GNU bug report logs - #49957
[PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Andrew Whatson <whatson <at> gmail.com>
Subject: bug#49957: closed (Re: bug#49957: [PATCH] gnu: p11-kit: Fix
 certificate errors from flatpak apps)
Date: Mon, 25 Oct 2021 19:14:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#49957: [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 49957 <at> debbugs.gnu.org.

-- 
49957: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=49957
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Andrew Whatson <whatson <at> gmail.com>
Cc: John Kehayias <john.kehayias <at> protonmail.com>, 49957-done <at> debbugs.gnu.org
Subject: Re: bug#49957: [PATCH] gnu: p11-kit: Fix certificate errors from
 flatpak apps
Date: Mon, 25 Oct 2021 21:13:42 +0200

Hi,

Andrew Whatson <whatson <at> gmail.com> skribis:

> Flatpak has a soft dependency on p11-kit, which was configured without
> knowledge of the system-wide CA certificate store.  This caused some
> flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.
>
> * gnu/packages/tls.scm (p11-kit): Configure with
> /etc/ssl/certs/ca-certificates.crt as a trusted path.

I pushed a similar fix on ‘master’ based on John’s patch as
b4d29851e412c6f4fea5b2d98160258b9768dee3.

We might as well update the default p11-kit though?  (Somehow I was
assuming it had many dependents, but it only has 80+.)

Thanks,
Ludo’.

[Message part 3 (message/rfc822, inline)]

From: Andrew Whatson <whatson <at> gmail.com>
To: guix-patches <at> gnu.org
Cc: Andrew Whatson <whatson <at> gmail.com>
Subject: [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
Date: Tue, 10 Aug 2021 00:14:31 +1000

Flatpak has a soft dependency on p11-kit, which was configured without
knowledge of the system-wide CA certificate store.  This caused some
flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.

* gnu/packages/tls.scm (p11-kit): Configure with
/etc/ssl/certs/ca-certificates.crt as a trusted path.
---
 gnu/packages/tls.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d98a724b5f..4af95e2798 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -143,7 +143,7 @@ in intelligent transportation networks.")
      `(("libffi" ,libffi)
        ("libtasn1" ,libtasn1)))
     (arguments
-     `(#:configure-flags '("--without-trust-paths")
+     `(#:configure-flags '("--with-trust-paths=/etc/ssl/certs/ca-certificates.crt")
        #:phases (modify-phases %standard-phases
                   (add-before 'check 'prepare-tests
                     (lambda _
-- 
2.32.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.