Overview
Request 515015 accepted
- Update to version 2+git20170807.10b2785:
* Check TRANSACTIONAL_UPDATE is set (boo#1045942)
* Add systemd units
- Run update-ca-certificate by systemd unit when the content of
one of the paths changes. Needed for read-only root and/or
transactional updates.
This one seems to be responsible for quite some weird fallouts - likely some configure scripts now no longer find one of the files they are looking for (as update-ca-certificates -f no longer runs on the build system)
See for example build fails of
docker mono-core libqca2 libqca-qt5
CC @kukuk who made the change; the build system is not systemd managed and has does not fire the services (init=/.build/build)
The best course might be to still call update-ca-certificates if -f /.buildenv
I'd rather go for something like test -w /var/lib/ca-certificates
Sounds like a reasonable option too; but that would mean on a running system with the service enabled, it is running twice: in the post script and then triggered by the service again
yes and no. If no ca-certificates change the service wouldn't trigger and even if it would most hook script won't regenerate their output. That's why the %post calls update-ca-certificates with the -f option to force regenerate all output files.
Hm, /var/lib/ca-certificates is always writeable if we update ca-certificates, even in transactional-update case. But the result may not be correct, since not all certificates are accessible (/etc).
But those would be corrected on next boot, when the oneshot service comes up and re-generates the files, no? (and reboot is needed for transactional updates in any case)
or we add that test directly to update-ca-certificates
Any consensus on the way forward here?
Yes, see bsc#1045942, transactional-update has the needed changes in Factory, waiting for Ludwig.
Backlog, until a fix can be prepared to not break build system setups
Request History
lnussel created request
- Update to version 2+git20170807.10b2785:
* Check TRANSACTIONAL_UPDATE is set (boo#1045942)
* Add systemd units
- Run update-ca-certificate by systemd unit when the content of
one of the paths changes. Needed for read-only root and/or
transactional updates.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added factory-repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
factory-repo-checker accepted review
Builds for repo Base:System/openSUSE_Factory
staging-bot set openSUSE:Factory:Staging:F as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:F"
staging-bot accepted review
Picked openSUSE:Factory:Staging:F
namtrac accepted review
ok
factory-repo-checker accepted review
skip review
maxlin_factory accepted review
ready to accept
maxlin_factory approved review
ready to accept
maxlin_factory accepted request
Accept to openSUSE:Factory