summaryrefslogtreecommitdiff
path: root/p11-kit/client.c
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2017-07-07 13:19:18 -0400
committerDaiki Ueno <ueno@gnu.org>2017-07-10 17:25:41 +0200
commitbc2f4c69bd319313dab9d85a6f8d622501593b0a (patch)
treed74d59d0d2a94a68565a839dd5aa0078195fb395 /p11-kit/client.c
parent9dd50249b597109c5956a531e44d46dc344daea5 (diff)
conf: Introduce P11_KIT_NO_USER_CONFIG
Currently `ca-certificates.spec` in Fedora ends up doing in `%post`: ``` /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt ``` etc. And due to this bit of code in p11-kit, we end up looking for the home directory for configuration. In this case, `/root`. It's categorically wrong to do this; the root user is distinct from "the system". This issue is equivalent to one I fixed in Pango: https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c Fast forward to today, and the reason I'm making this change is I'm working on `rpm-ostree ex container`, which builds containers as *non-root* (like gnome-continuous does, but now with RPMs), keeping the invoking uid. And this bug causes the `ca-certificates` `%post` to fail because it's trying to look for my uid 1000 which doesn't exist in the target rootfs' password database. Again, there's no reason to be looking for a home directory for system triggers, regadless of UID, so once this patch lands, I'll update `ca-certificates` to use it, and traditional RPM `%post` will stop looking in `/root` too.
Diffstat (limited to 'p11-kit/client.c')
0 files changed, 0 insertions, 0 deletions