From 0923a3c6dd5e5a134b8029afec56e939adc51c06 Mon Sep 17 00:00:00 2001 From: Jacek Konieczny Date: Sun, 13 Jan 2019 13:32:34 +0100 Subject: [PATCH] symlink just /etc/ssl/certs/ca-certificates.crt Restrictive permissions to PLD /etc/certs break gajim when symlinked to /etc/ssl/certs: > 2019-01-13 13:27:08 (E) nbxmpp.tls_nb PlugIn: while trying _startSSL(): > Traceback (most recent call last): > File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 288, in plugin > res = self._startSSL() > File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 327, in _startSSL > result = self._startSSL_pyOpenSSL() > File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 451, in _startSSL_pyOpenSSL > for f in os.listdir('/etc/ssl/certs'): > PermissionError: [Errno 13] Permission denied: '/etc/ssl/certs' Release: 4 --- ca-certificates.spec | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ca-certificates.spec b/ca-certificates.spec index 939e642..67c873d 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -14,7 +14,7 @@ Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA Name: ca-certificates %define ver_date 20180409 Version: %{ver_date} -Release: 3 +Release: 4 License: GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs) Group: Base Source0: http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz @@ -245,8 +245,8 @@ cd .. # The Debian path might be hard-coded in some binaries we cannot fix # like the Steam client -install -d $RPM_BUILD_ROOT/etc/ssl -ln -s %{certsdir} $RPM_BUILD_ROOT/etc/ssl/certs +install -d $RPM_BUILD_ROOT/etc/ssl/certs +ln -s %{certsdir}/ca-certificates.crt $RPM_BUILD_ROOT/etc/ssl/certs %clean rm -rf $RPM_BUILD_ROOT @@ -260,7 +260,8 @@ rm -rf $RPM_BUILD_ROOT %dir /etc/pki/tls %dir /etc/pki/tls/certs %dir /etc/ssl -/etc/ssl/certs +%dir /etc/ssl/certs +/etc/ssl/certs/ca-certificates.crt %config(noreplace) %verify(not md5 mtime size) /etc/pki/tls/certs/ca-bundle.crt %config(noreplace) %verify(not md5 mtime size) %{certsdir}/ca-certificates.crt -- 2.43.0