[MacPorts] #39091: certsync @1.0.1: Does not remove cert.pem when deactivated
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated ----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Keywords: | Port: certsync ----------------------+----------------------- I'm not sure whether this is intended behavior, or I would have tried fixing it myself. It’s causing issues on the buildbots, though; subsequent attempts to install `curl-ca-bundle` fail (e.g., https://build.macports.org/builders/buildports-mtln- x86_64/builds/4697/steps/compile/logs/stdio). -- Ticket URL: <https://trac.macports.org/ticket/39091> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: certsync | -----------------------+----------------------- Comment (by landonf@…): Interesting. It is intended behavior, in that the cert.pem file is essentially user-managed data that certsync happens to be willing to update. I'm not sure what the right handling behavior is for this, though. Arguably the problem is that curl-ca-bundle itself ships a cert.pem (since it breaks user's ability to install custom CA certs). Thoughts on the right solution? -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: certsync | -----------------------+----------------------- Changes (by larryv@…): * cc: ryandesign@… (added) -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: certsync | -----------------------+----------------------- Comment (by macsforever2000@…): How about installing it properly somewhere like in {{{${prefix}etc/certsync/cert.pem}}} and add a {{{notes}}} field suggesting the user copy it manually to {{{${prefix}etc/openssl/cert.pem}}}? Having files installed outside of the registry definitely breaks the buildbots. I just saw an error trying to build a totally different port: http://build.macports.org/builders/buildports-mtln-x86_64/builds/4697 {{{ Error: org.macports.activate for port curl-ca-bundle returned: Image error: /opt/local/etc/openssl/cert.pem already exists and does not belong to a registered port. Unable to activate port curl-ca-bundle. Use 'port -f activate curl-ca-bundle' to force the activation. }}} -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:4> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: certsync | -----------------------+----------------------- Comment (by landonf@…): Replying to [comment:4 macsforever2000@…]:
How about installing it properly somewhere like in {{{${prefix}etc/certsync/cert.pem}}} and add a {{{notes}}} field suggesting the user copy it manually to {{{${prefix}etc/openssl/cert.pem}}}? Having files installed outside of the registry definitely breaks the buildbots.
The problem is that it's not static data; it's generated based on the certificates actually installed in the OS X keychain(s), which includes both the standard CA certificates Apple ships (and updates), along with any custom local CAs added by the user (eg, internal CAs used for their corporate deployed services). -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:5> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: certsync | -----------------------+----------------------- Comment (by larryv@…): Replying to [comment:1 landonf@…]:
Thoughts on the right solution?
It’s safe to say that—as of right now, at least—the certsync port should clear out cert.pem when it’s deactivated, if only out of politeness. I’ve made this change in r106025. -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:7> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: certsync | -----------------------+----------------------- Comment (by landonf@…): Replying to [comment:7 larryv@…]:
It’s safe to say that—as of right now, at least—the certsync port should clear out cert.pem when it’s deactivated, if only out of politeness. I’ve made this change in r106025.
Works for me. Thanks! -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:8> MacPorts <http://www.macports.org/> Ports system for OS X
#39091: certsync @1.0.1: Does not remove cert.pem when deactivated -----------------------+----------------------- Reporter: larryv@… | Owner: landonf@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: fixed | Keywords: Port: certsync | -----------------------+----------------------- Changes (by landonf@…): * status: new => closed * resolution: => fixed Comment: Upon reflection, this seems like a reasonable permanent fix. certsync lays claim to cert.pem as long as it is installed. -- Ticket URL: <https://trac.macports.org/ticket/39091#comment:9> MacPorts <http://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts