#215 closed task (fixed)
Update ca-certificates bundle, NSS, and NSPR
| Reported by: | Lewis Rosenthal | Owned by: | Silvan Scherrer |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | *none | Version: | |
| Severity: | highest | Keywords: | |
| Cc: | dryeo |
Description
Our last ca-certificates bundle update was 2017.11. Likewise NSPR and NSS (and friends) are also well out of date.
Change History (10)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
those among others will be done later this year. when exactly we don't know yet.
comment:3 by , 5 years ago
| Component: | nss → *none |
|---|---|
| Owner: | set to |
| Priority: | major → minor |
| Severity: | highest → medium |
| Status: | new → assigned |
btw adding one ticket for 3 things is a bad idea per see. You know your own policy I guess :)
but as a small update: ca-certificate is built, but not working as we lack p11-kit.
p11-kit is right now in the porting progress. and some others are already done, as p11-kit needed more of course.
and all repo are moved to github now.
comment:4 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
ca-certificates is done and p11-kit as well. it's in exp repo and needs careful testing.
new tickets please in our github pages.
comment:5 by , 5 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Sorry, but I cannot find a ca-certificates repo at GitHub.
During update of ca-certificates, the following occurs:
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.noarch 0:2017.11-1.oc00 will be updated
---> Package ca-certificates.noarch 0:2019.2.32-1.oc00 will be an update
ca-certificates-2019.2.32-1.oc00.noarch requires: p11-kit-trust >= 0.23.10
--> Processing Dependency: p11-kit-trust >= 0.23.10 for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: p11-kit-trust
TSINFO: Marking p11-kit-trust-0.23.18.1-1.oc00.pentium4 as install for ca-certificates-2019.2.32-1.oc00.noarch
ca-certificates-2019.2.32-1.oc00.noarch requires: p11-kit-trust >= 0.23.10
--> Processing Dependency: p11-kit-trust >= 0.23.10 for package: ca-certificates-2019.2.32-1.oc00.noarch
Quick matched p11-kit-trust-0.23.18.1-1.oc00.pentium4 to require for p11-kit-trust
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
--> Running transaction check
---> Package ca-certificates.noarch 0:2019.2.32-1.oc00 will be an update
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
---> Package p11-kit-trust.pentium4 0:0.23.18.1-1.oc00 will be installed
p11-kit-trust-0.23.18.1-1.oc00.pentium4 requires: tasn16.dll
--> Processing Dependency: tasn16.dll for package: p11-kit-trust-0.23.18.1-1.oc00.pentium4
Searching pkgSack for dep: tasn16.dll
Error: Package: ca-certificates-2019.2.32-1.oc00.noarch (netlabs-exp)
Requires: sh
TSINFO: Marking libtasn1-4.14-1.oc00.pentium4 as install for p11-kit-trust-0.23.18.1-1.oc00.pentium4
--> Running transaction check
---> Package ca-certificates.noarch 0:2019.2.32-1.oc00 will be an update
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
ca-certificates-2019.2.32-1.oc00.noarch requires: sh
--> Processing Dependency: sh for package: ca-certificates-2019.2.32-1.oc00.noarch
Searching pkgSack for dep: sh
---> Package libtasn1.pentium4 0:4.14-1.oc00 will be installed
--> Finished Dependency Resolution
Dependency Process ending
Depsolve time: 0.162
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
dash-sh is installed on the system, and both sh (symlink to /@unixroot/usr/bin/dash.exe) and sh.exe exist in /@unixroot/usr/bin.
Please advise as to where this should be reported if not here.
comment:6 by , 5 years ago
| Severity: | medium → highest |
|---|
comment:7 by , 5 years ago
Known fact already :) I forgot to upload a new dash package. Will do in monday i hope
comment:8 by , 5 years ago
| Cc: | added |
|---|
comment:9 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Confirmed that the new dash package resolves the dependency for both i686 and pentium4. Thanks.
Still not sure where ca-certficates issues are supposed to be reported on github.
comment:10 by , 5 years ago
me neither atm :) we are creating some possibilities soon. while github is great, it also has some drawbacks. like not having the possibility to add tickets for private repos.
we figure out the best strategy for that atm.
Prior ca-certificates update ticket (with useful links): #105.