Created attachment 324024 [details] emerge.info The icaclient-12.1.0 installation creates a back-up directory that the icaclient does not seem to read: ====================================== >>> /opt/Citrix/ICAClient/icons/receiver.png >>> /opt/Citrix/ICAClient/icons/error.png >>> /opt/Citrix/ICAClient/icons/alert.png >>> /opt/Citrix/ICAClient/icons/security_small.png >>> /opt/Citrix/ICAClient/icons/manager.png >>> /opt/Citrix/ICAClient/libctxssl.so >>> /opt/Citrix/ICAClient/VDMSSPI.DLL >>> /opt/Citrix/ICAClient/VDHSSPI.DLL --- /opt/Citrix/ICAClient/keystore/ * * Installation of a symlink is blocked by a directory: * '/opt/Citrix/ICAClient/keystore/cacerts' * This symlink will be merged with a different name: * '/opt/Citrix/ICAClient/keystore/cacerts.backup.0000' * >>> /opt/Citrix/ICAClient/keystore/cacerts.backup.0000 -> /etc/ssl/certs >>> /opt/Citrix/ICAClient/NDS.DLL --- /opt/Citrix/ICAClient/lib/ >>> /opt/Citrix/ICAClient/lib/libavcodec.so >>> /opt/Citrix/ICAClient/lib/libavutil.so >>> /opt/Citrix/ICAClient/lib/libkcpm.so >>> /opt/Citrix/ICAClient/lib/libswscale.so >>> /opt/Citrix/ICAClient/lib/libkcph.so >>> /opt/Citrix/ICAClient/lib/libavformat.so --- /opt/Citrix/ICAClient/help/ [snip ...] ====================================== As a result, when I try to connect to a citrix server I'm getting an error that I have chosen not to accept the server's verisign certificate. :-/ As I workaround I created a symlink from cacerts to cacerts.backup.0000: # rm -Rf /opt/Citrix/ICAClient/keystore/cacerts # ln -s /opt/Citrix/ICAClient/keystore/cacerts.backup.0000/ /opt/Citrix/ICAClient/keystore/cacerts $ ls -la /opt/Citrix/ICAClient/keystore/cacerts lrwxrwxrwx 1 root root 51 Sep 16 19:37 /opt/Citrix/ICAClient/keystore/cacerts -> /opt/Citrix/ICAClient/keystore/cacerts.backup.0000/ Should the ebuild be tweaked, or is there a better way to fix this than my kludge above? -- Regards, Mick
I do not use the ICAClient anymore, so I have to rely on your help. Thank you for your report and sorry for my late answer, but we may get it out of the way quickly now. Some steps I want you to do: 1. Do an 'ls /opt/Citrix/ICAClient/keystore/cacerts' of the originally merged directory. 2. Modify the ebuild in the following way and tell me if this elevates your problem after merging this version. Do you know how to incorporate those modifications? diff -u -B -r1.1 icaclient-12.1.0.ebuild --- icaclient-12.1.0.ebuild 1 Aug 2012 22:08:29 -0000 1.1 +++ icaclient-12.1.0.ebuild 21 Oct 2012 19:21:34 -0000 @@ -142,6 +142,7 @@ insinto "${ICAROOT}"/keyboard doins keyboard/* + rmdir "${ICAROOT}"/keystore/cacerts dosym /etc/ssl/certs "${ICAROOT}"/keystore/cacerts #insinto "${ICAROOT}"/keystore/cacerts #doins keystore/cacerts/*
Created attachment 327156 [details] ls_cacerts.txt Contents of 'ls /opt/Citrix/ICAClient/keystore/cacerts'
Thanks Christian, (In reply to comment #1) [snip ...] > 2. Modify the ebuild in the following way and tell me if this elevates your > problem after merging this version. > Do you know how to incorporate those modifications? Probably not! # patch p1 < icaclient-12.1.0.ebuild.patch patching file p1 Hunk #1 FAILED at 142. 1 out of 1 hunk FAILED -- saving rejects to file p1.rej # cat p1.rej --- icaclient-12.1.0.ebuild 1 Aug 2012 22:08:29 -0000 1.1 +++ icaclient-12.1.0.ebuild 21 Oct 2012 19:21:34 -0000 @@ -142,6 +142,7 @@ insinto "${ICAROOT}"/keyboard doins keyboard/* + rmdir "${ICAROOT}"/keystore/cacerts dosym /etc/ssl/certs "${ICAROOT}"/keystore/cacerts #insinto "${ICAROOT}"/keystore/cacerts #doins keystore/cacerts/* How am I supposed to patch an ebuild? Should I be using epatch just for testing it? -- Regards, Mick
(In reply to comment #3) > (In reply to comment #1) > [snip ...] > > 2. Modify the ebuild in the following way and tell me if this elevates your > > problem after merging this version. > > Do you know how to incorporate those modifications? Ok. I checked the tarball myself...the cacert directory contains files already but they are also available in /etc/ssl/cacerts, so deleting it should be no problem. Please try to remerge the icaclient 12.1.0 ebuild in about two hours, I checked in some change and would like to have your feedback.
