FS#53217 - [ca-certificates-utils] error: failed to commit transaction (conflicting files)

Attached to Project: Arch Linux
Opened by ignoreme (ignoreme) - Wednesday, 08 March 2017, 15:37 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 16 March 2017, 07:02 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 8
Private No

Details

Description:

I am receiving this error when attempting to upgrade:

error: failed to commit transaction (conflicting files)
ca-certificates-utils: /etc/ssl/certs/ca-certificates.crt exists in filesystem
Errors occurred, no packages were upgraded.

Additional info:
[username@hostname ~]$ sudo pacman -Syu
:: Synchronizing package databases...
testing is up to date
core is up to date
extra is up to date
community-testing is up to date
community is up to date
multilib-testing is up to date
multilib is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (5) ca-certificates-20170307-1 ca-certificates-mozilla-3.29.3-2
ca-certificates-utils-20170307-1 nss-3.29.3-2 p11-kit-0.23.5-1

Total Download Size: 2.39 MiB
Total Installed Size: 11.05 MiB
Net Upgrade Size: 2.16 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
p11-kit-0.23.5-1-x86_64 444.6 KiB 3.42M/s 00:00 [######################] 100%
ca-certificates-uti... 7.5 KiB 0.00B/s 00:00 [######################] 100%
ca-certificates-moz... 406.9 KiB 28.4M/s 00:00 [######################] 100%
ca-certificates-201... 1904.0 B 0.00B/s 00:00 [######################] 100%
nss-3.29.3-2-x86_64 1585.4 KiB 23.5M/s 00:00 [######################] 100%
(5/5) checking keys in keyring [######################] 100%
(5/5) checking package integrity [######################] 100%
(5/5) loading package files [######################] 100%
(5/5) checking for file conflicts [######################] 100%
error: failed to commit transaction (conflicting files)
ca-certificates-utils: /etc/ssl/certs/ca-certificates.crt exists in filesystem
Errors occurred, no packages were upgraded.

Steps to reproduce:

sudo pacman -Syu

Saw something in 2014 in the arch news about certificates but I am already have the latest core packages which are from 2016 and to the best of my knowledge have never manually added any cert's to my box.

==> Package upgrade only (new release):
testing/ca-certificates-mozilla 3.29.3-1 1 -> 2
testing/nss 3.29.3-1 1 -> 2

==> Software upgrade (new version) :
testing/ca-certificates 20160507-1 -> 20170307-1
testing/ca-certificates-utils 20160507-1 -> 20170307-1
testing/p11-kit 0.23.2-1 -> 0.23.5-1
This task depends upon

Closed by  Doug Newgard (Scimmia)
Thursday, 16 March 2017, 07:02 GMT
Reason for closing:  Deferred
Additional comments about closing:  See news item
Comment by Lars Norberg (goldpaw) - Wednesday, 08 March 2017, 19:37 GMT
So not a solution to the problem, but I was able to get everything working the following way:

- added the --force argument to pacman.
- did a pacman -Syu which still failed
- did a pacman -S -- force for all the ca-certificate* packages, which manually forced them to be upgraded
- did a pacman -Syu which still failed, as before, but now because it couldn't recognize the SSL certificates needed
- went into my /var/cache/pacman/pkg folder and forcefully reinstalled the previous versions of all the ca-certificate* packages with pacman -U --force
- did a pacman -Syy just to check, and I got no errors this time.
- did another pacman -Syu --force to get it back up to the most recent versions, which worked

So it seems to be working now for me, at least. It recognizes SSL certificates, and I can upgrade without errors. I hope this temporary workaround will help anybody else that happens to stumble upon this page while the problem persists. :)


EDIT: Forgot a few steps, added them
EDIT2: Might have messed up the order somehow, the point was that what I did was to force upgrade the ca-certificate packages, force downgrade them, then force upgrade them again, which seemed to reset the SSL certificate cache or something, which again made everything work as intended.
Comment by Dmitrii (HansAnderson) - Wednesday, 08 March 2017, 19:43 GMT
I have the same issue, problem only with "ca-certificates-utils"

Package (1) Old Version New Version Net Change

testing/ca-certificates-utils 20160507-1 20170307-1





Comment by A. Bosch (progandy) - Wednesday, 08 March 2017, 20:56 GMT
I had the same problem, but forcing it worked with two steps:

- pacman -Syu --ignore ca-certificates-utils
- pacman -S --force ca-certificates-utils

It also worked when I manually deleted the certificate file:

- pacman -Syu --ignore ca-certificates-utils
- rm /etc/ssl/certs/ca-certificates.crt
- pacman -S ca-certificates-utils
Comment by Gustavo Alvarez (sl1pkn07) - Wednesday, 08 March 2017, 21:49 GMT
and run 'update-ca-trust' is some cases
Comment by Nick (whompy) - Thursday, 09 March 2017, 01:46 GMT
I avoid force updating if possible as I like to simulate a clean user experience in testing to mimic what an eventual user in the standard repos would see unless told explicity otherwise by the mailing list or other such notification. How is this going to be fixed before going to core? Also, why is this bug low priority? Breaking normal pacman usage seems like a bigger deal to me.
Comment by ignoreme (ignoreme) - Thursday, 09 March 2017, 03:17 GMT
I assume once it get's assigned whoever gets it will adjust the priority/severity of it. It's nice to see others in the community provide workarounds :) but I am going to wait as well and just put the packages in the ignore section in pacman and see what happens.
Comment by Doug Newgard (Scimmia) - Thursday, 09 March 2017, 03:32 GMT
It's definitely low severity, this is a relatively common error with a relatively common solution. It's even covered in the wiki. Simple solution? Remove the file and finish the upgrade with pacman -Su.
Comment by ignoreme (ignoreme) - Thursday, 09 March 2017, 03:58 GMT
You would need to do a force or ignore on this one as suggested above. Once you delete that file and run pacman -Su you get ton's of errors. At least it did for me.
Comment by Doug Newgard (Scimmia) - Thursday, 09 March 2017, 04:12 GMT
all of the packages should be cached by that point, so there shouldn't be errors.
Comment by ignoreme (ignoreme) - Thursday, 09 March 2017, 04:24 GMT
Ah your right. The issue with the packages not caching was on my side.
Comment by Jan Alexander Steffens (heftig) - Thursday, 09 March 2017, 05:26 GMT
Yes, expected problem. I'll make a news post about it. Suggested workaround:

pacman -Syuw
rm /etc/ssl/certs/ca-certificates.crt
pacman -Su
Comment by Scott Furry (digifuzzy) - Thursday, 16 March 2017, 06:54 GMT
I would add one more suggestion. I executed steps suggested (and on Arch front page) but I would get segmentation fault executing pacman -Syu. Several tries and attempts later...
I went into /etc/pacman.d/mirrorlist and commented out any https sites. This enabled pacman to complete the update process normally.

Loading...