Page MenuHomeSolus
Create Task
Maniphest T3881

mono: sync certs with installation
Closed, ResolvedPublic
Actions

Description

Mono stores its own certificates that it uses via either:

cert-sync --user /etc/ssl/certs/ca-certificates.crt (~/.config/.mono)
sudo cert-sync /etc/ssl/certs/ca-certificates.crt (/usr/share/.mono)

Without running this, you end up with these results: https://plus.google.com/u/0/110320487434181770905/posts/i59ZLiQA1WR

Pondering the best way to handle it in lieu of a postinstall. Obvious option would be to run cert-sync --user in the build and move the files to $installdir/usr/share/.mono

Considering if there's a better alternative, but leaving here so it's not forgotten.

Revisions and Commits

R3873 usysconf
R3873:7a7cb7903d6c Update usysconf to 0.5.1

Event Timeline

sunnyflunk created this task.Jun 15 2017, 2:06 AM
Herald added a project: Lacks Project. · View Herald TranscriptJun 15 2017, 2:06 AM
sunnyflunk renamed this task from mono: sync certs with package to mono: sync certs with installation.Jun 15 2017, 2:14 AM
sunnyflunk triaged this task as Normal priority.
sunnyflunk updated the task description. (Show Details)
sunnyflunk edited projects, added Software; removed Lacks Project.
rbnswartz added a subscriber: rbnswartz.Jun 15 2017, 2:27 AM

That would be really nice because any package build that requires mono and needs nuget packages needs to run the cert-sync in its build steps or else it fails.

DataDrake moved this task from Backlog to Package Fixes on the Software board.Jul 20 2017, 2:50 AM
sandman9988 added a subscriber: sandman9988.EditedJul 20 2017, 7:33 AM

A somewhat related issue with Mono 5.0 is broken https support. Mono 4.8 moved to TLS1.2 provided by Google's BoringSSL project, however, https support is broken in Mono5.0. The work around is " export MONO_TLS_PROVIDER=legacy" instead of btls. Any chance of setting the default to legacy instead of btls in Solus builds? This will allegedly be fixed in Mono 5.1

jokjadk added a subscriber: jokjadk.Dec 28 2017, 9:49 PM
sunnyflunk added a comment.EditedFeb 7 2018, 11:28 PM

I just remembered that we now have a tool called usysconf that would integrate and eat this task for breakfast, running

sudo cert-sync /etc/ssl/certs/ca-certificates.crt and creating (/usr/share/.mono) when /usr/bin/cert-sync exists and the certs change. Maybe I'll even try getting my C on xD

sunnyflunk changed the task status from Open to In Progress.Feb 8 2018, 3:37 AM

Ok, I may have done it. https://github.com/solus-project/usysconf/pull/2

ikey closed this task as Resolved by committing R3873:7a7cb7903d6c: Update usysconf to 0.5.1.Feb 8 2018, 11:34 AM
ikey added a commit: R3873:7a7cb7903d6c: Update usysconf to 0.5.1.
egee-irl added a subscriber: egee-irl.Jul 2 2018, 7:58 PM

I see that this issue is closed but I just ran into it today.

We've got this API test framework that uses RestSharp and authenticates using rest endpoints. Needless to say it's required to have working certificates and things before these endpoints behave properly. Interestingly, I had the same issue on openSUSE and it was resolved by using the cert-sync command.

I was able to work around this issue on Solus by using that cert-sync command has folks have posted above but I'm curious why this isn't run as a post-install task automatically? The mono-docs explicitly state that:

Note that a default installation of Mono doesn’t trust anyone!

This means that any Mono install without initially running cert-sync is ostensibly broken.

sunnyflunk added a comment.Jul 4 2018, 12:13 AM

Can't reproduce:

$ sudo eopkg install mono
Total size of package(s): 43.51 MB
Downloading 1 / 1
Package mono found in repository Unstable
mono-5.10.1.47-16-1-x86_64.eopkg (43.5 MB)100%    857.43 KB/s [00:00:00] [complete]
Installing 1 / 1
mono-5.10.1.47-16-1-x86_64.eopkg [cached]
Installing mono, version 5.10.1.47, release 16
Extracting the files of mono
Installed mono                                                                                                                                               
 [✓] Syncing filesystems                                                success                                                                              
 [✓] Updating dynamic library cache                                     success
 [✓] Updating manpages database                                         success
 [✓] Populating Mono certificates                                       success

Certificates populated

$ ls /usr/share/.mono/
certs  new-certs

If you do something odd like remove /usr/share/.mono then it won't necessarily regenerate them on reinstall

Matf added a subscriber: Matf.Jun 29 2019, 6:55 PM

In my case, certificates are not populated as in @sunnyflunk's message:

$ sudo eopkg install mono
Password: 
Total size of package(s): 45.87 MB
Downloading 1 / 1
Package mono found in repository Solus
mono-5.14.0.177-17-1-x86_64.eopkg (45.9 MB)100%      2.35 MB/s [00:00:00] [complete]
Installing 1 / 1
mono-5.14.0.177-17-1-x86_64.eopkg [cached]
Installing mono, version 5.14.0.177, release 17
Extracting the files of mono
Installed mono
 [✓] Syncing filesystems                                                success
 [✓] Updating dynamic library cache                                     success
 [✓] Updating manpages database                                         success

Am I missing something?

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.