I get an error message of sandbox violation with Portage 2.2 and sandbox enabled: >>> Install icaclient-12.1.0 into /var/tmp/portage/net-misc/icaclient-12.1.0/image/ category net-misc ACCESS DENIED unlinkat: /opt/Citrix/ICAClient/keystore/cacerts/Class4PCA_G2_v2.crt rm: não foi possível remover "/opt/Citrix/ICAClient/keystore/cacerts/Class4PCA_G2_v2.crt": Permissão negada ACCESS DENIED unlinkat: /opt/Citrix/ICAClient/keystore/cacerts/BTCTRoot.crt rm: não foi possível remover "/opt/Citrix/ICAClient/keystore/cacerts/BTCTRoot.crt": Permissão negada ACCESS DENIED unlinkat: /opt/Citrix/ICAClient/keystore/cacerts/GTECTGlobalRoot.crt rm: não foi possível remover "/opt/Citrix/ICAClient/keystore/cacerts/GTECTGlobalRoot.crt": Permissão negada ACCESS DENIED unlinkat: /opt/Citrix/ICAClient/keystore/cacerts/Class3PCA_G2_v2.crt rm: não foi possível remover "/opt/Citrix/ICAClient/keystore/cacerts/Class3PCA_G2_v2.crt": Permissão negada ACCESS DENIED unlinkat: /opt/Citrix/ICAClient/keystore/cacerts/Pcs3ss_v4.crt rm: não foi possível remover "/opt/Citrix/ICAClient/keystore/cacerts/Pcs3ss_v4.crt": Permissão negada >>> Completed installing icaclient-12.1.0 into /var/tmp/portage/net-misc/icaclient-12.1.0/image/ I will attach the complete log.
Created attachment 330508 [details] emerge --info
Created attachment 330510 [details] build log with sandbox violation
Comment on attachment 330510 [details] build log with sandbox violation I just tried it and I'm getting the same error: >>> Install icaclient-12.1.0 into /var/tmp/portage/net-misc/icaclient-12.1.0/image/ category net-misc ACCESS DENIED unlinkat: /opt/Citrix/ICAClient/keystore/cacerts rm: cannot remove ‘/opt/Citrix/ICAClient/keystore/cacerts’: Permission denied even after I removed the /opt/Citrix/ICAClient/keystore/cacerts symlink. -- Regards, Mick
@Fabiano: For now you may want to make a link to the system certificates store manually: rm /opt/Citrix/ICAClient/keystore/cacerts ln -s /etc/ssl/certs /opt/Citrix/ICAClient/keystore/cacerts until the ebuild is fixed. -- Regards, Mick
(In reply to comment #5) > I get an error message of sandbox violation with Portage 2.2 and sandbox > enabled: Thank you for the report, this should be fixed now. Please add LC_ALL=C before your emerge call for the next report so all messages are in English. Please test and report back, I do not use ICAClient myself anymore.
Thank you Christian, it installs fine now and it creates the link: # ls -la /opt/Citrix/ICAClient/keystore/cacerts lrwxrwxrwx 1 root root 14 Nov 28 06:52 /opt/Citrix/ICAClient/keystore/cacerts -> /etc/ssl/certs