Bug#825730: marked as done (ca-certificates: using --noawait triggers breaks downloader packages)

[Debian Bug Tracking System]

Your message dated Sat, 03 Dec 2016 22:47:08 +0000
with message-id <e1cdj5i-000d8x...@fasolo.debian.org>
and subject line Bug#825730: fixed in ca-certificates 20141019+deb8u2
has caused the Debian Bug report #825730,
regarding ca-certificates: using --noawait triggers breaks downloader packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
825730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825730
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ca-certificates
Version: 20160104
Severity: important
User: debian...@lists.debian.org
Usertags: piuparts
Control: found -1 20141019+deb8u1
Control: affects -1 + google-android-build-tools-installer

Hi,

ca-certificates.postinst activates the update-ca-certificates trigger
with --noawait. This breaks downloader packages that are configured in
the same run as (an initial install of) ca-certificates because
/etc/ssl/certs is not set up at the time the downloader-pkg.postinst
runs even though it Depends: ca-certificates.

In a minimal (piuparts) sid:i386 chroot with main+contrib:
# apt-get install google-android-build-tools-installer
Reading package lists... Done
Building dependency tree... Done
The following additional packages will be installed:
  ca-certificates libffi6 libgmp10 libgnutls30 libhogweed4 libicu55 libidn11 
libnettle6 libp11-kit0 libpsl0 libssl1.0.2 libtasn1-6 make openssl unzip wget
Suggested packages:
  gnutls-bin make-doc zip
Recommended packages:
  publicsuffix
The following NEW packages will be installed:
  ca-certificates google-android-build-tools-installer libffi6 libgmp10 
libgnutls30 libhogweed4 libicu55 libidn11 libnettle6 libp11-kit0 libpsl0 
libssl1.0.2 libtasn1-6 make openssl unzip wget
0 upgraded, 17 newly installed, 0 to remove and 1 not upgraded.
Need to get 114 kB/13.4 MB of archives.
After this operation, 47.6 MB of additional disk space will be used.
Get:1 http://ftp.de.debian.org/debian sid/main i386 libidn11 i386 1.32-3 [114 
kB]
Fetched 114 kB in 0s (0 B/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libssl1.0.2:i386.
(Reading database ... 7239 files and directories currently installed.)
Preparing to unpack .../libssl1.0.2_1.0.2h-1_i386.deb ...
Unpacking libssl1.0.2:i386 (1.0.2h-1) ...
Selecting previously unselected package libgmp10:i386.
Preparing to unpack .../libgmp10_2%3a6.1.0+dfsg-2_i386.deb ...
Unpacking libgmp10:i386 (2:6.1.0+dfsg-2) ...
Selecting previously unselected package libnettle6:i386.
Preparing to unpack .../libnettle6_3.2-1_i386.deb ...
Unpacking libnettle6:i386 (3.2-1) ...
Selecting previously unselected package libhogweed4:i386.
Preparing to unpack .../libhogweed4_3.2-1_i386.deb ...
Unpacking libhogweed4:i386 (3.2-1) ...
Selecting previously unselected package libidn11:i386.
Preparing to unpack .../libidn11_1.32-3_i386.deb ...
Unpacking libidn11:i386 (1.32-3) ...
Selecting previously unselected package libffi6:i386.
Preparing to unpack .../libffi6_3.2.1-4_i386.deb ...
Unpacking libffi6:i386 (3.2.1-4) ...
Selecting previously unselected package libp11-kit0:i386.
Preparing to unpack .../libp11-kit0_0.23.2-3_i386.deb ...
Unpacking libp11-kit0:i386 (0.23.2-3) ...
Selecting previously unselected package libtasn1-6:i386.
Preparing to unpack .../libtasn1-6_4.8-1_i386.deb ...
Unpacking libtasn1-6:i386 (4.8-1) ...
