[Bug 244518] emulators/linux_base-c7: missing ca-certificates

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 244518] emulators/linux_base-c7: missing ca-certificates

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244518

            Bug ID: 244518
           Summary: emulators/linux_base-c7: missing ca-certificates
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: [hidden email]
          Reporter: [hidden email]
          Assignee: [hidden email]
             Flags: maintainer-feedback?([hidden email])

Linux emulation in ports seems to ship without the ca-certificates RPM, which
makes packages like cURL painful to use with SSL-enabled websites.

Please consider adding the ca-certificates RPM to the portstree, preferably
into the base package.

Source:

https://pkgs.org/download/ca-certificates

links
https://centos.pkgs.org/7/centos-updates-x86_64/ca-certificates-2019.2.32-76.el7_7.noarch.rpm.html
at the time of writing.

Thanks,
-xmj

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

maintainer-feedback requested: [Bug 244518] emulators/linux_base-c7: missing ca-certificates

bugzilla-noreply
Bugzilla Automation <[hidden email]> has asked freebsd-emulation mailing
list <[hidden email]> for maintainer-feedback:
Bug 244518: emulators/linux_base-c7: missing ca-certificates
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244518



--- Description ---
Linux emulation in ports seems to ship without the ca-certificates RPM, which
makes packages like cURL painful to use with SSL-enabled websites.

Please consider adding the ca-certificates RPM to the portstree, preferably
into the base package.

Source:

https://pkgs.org/download/ca-certificates

links
https://centos.pkgs.org/7/centos-updates-x86_64/ca-certificates-2019.2.32-76.el
7_7.noarch.rpm.html
at the time of writing.

Thanks,
-xmj
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

[Bug 244518] emulators/linux_base-c7: missing ca-certificates

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244518

Byron Grobe <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #1 from Byron Grobe <[hidden email]> ---
<jell48> finally got the traces out with "truss chroot /compat/linux  curl
https://google.com 2>&1". almost all of the files are found, except for
"linux_open("/proc/sys/crypto/fips_enabled",0x0,0666) ERR#-2 'No such file or
directory'". not sure how relevant is that crypto for curl to function (or is
that a real cause)?

Recent versions of OpenSSL and other SSL libraries on Linux check for a
kernel/userland setup that operates in a FIPS certified mode, which whether or
not it is used, it includes a sysctl visible under
/proc/sys/crypto/fips_enabled.
When the system is not in this mode, /proc/sys/crypto/fips_enabled should have
a content of ASCII 0 (for false), which it should always be under emulation
since we don't do FIPS certified crypto under linux emulation.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

[Bug 244518] emulators/linux_base-c7: missing ca-certificates

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244518

--- Comment #2 from Byron Grobe <[hidden email]> ---
(In reply to Byron Grobe from comment #1)
From further discussion in #freebsd, it appears the proper location to do this
would be in linprocfs.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "[hidden email]"