I was coming towards the end of a test build of 8.4-rc1, installing a few essential packages before trying to build. And then make-ca failed.
This is my first time with make-ca-1.2, all my previous systems used versions before 1.0. I'd not noticed that it gets run after installing, and I'd put p11-kit etc a bit later (before I run my normal upgrade-certs script). So the trust program did not exist. Moved the deps, retried, still failed. Trying to run make-ca manually, it told me the certs were up to date, but that I could force if I wanted to. With --force it failed again. The end of my script: install -vdm755 /etc/ssl/local wget http://www.cacert.org/certs/root.crt wget http://www.cacert.org/certs/class3.crt openssl x509 -in root.crt -text -fingerprint -setalias "CAcert Class 1 root" \ -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ > /etc/ssl/local/CAcert_Class_1_root.pem openssl x509 -in class3.crt -text -fingerprint -setalias "CAcert Class 3 root" \ -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ > /etc/ssl/local/CAcert_Class_3_root.pem make install /usr/sbin/make-ca -g And the start and end of the output from trying to force it: Output forced. Will run conversion unconditionally. Certificate: Go Daddy Root Certificate Authority - G2 Keyhash: cbf06781 Added to p11-kit anchor directory with trust 'C,,'. Certificate: Starfield Root Certificate Authority - G2 Keyhash: 4bfab552 Added to p11-kit anchor directory with trust 'C,,'. [...] Certificate: Chambers of Commerce Root - 2008 Keyhash: c47d9980 Added to p11-kit anchor directory with trust 'C,C,'. Certificate: Global Chambersign Root - 2008 Keyhash: 0c4c9b6c Added to p11-kit anchor directory with trust 'C,C,'. Processing local certificates... unable to load certificate 140106412413440:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 139684787118592:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE Certificate: Keyhash: unable to load certificate 140362720920064:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 139834549195264:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 139623151137280:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140664899711488:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 139774229365248:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE Added to p11-kit anchor directory with trust ',,'. unable to load certificate 140373908214272:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140603492200960:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE Certificate: Keyhash: unable to load certificate 140157798978048:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140121980891648:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140151965876736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 139890995274240:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140497972445696:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE Added to p11-kit anchor directory with trust ',,'. Extracting OpenSSL certificates to /etc/ssl/certs...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting GNUTLS server auth certificates to /etc/pki/tls/certs/ca-bundle.crt...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting GNUTLS S-Mime certificates to /etc/pki/tls/certs/email-ca-bundle.crt...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting GNUTLS code signing certificates to /etc/pki/tls/certs/objsign-ca-bundle.crt...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting Java cacerts (JKS) to /etc/pki/tls/java/cacerts...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Any ideas, please ? Meanwhile I'll try to get some sleep. ĸen -- The beauty of reading a page of de Selby is that it leads one inescapably to the conclusion that one is not, of all nincompoops, the greates. -- du Garbandier -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
