Date: Sat, 14 Oct 2023 16:26:16 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@freebsd.org> Cc: Current <current@freebsd.org> Subject: Re: issue: poudriere jail update fails after recent changes around certctl Message-ID: <24e275f3b561c096577c00c001f3ec57@Leidinger.net> In-Reply-To: <86cyxi34wc.fsf@ltc.des.no> References: <7b44912e0d3ff033ab27923aeeae5caf@Leidinger.net> <86cyxi34wc.fsf@ltc.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_fba7f2d4d66d605fa58229dcbf4c6b9b Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8; format=flowed Am 2023-10-13 17:42, schrieb Dag-Erling Smørgrav: > Alexander Leidinger <Alexander@Leidinger.net> writes: >> some change around certctl (world from 2023-10-09) has broken the >> poudriere jail update command. The complete install finishes, certctl >> is run, and then there is an exit code 1. This is because I have some >> certs listed as untrusted, and this seems to give a retval of 1 inside >> certctl. > > This only happens if a certificate is listed as both trusted and > untrusted, and I'm pretty sure the previous version would return 1 in > that case as well. Can you check? I compared /usr/share/certs/untrusted/ with /usr/share/certs/trusted/ and some of them match with certs in /usr/share/certs/trusted/. Nothing in /usr/local/etc/ssl/untrusted/, one cert (as hash) in /usr/local/etc/ssl/blacklisted/ which is also in /usr/share/certs/untrusted/. If FreeBSD provides some certs as trusted (as part of e.g. installworld), and I have some of them listed in untrusted, I would not expect an error case, but a failsafe action of not trusting them and not complaining... am I doing something wrong? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_fba7f2d4d66d605fa58229dcbf4c6b9b Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmUqpRYACgkQEg2wmwP4 2IZtARAAhvTkZjIlFc1WlDkSkmP8T5SVR3uSNESRK5nGfY0LC2jtSvK06J3+DxLK UGG8UCu8beF75XiO2dlbwc5CYbNgrIYBsrNpf9H9f6E9E59hyDHgin+kZpgZQV4a 50YwN+JN+I5pfXjEL5SMvgnbggkuLEaGWTzMyFcryLpua0bop2UydMdzqCysRuNY 4pi4R3XhMaPVnWrEWvCAMEzOsUcwyOkpVaw2lPB3tjWOdxA8hAB8j1ndEV9+0n6g 5daBAZLQDkPYv/53QiQ/C4BihRPYtqspXZxmi8RyO6DTQfmrh8zEtFZP1A0XxRdC owSq9LhjGKYG0jVJmVn59R5PN0Dff3xQOVjLTOrwlexKyO8j5cGWLtetsz5uNK8K RBLnAF5KkUOz1L0nWGcz+cJVXcV7XZSrh2r9Ok5GYQXQkbXnvcglxYXaFdowWKiN frm53QJ5/WKUUZ0B6Y1hOgHi8eMraPl+Nenp5aI54vFor90Zi9WUNO8NgQbFXlRb NRl5Jd312bslRYDkz8xk/6xlPrkRfmIzPJVBheiXRwOVxjpIBRWIuOqdfknxUun3 2TDxFX7qOLjCVQCruKvESJbj/eABMj9RHDpu2M5Kf09o7RTx0DwTFR0BYfbLh4rc MeFQUOHBENq9H01uRS4ppk/KZWKukeSMcCnUkwRzr9wzImpGq40= =jgKY -----END PGP SIGNATURE----- --=_fba7f2d4d66d605fa58229dcbf4c6b9b--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24e275f3b561c096577c00c001f3ec57>