Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#42078 - [ca-certificates] 20140923-2 broke many things

Attached to Project: Arch Linux
Opened by Skottish (skottish) - Tuesday, 23 September 2014, 02:57 GMT
Last edited by Jan Alexander Steffens (heftig) - Tuesday, 23 September 2014, 06:31 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Pierre Schmitz (Pierre)
Jan Alexander Steffens (heftig)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No



The change over of the certificate stores has broken lots of things. For instance, cower can no longer pull from the AUR, offlineimap can't connect to gmail, dwb can't find any certificates, https over git no longer works, etc.

This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Tuesday, 23 September 2014, 06:31 GMT
Reason for closing:  Fixed
Additional comments about closing:  Reverted.
Comment by Matthias Lisin (matthias.lisin) - Tuesday, 23 September 2014, 03:23 GMT
Probably because packages like 'curl' are build with a static path to the ca-bundle.
For example ./configure for the package 'curl' has this option: --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt

For a temporary solution until all affected packages get updated you can create a symlink to the new 'ca-bundle.crt' file.

cd /etc/ssl/certs
ln -s ca-bundle.crt ca-certificates.crt
Comment by Jan Alexander Steffens (heftig) - Tuesday, 23 September 2014, 06:31 GMT
This got rushed, poorly, and the updates were removed. I'm very sorry.
Please downgrade again:

pacman -S core/ca-certificates{,-cacert,-utils} extra/{nss,ca-certificates-{mozilla,java},p11-kit}

And if you have multilib:

pacman -S multilib/lib32-p11-kit