From nobody Sat Oct 14 14:26:16 2023 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S75L53D8nz4wqJP for ; Sat, 14 Oct 2023 14:27:09 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S75L46hyPz3ZdL; Sat, 14 Oct 2023 14:27:08 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; none List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1697293594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ChOp+2UpFWjKRTuyGM98Qj0r3W6fEX3F6wjM+auIfzc=; b=qWVMnBm/wffEwCBqCiYIOy672O/G08sVBSBUZOkQr+YJ7fZVdWsjAOtYp+VG+6B+syhCKO IvI0RIv/ZHx6Rbys9OP93u6QhDrZYcOihCEYSPYjpSC5e65jbJWe1QuDRruboG0wEL+bzB 2VZgRli+Shc7r3IMJ+auLBTrMPkrR4sISM7vAd3zKBAIKCWZuS4i/JV30uEEaqIiSgEkhL rOeuyp02x6+vhGCYusorTluyn+oSyZ4Wm8uwVZiLKtRaxl0muxWpACcy46szGT3I3S0sYu QA7EM6mW8YyfDZVaLBBHF/SD5/p1m3/JPBeW48WQ4n3Oxlq4nqo6jZlh0N/JiQ== Date: Sat, 14 Oct 2023 16:26:16 +0200 From: Alexander Leidinger To: =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= Cc: Current Subject: Re: issue: poudriere jail update fails after recent changes around certctl In-Reply-To: <86cyxi34wc.fsf@ltc.des.no> References: <7b44912e0d3ff033ab27923aeeae5caf@Leidinger.net> <86cyxi34wc.fsf@ltc.des.no> Message-ID: <24e275f3b561c096577c00c001f3ec57@Leidinger.net> X-Sender: Alexander@Leidinger.net Organization: No organization, this is a private message. Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=_fba7f2d4d66d605fa58229dcbf4c6b9b"; micalg=pgp-sha256 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE] X-Rspamd-Queue-Id: 4S75L46hyPz3ZdL This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_fba7f2d4d66d605fa58229dcbf4c6b9b Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8; format=flowed Am 2023-10-13 17:42, schrieb Dag-Erling Smørgrav: > Alexander Leidinger writes: >> some change around certctl (world from 2023-10-09) has broken the >> poudriere jail update command. The complete install finishes, certctl >> is run, and then there is an exit code 1. This is because I have some >> certs listed as untrusted, and this seems to give a retval of 1 inside >> certctl. > > This only happens if a certificate is listed as both trusted and > untrusted, and I'm pretty sure the previous version would return 1 in > that case as well. Can you check? I compared /usr/share/certs/untrusted/ with /usr/share/certs/trusted/ and some of them match with certs in /usr/share/certs/trusted/. Nothing in /usr/local/etc/ssl/untrusted/, one cert (as hash) in /usr/local/etc/ssl/blacklisted/ which is also in /usr/share/certs/untrusted/. If FreeBSD provides some certs as trusted (as part of e.g. installworld), and I have some of them listed in untrusted, I would not expect an error case, but a failsafe action of not trusting them and not complaining... am I doing something wrong? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_fba7f2d4d66d605fa58229dcbf4c6b9b Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmUqpRYACgkQEg2wmwP4 2IZtARAAhvTkZjIlFc1WlDkSkmP8T5SVR3uSNESRK5nGfY0LC2jtSvK06J3+DxLK UGG8UCu8beF75XiO2dlbwc5CYbNgrIYBsrNpf9H9f6E9E59hyDHgin+kZpgZQV4a 50YwN+JN+I5pfXjEL5SMvgnbggkuLEaGWTzMyFcryLpua0bop2UydMdzqCysRuNY 4pi4R3XhMaPVnWrEWvCAMEzOsUcwyOkpVaw2lPB3tjWOdxA8hAB8j1ndEV9+0n6g 5daBAZLQDkPYv/53QiQ/C4BihRPYtqspXZxmi8RyO6DTQfmrh8zEtFZP1A0XxRdC owSq9LhjGKYG0jVJmVn59R5PN0Dff3xQOVjLTOrwlexKyO8j5cGWLtetsz5uNK8K RBLnAF5KkUOz1L0nWGcz+cJVXcV7XZSrh2r9Ok5GYQXQkbXnvcglxYXaFdowWKiN frm53QJ5/WKUUZ0B6Y1hOgHi8eMraPl+Nenp5aI54vFor90Zi9WUNO8NgQbFXlRb NRl5Jd312bslRYDkz8xk/6xlPrkRfmIzPJVBheiXRwOVxjpIBRWIuOqdfknxUun3 2TDxFX7qOLjCVQCruKvESJbj/eABMj9RHDpu2M5Kf09o7RTx0DwTFR0BYfbLh4rc MeFQUOHBENq9H01uRS4ppk/KZWKukeSMcCnUkwRzr9wzImpGq40= =jgKY -----END PGP SIGNATURE----- --=_fba7f2d4d66d605fa58229dcbf4c6b9b--