symlink just /etc/ssl/certs/ca-certificates.crt auto/th/ca-certificates-20180409-4
authorJacek Konieczny <jajcus@jajcus.net>
Sun, 13 Jan 2019 12:32:34 +0000 (13:32 +0100)
committerJacek Konieczny <jajcus@jajcus.net>
Sun, 13 Jan 2019 12:32:34 +0000 (13:32 +0100)
Restrictive permissions to PLD /etc/certs break gajim when symlinked to
/etc/ssl/certs:

> 2019-01-13 13:27:08 (E) nbxmpp.tls_nb PlugIn: while trying _startSSL():
> Traceback (most recent call last):
>   File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 288, in plugin
>     res = self._startSSL()
>   File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 327, in _startSSL
>     result = self._startSSL_pyOpenSSL()
>   File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 451, in _startSSL_pyOpenSSL
>     for f in os.listdir('/etc/ssl/certs'):
> PermissionError: [Errno 13] Permission denied: '/etc/ssl/certs'

Release: 4

ca-certificates.spec

index 939e6421e20c54177a1018cf6ea9e3e49508ce46..67c873df0ff4b4dfbc13193e9e4828f51afa7b71 100644 (file)
@@ -14,7 +14,7 @@ Summary(pl.UTF-8):    Pliki PEM popularnych certyfikat√≥w CA
 Name:          ca-certificates
 %define        ver_date        20180409
 Version:       %{ver_date}
-Release:       3
+Release:       4
 License:       GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
 Group:         Base
 Source0:       http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
@@ -245,8 +245,8 @@ cd ..
 
 # The Debian path might be hard-coded in some binaries we cannot fix
 # like the Steam client
-install -d $RPM_BUILD_ROOT/etc/ssl
-ln -s %{certsdir} $RPM_BUILD_ROOT/etc/ssl/certs
+install -d $RPM_BUILD_ROOT/etc/ssl/certs
+ln -s %{certsdir}/ca-certificates.crt $RPM_BUILD_ROOT/etc/ssl/certs
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -260,7 +260,8 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/pki/tls
 %dir /etc/pki/tls/certs
 %dir /etc/ssl
-/etc/ssl/certs
+%dir /etc/ssl/certs
+/etc/ssl/certs/ca-certificates.crt
 %config(noreplace) %verify(not md5 mtime size) /etc/pki/tls/certs/ca-bundle.crt
 %config(noreplace) %verify(not md5 mtime size) %{certsdir}/ca-certificates.crt
 
This page took 0.057234 seconds and 4 git commands to generate.