Selecting previously unselected package libgnutls30:i386.
Preparing to unpack .../libgnutls30_3.4.12-2_i386.deb ...
Unpacking libgnutls30:i386 (3.4.12-2) ...
Selecting previously unselected package libicu55:i386.
Preparing to unpack .../libicu55_55.1-7_i386.deb ...
Unpacking libicu55:i386 (55.1-7) ...
Selecting previously unselected package libpsl0:i386.
Preparing to unpack .../libpsl0_0.11.0-2_i386.deb ...
Unpacking libpsl0:i386 (0.11.0-2) ...
Selecting previously unselected package wget.
Preparing to unpack .../wget_1.17.1-2_i386.deb ...
Unpacking wget (1.17.1-2) ...
Selecting previously unselected package openssl.
Preparing to unpack .../openssl_1.0.2h-1_i386.deb ...
Unpacking openssl (1.0.2h-1) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../ca-certificates_20160104_all.deb ...
Unpacking ca-certificates (20160104) ...
Selecting previously unselected package make.
Preparing to unpack .../archives/make_4.1-9_i386.deb ...
Unpacking make (4.1-9) ...
Selecting previously unselected package unzip.
Preparing to unpack .../archives/unzip_6.0-20_i386.deb ...
Unpacking unzip (6.0-20) ...
Selecting previously unselected package google-android-build-tools-installer.
Preparing to unpack .../google-android-build-tools-installer_23.0.2.1_i386.deb 
...
Unpacking google-android-build-tools-installer (23.0.2.1) ...
Processing triggers for libc-bin (2.22-9) ...
Setting up libssl1.0.2:i386 (1.0.2h-1) ...
Setting up libgmp10:i386 (2:6.1.0+dfsg-2) ...
Setting up libnettle6:i386 (3.2-1) ...
Setting up libhogweed4:i386 (3.2-1) ...
Setting up libidn11:i386 (1.32-3) ...
Setting up libffi6:i386 (3.2.1-4) ...
Setting up libp11-kit0:i386 (0.23.2-3) ...
Setting up libtasn1-6:i386 (4.8-1) ...
Setting up libgnutls30:i386 (3.4.12-2) ...
Setting up libicu55:i386 (55.1-7) ...
Setting up libpsl0:i386 (0.11.0-2) ...
Setting up wget (1.17.1-2) ...
Setting up openssl (1.0.2h-1) ...
Setting up ca-certificates (20160104) ...
Setting up make (4.1-9) ...
Setting up unzip (6.0-20) ...
Setting up google-android-build-tools-installer (23.0.2.1) ...
make: Entering directory '/var/cache/google-android-build-tools-installer'
cd /var/cache/google-android-build-tools-installer && \
        wget --continue 
https://dl.google.com/android/repository/build-tools_r23.0.2-linux.zip
--2016-05-29 10:07:34--  
https://dl.google.com/android/repository/build-tools_r23.0.2-linux.zip
Resolving dl.google.com (dl.google.com)... 172.217.21.110, 
2a00:1450:4001:805::200e
Connecting to dl.google.com (dl.google.com)|172.217.21.110|:443... connected.
ERROR: The certificate of 'dl.google.com' is not trusted.
ERROR: The certificate of 'dl.google.com' hasn't got a known issuer.
Makefile:67: recipe for target 
'/var/cache/google-android-build-tools-installer/build-tools_r23.0.2-linux.zip' 
failed
make: *** 
[/var/cache/google-android-build-tools-installer/build-tools_r23.0.2-linux.zip] 
Error 5
make: Leaving directory '/var/cache/google-android-build-tools-installer'
dpkg: error processing package google-android-build-tools-installer 
(--configure):
 subprocess installed post-installation script returned error exit status 2
Processing triggers for libc-bin (2.22-9) ...
Processing triggers for ca-certificates (20160104) ...
Updating certificates in /etc/ssl/certs...
173 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
 google-android-build-tools-installer
E: Sub-process /usr/bin/dpkg returned an error code (1)


