--- Begin Message ---
Subject: |
[PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps |
Date: |
Tue, 10 Aug 2021 00:14:31 +1000 |
Flatpak has a soft dependency on p11-kit, which was configured without
knowledge of the system-wide CA certificate store. This caused some
flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.
* gnu/packages/tls.scm (p11-kit): Configure with
/etc/ssl/certs/ca-certificates.crt as a trusted path.
---
gnu/packages/tls.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d98a724b5f..4af95e2798 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -143,7 +143,7 @@ in intelligent transportation networks.")
`(("libffi" ,libffi)
("libtasn1" ,libtasn1)))
(arguments
- `(#:configure-flags '("--without-trust-paths")
+ `(#:configure-flags
'("--with-trust-paths=/etc/ssl/certs/ca-certificates.crt")
#:phases (modify-phases %standard-phases
(add-before 'check 'prepare-tests
(lambda _
--
2.32.0
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#49957: [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps |
Date: |
Mon, 25 Oct 2021 21:13:42 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Andrew Whatson <whatson@gmail.com> skribis:
> Flatpak has a soft dependency on p11-kit, which was configured without
> knowledge of the system-wide CA certificate store. This caused some
> flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.
>
> * gnu/packages/tls.scm (p11-kit): Configure with
> /etc/ssl/certs/ca-certificates.crt as a trusted path.
I pushed a similar fix on ‘master’ based on John’s patch as
b4d29851e412c6f4fea5b2d98160258b9768dee3.
We might as well update the default p11-kit though? (Somehow I was
assuming it had many dependents, but it only has 80+.)
Thanks,
Ludo’.
--- End Message ---