> Package ca-certificates.noarch 0:2019.2.32-1.oc00 will be an update
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
---> Package libtasn1.pentium4 0:4.14-1.oc00 will be installed
--> Finished Dependency Resolution
Dependency Process ending
Depsolve time: 0.162
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

dash-sh is installed on the system, and both sh (symlink to /@unixroot/usr/bin/dash.exe) and sh.exe exist in /@unixroot/usr/bin.

Please advise as to where this should be reported if not here.

Last edited 5 years ago by Lewis Rosenthal (previous) (diff)

comment:6 by Lewis Rosenthal, 5 years ago

Severity: mediumhighest

comment:7 by Silvan Scherrer, 5 years ago

Known fact already :) I forgot to upload a new dash package. Will do in monday i hope

Last edited 5 years ago by Silvan Scherrer (previous) (diff)

comment:8 by dryeo, 5 years ago

Cc: dryeo added

comment:9 by Lewis Rosenthal, 5 years ago

Resolution: fixed
Status: reopenedclosed

Confirmed that the new dash package resolves the dependency for both i686 and pentium4. Thanks.

Still not sure where ca-certficates issues are supposed to be reported on github.

comment:10 by Silvan Scherrer, 5 years ago

me neither atm :) we are creating some possibilities soon. while github is great, it also has some drawbacks. like not having the possibility to add tickets for private repos.

we figure out the best strategy for that atm.

Note: See TracTickets for help on using tickets.