Andreas

--- End Message ---

--- Begin Message ---

Source: ca-certificates
Source-Version: 20141019+deb8u2

We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Shuler <mich...@pbandjelly.org> (supplier of updated ca-certificates 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 18 Nov 2016 09:09:47 -0600
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20141019+deb8u2
Distribution: stable
Urgency: medium
Maintainer: Michael Shuler <mich...@pbandjelly.org>
Changed-By: Michael Shuler <mich...@pbandjelly.org>
Description:
 ca-certificates - Common CA certificates
Closes: 825730 828845
Changes:
 ca-certificates (20141019+deb8u2) stable; urgency=medium
 .
   [ Michael Shuler ]
   * mozilla/{certdata.txt,nssckbi.h}:
     Update Mozilla certificate authority bundle to version 2.9.
     Thanks for the initial 2.7 patch, Jonathan Wiltshire. Closes: #828845
     The following certificate authorities were added (+):
     + "Certplus Root CA G1"
     + "Certplus Root CA G2"
     + "Certum Trusted Network CA 2"
     + "Hellenic Academic and Research Institutions ECC RootCA 2015"
     + "Hellenic Academic and Research Institutions RootCA 2015"
     + "ISRG Root X1"
     + "OpenTrust Root CA G1"
     + "OpenTrust Root CA G2"
     + "OpenTrust Root CA G3"
     + "SZAFIR ROOT CA2"
     The following certificate authorities were removed (-):
     - "CA Disig"
     - "NetLock Business (Class B) Root"
     - "NetLock Express (Class C) Root"
     - "NetLock Notary (Class A) Root"
     - "NetLock Qualified (Class QA) Root"
     - "Sonera Class 1 Root CA"
     - "Staat der Nederlanden Root CA"
     - "Verisign Class 1 Public Primary Certification Authority - G2"
     - "Verisign Class 3 Public Primary Certification Authority"
     - "Verisign Class 3 Public Primary Certification Authority - G2"
 .
   [ Andreas Beckmann ]
   * debian/postinst:
     Run update-certificates without hooks to initially populate
     /etc/ssl/certs.  (The hooks are deferred to the noawait trigger.)
     Closes: #825730
Checksums-Sha1:
 c8d66fda30ad5ca41d07e9def8e23c3085c6b49c 1433 
ca-certificates_20141019+deb8u2.dsc
 4de58bfc8ab1680bf58015c76666972434b2858f 299020 
ca-certificates_20141019+deb8u2.tar.xz
 2876ac9558fe9f9b02d6ee3e178813840cf67b02 206566 
ca-certificates_20141019+deb8u2_all.deb
Checksums-Sha256:
 6d3790d1a3a62311c274b19b8de9b4ab197133f83a8716d95148ae39dce47e46 1433 
ca-certificates_20141019+deb8u2.dsc
 24257d25cedabfa303c02b8aba7b52300b66ff8dcd13424c2fc70489541ae26f 299020 
ca-certificates_20141019+deb8u2.tar.xz
 bc6340541700618d4cb0441ee9ad159a9c8fd2063200280ff6cdf96b1595beb2 206566 
ca-certificates_20141019+deb8u2_all.deb
Files:
 28d1e584e5a72813b8480699177aa47c 1433 misc optional 
ca-certificates_20141019+deb8u2.dsc
 fa97a3c590afa772196a07d7be1a1309 299020 misc optional 
ca-certificates_20141019+deb8u2.tar.xz
 956293b41b0c168763b23c42c1db7165 206566 misc optional 
ca-certificates_20141019+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYPtRwAAoJEFb2GnlAHawETqYH/37ZCzJOR4yP4H31A1jjIHTY
pDGs+KKMSSMCudYfXHJkIN+MWBL4evAVPL1xDZTjXmY7Eyv6/zzf0n0N0mnOReIa
Oz18AGmyLp+P4gnneFMaHERBkUejuVK5uIgYNefALnJ3xMD2itYk9WU8H3Ulz+z2
PiSL4yqZXV8EemYEsMLWTPgBx5lVc8AyQPxklDknlZvrl24D+aiaoLYyq74n1nhR
t/DcpFZAQYQDdzh9jceNiY3R9J3Btti65NQ4HO1k0ViL0hmCk7WbzYQp1jKHb4AZ
LqfCOnDPICJunT7DObw36T4SzJR2weUy7FrvU+LwIjGTJwsUJhkW21k2P9KB5Pg=
=zFoB
-----END PGP SIGNATURE-----

--- End Message ---