Patch ca-certificates package
Command /usr/sbin/update-ca-certificates updates the system
certificate bundle with the below ( simplified ) logic:
- delete the bundle
- create a new bundle as /etc/ssl/certs/ca-certificates.crt.tmp.XXXX
- mv /etc/ssl/certs/ca-certificates.crt.tmp.XXXX to
/etc/ssl_certs/ca-certificates.crt
This makes the bundle file to be non-existent for a while and that
causes FileNotFound errors for processes trying to read the file too
frequently such as http clients performing TLS verification.
This change removes the delete operation. The current bundle file will
now be replaced in its entirety by the atomic move operation.
Test plan:
PASS Full build, install, bootstrap and unlock
PASS Verify that the delete operation is no longer found in
/usr/sbin/update-ca-certificates
PASS Start a process to read from the certificate bundle in
very short intervals. Run 'update-ca-certificates
--localcertsdir /etc/pki/ca-trust/source/anchors'
many times and verify that no FileNotFound errors
show up in the process reading the certificate bundle.
Closes-Bug: 2073123
Depends-on: https://review.opendev.org/c/starlingx/root/+/922519
Change-Id: If79156dc2024e5d2ab676a6e812798dbd0a355da
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
This commit is contained in:
Rei Oliveira
Reinildes Oliveira
parent
0e7ce3752e
commit
3637f18b23
10
base/ca-certificates/debian/meta_data.yaml
Normal file
10
base/ca-certificates/debian/meta_data.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
debver: 20210119
|
||||||
|
debname: ca-certificates
|
||||||
|
dl_path:
|
||||||
|
name: ca-certificates-archive-debian-20210119.tar.gz
|
||||||
|
url: https://salsa.debian.org/debian/ca-certificates/-/archive/archive/debian/20210119/ca-certificates-archive-debian-20210119.tar.gz
|
||||||
|
sha256sum: a639f1d0598fa8f7a864c7c93860bde2eb00c5a51e66c0f7b0e716f092852eaf
|
||||||
|
revision:
|
||||||
|
dist: $STX_DIST
|
||||||
|
PKG_GITREVCOUNT: true
|
||||||
@ -0,0 +1,24 @@
|
|||||||
|
From c0006b7d23fc1c9014ecc8b5da51042e912bcac2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
|
||||||
|
Date: Mon, 17 Jun 2024 19:00:28 -0300
|
||||||
|
Subject: [PATCH] Remove explicity delete while update CA bundle
|
||||||
|
|
||||||
|
---
|
||||||
|
sbin/update-ca-certificates | 2 --
|
||||||
|
1 file changed, 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||||
|
index b27c6bd..473e90e 100755
|
||||||
|
--- a/sbin/update-ca-certificates
|
||||||
|
+++ b/sbin/update-ca-certificates
|
||||||
|
@@ -164,8 +164,6 @@ then
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
-rm -f "$CERTBUNDLE"
|
||||||
|
-
|
||||||
|
ADDED_CNT=$(wc -l < "$ADDED")
|
||||||
|
REMOVED_CNT=$(wc -l < "$REMOVED")
|
||||||
|
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
1
base/ca-certificates/debian/patches/series
Normal file
1
base/ca-certificates/debian/patches/series
Normal file
@ -0,0 +1 @@
|
|||||||
|
0001-Remove-explicit-delete-while-update-CA-bundle.patch
|
||||||
@ -432,3 +432,5 @@ trident-installer
|
|||||||
|
|
||||||
#watchdog
|
#watchdog
|
||||||
watchdog
|
watchdog
|
||||||
|
|
||||||
|
ca-certificates
|
||||||
|
|||||||
@ -9,6 +9,7 @@ base/linuxptp
|
|||||||
base/lvm2
|
base/lvm2
|
||||||
base/lsb
|
base/lsb
|
||||||
base/openssl
|
base/openssl
|
||||||
|
base/ca-certificates
|
||||||
base/pf-bb-config
|
base/pf-bb-config
|
||||||
base/synce4l
|
base/synce4l
|
||||||
base/systemd
|
base/systemd
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user