Date: Thu, 7 Dec 2023 11:35:52 +0100 (CET) From: Ronald Klop <ronald-lists@klop.ws> To: freebsd-stable@freebsd.org Subject: freebsd-update complains about changed files: /etc/ssl/certs/0179095f.0 Message-ID: <464886240.91844.1701945352782@localhost> References: <65710262.29a57.67c10f38@rpi4>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_91843_619229736.1701945352671 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, I have the problem from the forwarded mail below at several installs when I use freebsd-update. The interesting part is that /etc/ssl/certs/ contains files. Plain certctl rehash does not solve it. But "rm /etc/ssl/certs/*; certctl rehash" ends up with all files in /etc/ssl/certs becoming symlinks and the problem is gone. /etc/ssl/certs/002c0b4f.0 -> ../../../usr/share/certs/trusted/GlobalSign_Root_R46.pem Maybe I installed my jails in a wrong way so I got files instead of symlinks in /etc/ssl/certs. Anyway. What is supposed to be in /etc/ssl/certs? Files or symlinks? If somebody has a thought about this I'm interested. Otherwise it is just a data point in the mailinglist for somebody else with this problem to find a solution. NB: I also found older mention of this on the FreeBSD forums. https://forums.freebsd.org/threads/getting-the-latest-files-that-were-not-downloaded-during-upgrade.78973/ Regards, Ronald. Van: zzzzz@xxxxx.yy Datum: donderdag, 7 december 2023 00:23 Aan: root Onderwerp: rpi4 security updates > > Looking up update.FreeBSD.org mirrors... 3 mirrors found. > Fetching metadata signature for 13.2-RELEASE from update2.freebsd.org... done. > Fetching metadata index... done. > Inspecting system... done. > Preparing to download files... done. > The following files are affected by updates. No changes have > been downloaded, however, because the files have been modified > locally: > /etc/ssl/certs/0179095f.0 > /etc/ssl/certs/08063a00.0 > /etc/ssl/certs/0b9bc432.0 > /etc/ssl/certs/3e359ba6.0 > /etc/ssl/certs/5860aaa6.0 > /etc/ssl/certs/5931b5bc.0 > /etc/ssl/certs/5a7722fb.0 > /etc/ssl/certs/66445960.0 > /etc/ssl/certs/7a3adc42.0 > /etc/ssl/certs/7a780d93.0 > /etc/ssl/certs/8508e720.0 > /etc/ssl/certs/8f103249.0 > /etc/ssl/certs/90c5a3c8.0 > /etc/ssl/certs/9846683b.0 > /etc/ssl/certs/9ef4a08a.0 > /etc/ssl/certs/9f727ac7.0 > /etc/ssl/certs/d52c538d.0 > /etc/ssl/certs/ecccd8db.0 > /etc/ssl/certs/ed858448.0 > /etc/ssl/certs/fd64f3fc.0 > The following files will be updated as part of updating to > 13.2-RELEASE-p7: > /usr/share/certs/trusted/BJCA_Global_Root_CA1.pem > /usr/share/certs/trusted/BJCA_Global_Root_CA2.pem > /usr/share/certs/trusted/Certainly_Root_E1.pem > /usr/share/certs/trusted/Certainly_Root_R1.pem > /usr/share/certs/trusted/D-TRUST_BR_Root_CA_1_2020.pem > /usr/share/certs/trusted/D-TRUST_EV_Root_CA_1_2020.pem > /usr/share/certs/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem > /usr/share/certs/trusted/DigiCert_TLS_RSA4096_Root_G5.pem > /usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem > /usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem > /usr/share/certs/trusted/HARICA_TLS_ECC_Root_CA_2021.pem > /usr/share/certs/trusted/HARICA_TLS_RSA_Root_CA_2021.pem > /usr/share/certs/trusted/HiPKI_Root_CA_-_G1.pem > /usr/share/certs/trusted/ISRG_Root_X2.pem > /usr/share/certs/trusted/Security_Communication_ECC_RootCA1.pem > /usr/share/certs/trusted/Security_Communication_RootCA3.pem > /usr/share/certs/trusted/Telia_Root_CA_v2.pem > /usr/share/certs/trusted/TunTrust_Root_CA.pem > /usr/share/certs/trusted/vTrus_ECC_Root_CA.pem > /usr/share/certs/trusted/vTrus_Root_CA.pem > > > ------=_Part_91843_619229736.1701945352671 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <html><head></head><body>Hi,<br> <br> I have the problem from the forwarded mail below at several installs when I use freebsd-update.<br> The interesting part is that /etc/ssl/certs/ contains files.<br> <br> Plain certctl rehash does not solve it.<br> But "rm /etc/ssl/certs/*; certctl rehash" ends up with all files in /etc/ssl/certs becoming symlinks and the problem is gone.<br> /etc/ssl/certs/002c0b4f.0 -> ../../../usr/share/certs/trusted/GlobalSign_Root_R46.pem<br> <br> Maybe I installed my jails in a wrong way so I got files instead of symlinks in /etc/ssl/certs.<br> <br> Anyway.<br> What is supposed to be in /etc/ssl/certs? Files or symlinks?<br> <br> If somebody has a thought about this I'm interested.<br> Otherwise it is just a data point in the mailinglist for somebody else with this problem to find a solution.<br> <br> NB: I also found older mention of this on the FreeBSD forums.<br> https://forums.freebsd.org/threads/getting-the-latest-files-that-were-not-downloaded-during-upgrade.78973/<br>; <br> Regards,<br> Ronald.<br> <br> <p><strong>Van:</strong> zzzzz@xxxxx.yy<br> <strong>Datum:</strong> donderdag, 7 december 2023 00:23<br> <strong>Aan:</strong> root<br> <strong>Onderwerp:</strong> rpi4 security updates</p> <blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px"> <div class="MessageRFC822Viewer" id="P"> <div class="TextPlainViewer" id="P.P">Looking up update.FreeBSD.org mirrors... 3 mirrors found.<br> Fetching metadata signature for 13.2-RELEASE from update2.freebsd.org... done.<br> Fetching metadata index... done.<br> Inspecting system... done.<br> Preparing to download files... done.<br> The following files are affected by updates. No changes have<br> been downloaded, however, because the files have been modified<br> locally:<br> /etc/ssl/certs/0179095f.0<br> /etc/ssl/certs/08063a00.0<br> /etc/ssl/certs/0b9bc432.0<br> /etc/ssl/certs/3e359ba6.0<br> /etc/ssl/certs/5860aaa6.0<br> /etc/ssl/certs/5931b5bc.0<br> /etc/ssl/certs/5a7722fb.0<br> /etc/ssl/certs/66445960.0<br> /etc/ssl/certs/7a3adc42.0<br> /etc/ssl/certs/7a780d93.0<br> /etc/ssl/certs/8508e720.0<br> /etc/ssl/certs/8f103249.0<br> /etc/ssl/certs/90c5a3c8.0<br> /etc/ssl/certs/9846683b.0<br> /etc/ssl/certs/9ef4a08a.0<br> /etc/ssl/certs/9f727ac7.0<br> /etc/ssl/certs/d52c538d.0<br> /etc/ssl/certs/ecccd8db.0<br> /etc/ssl/certs/ed858448.0<br> /etc/ssl/certs/fd64f3fc.0<br> The following files will be updated as part of updating to<br> 13.2-RELEASE-p7:<br> /usr/share/certs/trusted/BJCA_Global_Root_CA1.pem<br> /usr/share/certs/trusted/BJCA_Global_Root_CA2.pem<br> /usr/share/certs/trusted/Certainly_Root_E1.pem<br> /usr/share/certs/trusted/Certainly_Root_R1.pem<br> /usr/share/certs/trusted/D-TRUST_BR_Root_CA_1_2020.pem<br> /usr/share/certs/trusted/D-TRUST_EV_Root_CA_1_2020.pem<br> /usr/share/certs/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem<br> /usr/share/certs/trusted/DigiCert_TLS_RSA4096_Root_G5.pem<br> /usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem<br> /usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem<br> /usr/share/certs/trusted/HARICA_TLS_ECC_Root_CA_2021.pem<br> /usr/share/certs/trusted/HARICA_TLS_RSA_Root_CA_2021.pem<br> /usr/share/certs/trusted/HiPKI_Root_CA_-_G1.pem<br> /usr/share/certs/trusted/ISRG_Root_X2.pem<br> /usr/share/certs/trusted/Security_Communication_ECC_RootCA1.pem<br> /usr/share/certs/trusted/Security_Communication_RootCA3.pem<br> /usr/share/certs/trusted/Telia_Root_CA_v2.pem<br> /usr/share/certs/trusted/TunTrust_Root_CA.pem<br> /usr/share/certs/trusted/vTrus_ECC_Root_CA.pem<br> /usr/share/certs/trusted/vTrus_Root_CA.pem</div> <hr></div> </blockquote> <br> </body></html> ------=_Part_91843_619229736.1701945352671--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?464886240.91844.1701945352782>