Bug 537412

Summary:	app-misc/ca-certificates-20140927.3.17.2 fails install phase
Product:	Gentoo Linux	Reporter:	Reuben Martin <reuben.m>
Component:	SELinux	Assignee:	SE Linux Bugs <selinux>
Status:	RESOLVED NEEDINFO
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Build Log Build Log (with debugging turned on)

Description Reuben Martin 2015-01-23 01:05:57 UTC

I'm currently assuming this has something to do with the hardened profile since this package will not install correctly on a SELinux VM, but works just fine on my non-SELinux host. The VM is currently not enforcing.

>>> Installing (1 of 1) app-misc/ca-certificates-20140927.3.17.2::gentoo
 * Removing /usr/share/doc
>>> Setting SELinux security labels
!!! Failed to move /var/tmp/portage/app-misc/ca-certificates-20140927.3.17.2/image/usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt to /usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt
!!! [Errno 2] No such file or directory: '/var/tmp/portage/app-misc/ca-certificates-20140927.3.17.2/image/usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt' -> '/usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt'


Not sure what is going on. The file exists.

ls -l /var/tmp/portage/app-misc/ca-certificates-20140927.3.17.2/image/usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt
-rw-r--r--. 1 root root 2004 Jan 22 18:48 /var/tmp/portage/app-misc/ca-certificates-20140927.3.17.2/image/usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt

Reproducible: Always

Comment 1 Sébastien P. 2015-03-21 18:16:38 UTC

I have just switch to “hardened/linux/amd64/selinux” and updated this package.

What about “/usr/share/ca-certificates/mozilla/Certinomis_-_Autorité_Racine.crt”? Does it exist/be writable?

I do know how it ca-cert works. But it uses symbolic links on “/etc/ssl/certs/”. Is it broken?

Comment 2 Sébastien P. 2015-03-21 18:17:20 UTC

(In reply to Sébastien P. from comment #1)
> I have just switch to “hardened/linux/amd64/selinux” and updated this
> package.

And I did not meet this issue…

Comment 3 SpanKY gentoo-dev

2015-03-21 19:47:21 UTC

you must attach `emerge --info` and full build logs with every report

if it's still failing for you, please post try building with --debug

Comment 4 Reuben Martin 2015-03-22 00:18:24 UTC

Well, I would post info, but this is from a virtual machine, and it seems my libvirt is broken now. I'll see if this is still an issue once I get libvirt sorted out.

Comment 5 Reuben Martin 2015-03-30 05:59:30 UTC

Ok, finally got libvirt working again. (a stale lock file for ebtables was gumming up the works)

Install is still failing. I'm attaching the build log.

Comment 6 Reuben Martin 2015-03-30 06:00:01 UTC

Created attachment 400120 [details]
Build Log

Comment 7 Reuben Martin 2015-03-30 06:03:33 UTC

Created attachment 400122 [details]
Build Log (with debugging turned on)

Comment 8 Reuben Martin 2015-03-31 02:26:29 UTC

Figured it out. I noticed that the CA cert had a non-english character in it so I checked to see what my locale was set to. It was en_US. Changed it to en_US.utf8 and it installed without any problems.