public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
* [ANNOUNCEMENT] Re-Release: ca-certificates-2022.2.54-3
@ 2022-09-06 17:42 Achim Gratz
  2022-09-07 19:58 ` Andrey Repin
  2022-09-13 14:02 ` ca-bundle.crt is empty Andrey Repin
  0 siblings, 2 replies; 4+ messages in thread
From: Achim Gratz @ 2022-09-06 17:42 UTC (permalink / raw)
  To: cygwin


The following packages have been uploaded to the Cygwin distribution:

 ca-certificates-2022.2.54-3
 ca-certificates-letsencrypt-2022.2.54-3

This re-release fixes an upstream and a packaging bug that arises
because p11kit makes certain directories unwritable after population.
This becomes noticeable only when the user invoking those scripts is not
an administrator (or more specifically on Windows doesn't have
SeBackupPrivilege and SeRestorePrivilege).  Please note that the fix
temporarily needs to make the directory writable, which will again fail
if the user attempting to do that has insufficient rights for this
operation.


Mozilla's CA root certificates for use with OpenSSL, NSS, GnuTLS, and
other software that handles certificate verification.

This is an update to the latest upstream release.

This update contains the ca-certificates-letsencrypt package, whose
installation will make the ISRG R3 intermediate CA a trust anchor and
removes trust for the already expired DST X3 root CA (this should
strictly not be necessary, but works around bugs present in some
libraries in how alternate chains are constructed and verified).  This
will allow to successfully verify certificates using the Letsencrypt
legacy cert chain in certain applications.  Install this package when
you currently have trouble accessing sites (due to validation
complaining about an expired certificate) that had no problems until
about September 30 or October 1 2021 depending on your timezone.

The release numbering scheme has been aligned with Fedora.
-- 
              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sourceware.org/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ANNOUNCEMENT] Re-Release: ca-certificates-2022.2.54-3
  2022-09-06 17:42 [ANNOUNCEMENT] Re-Release: ca-certificates-2022.2.54-3 Achim Gratz
@ 2022-09-07 19:58 ` Andrey Repin
  2022-09-08  5:48   ` ASSI
  2022-09-13 14:02 ` ca-bundle.crt is empty Andrey Repin
  1 sibling, 1 reply; 4+ messages in thread
From: Andrey Repin @ 2022-09-07 19:58 UTC (permalink / raw)
  To: Achim Gratz, cygwin

Greetings, Achim Gratz!

> The following packages have been uploaded to the Cygwin distribution:

>  ca-certificates-2022.2.54-3
>  ca-certificates-letsencrypt-2022.2.54-3

The `/etc/pki/ca-trust/extracted/pem/directory-hash` directory does not exist
and is not created during package installation.

Re-running postinstall script still fails, but this time due to pre-existing
links.

# ./ca-certificates.sh
chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory
/usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': Bad address
/usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt': Bad address
chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory

#  ls -ld /etc/pki/ca-trust/extracted/pem/directory-hash
ls: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory

# mkdir /etc/pki/ca-trust/extracted/pem/directory-hash
# ./ca-certificates.sh
# ./ca-certificates.sh
/usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': File exists
/usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt': File exists


-- 
With best regards,
Andrey Repin
Wednesday, September 7, 2022 22:56:27

Sorry for my terrible english...


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ANNOUNCEMENT] Re-Release: ca-certificates-2022.2.54-3
  2022-09-07 19:58 ` Andrey Repin
@ 2022-09-08  5:48   ` ASSI
  0 siblings, 0 replies; 4+ messages in thread
From: ASSI @ 2022-09-08  5:48 UTC (permalink / raw)
  To: cygwin

Andrey Repin writes:
> Re-running postinstall script still fails, but this time due to pre-existing
> links.
>
> # ./ca-certificates.sh
> chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory
> /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': Bad address
> /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt': Bad address
> chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory
[…]

These messages seem to come from update-ca-trust, which means your
p11-kit isn't working the way it should.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

^ permalink raw reply	[flat|nested] 4+ messages in thread

* ca-bundle.crt is empty
  2022-09-06 17:42 [ANNOUNCEMENT] Re-Release: ca-certificates-2022.2.54-3 Achim Gratz
  2022-09-07 19:58 ` Andrey Repin
@ 2022-09-13 14:02 ` Andrey Repin
  1 sibling, 0 replies; 4+ messages in thread
From: Andrey Repin @ 2022-09-13 14:02 UTC (permalink / raw)
  To: Achim Gratz, cygwin

Greetings, Achim Gratz!

I've had a strange behavior on my work laptop.
After recent spin of troubles with ca-certificates package I've had an issue
where update-ca-trust was not generating any certificates in /etc/ssl/certs.

Turned out, I've had to reinstall p11-kit/p11-trust to get the system in
working order.

> The following packages have been uploaded to the Cygwin distribution:

>  ca-certificates-2022.2.54-3
>  ca-certificates-letsencrypt-2022.2.54-3


-- 
With best regards,
Andrey Repin
Tuesday, September 13, 2022 15:47:17

Sorry for my terrible english...


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-09-13 14:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-06 17:42 [ANNOUNCEMENT] Re-Release: ca-certificates-2022.2.54-3 Achim Gratz
2022-09-07 19:58 ` Andrey Repin
2022-09-08  5:48   ` ASSI
2022-09-13 14:02 ` ca-bundle.crt is empty Andrey Repin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).