| === chris14_ is now known as chris14 | ||
| === chris14_ is now known as chris14 | ||
| smoser | sdeziel_: thanks for seeing that. | 12:06 |
|---|---|---|
| sdeziel_ | np | 12:48 |
| === sdeziel_ is now known as sdeziel | ||
| smoser | so yeah, the bug is that if 'add' is never called, then /etc/ssl/certs/ca-certificates.crt is not updated. | 12:50 |
| sdeziel | smoser: if you don't report it, please let me know and I will, thanks | 12:54 |
| smoser | sdeziel: i submitted using reportbug, but i don't have 100% confidence that my sendmail and such are workign correctly. | 13:22 |
| smoser | https://pastebin.ubuntu.com/p/2C2ChVfTfz/ is what i submitted. | 13:22 |
| sdeziel | smoser: can't find it on Debian nor Ubuntu :/ | 13:38 |
| sdeziel | smoser: I think this is a regression introduced by https://salsa.debian.org/debian/ca-certificates/-/commit/8f8f4a525bd6a6c8a8d13530cda194d60275313d | 13:58 |
| -ubottu:#ubuntu-security- Commit 8f8f4a5 in debian/ca-certificates "Don't remove ca-certificates.crt before updating it" | 13:58 | |
| smoser | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051345 | 14:59 |
| -ubottu:#ubuntu-security- Debian bug 1051345 in ca-certificates "ca-certificates: update-ca-certificates does not recreate ca-certificates.crt if all certificates are deselected" [Normal, Open] | 14:59 | |
| smoser | sdeziel: ^ it did get there. | 14:59 |
| sdeziel | smoser: many thanks! | 14:59 |
| smoser | i dont know what the proper ehavior is, but without the chnge yo pointed to above, the file would be not-present. | 15:00 |
| smoser | maybe the right thing is to be present and zero length ? i dont know. | 15:01 |
| smoser | but you're right that that change made it worse. | 15:02 |
| === JanC is now known as Guest2721 | ||
| === JanC_ is now known as JanC | ||
| sarnold | smoser: btw the 'equivs' package can help you fake up packages to placate apt, when you've got good reasons for doing something that far out of the ordinary | 19:03 |
| sarnold | smoser: if by chance you still need all the ca-certificates machinery, and can't just wholesale stub out the package, dpkg exclude paths can be a lifesaver... | 19:04 |
| sarnold | smoser: I did something like this that I'm 70% sure does the right thing (I only set this up a few weeks ago) $ cat /etc/dpkg/dpkg.cfg.d/excludes | 19:05 |
| sarnold | path-exclude=/usr/share/fonts/opentype/urw-base35/NimbusMonoPS* | 19:05 |
| smoser | i had never heard of that. | 19:05 |
| smoser | and then it just chooses to not install those things. | 19:06 |
| sarnold | I learned about it from people trying to find documentation in ubuntu or debian docker images :) heh | 19:06 |
| sarnold | ooh, nice bug report. I'm surprised you're the first to find this, though :( | 19:07 |
| smoser | you think its common that people just ignore all the certificates that ca-certificates gives them ? | 19:08 |
| teward | common, no. some people, yes. | 19:09 |
| sarnold | heh, yeah, exactly that; though I guess a lot of the folks who might do that wouldn't be allowed to open bug reports about it | 19:27 |
| smoser | so you're saying its a good thing I didn't ask if i could open a bug report ;) | 19:34 |
| sarnold | exactly! $employer would certainly say "no you can't possibly do that, just fix it internally and never ever share the fix with anyone anywhere ever" | 19:39 |
| sarnold | "you know, open source" | 19:39 |
| === ted is now known as Guest5555 | ||
| === Guest5555 is now known as ted | ||
| teward | > exactly! $employer would certainly say "no you can't possibly do that, just fix it internally and never ever share the fix with anyone anywhere ever" | 21:38 |
| teward | guess i'm glad my employer is OK with me contributing back to open source XD | 21:38 |
| sarnold | *nod* | 21:39 |
| === ted is now known as Guest996 | ||
| === Guest996 is now known as ted | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!