On 2/11/19 12:51 PM, Michel Meyers wrote: > Mystery solved: Somebody (or something) placed a private key in a file > called privkey.pem and stored it in /etc/ssl/certs. This caused openssl > rehash to silently exit with error code 1, thus causing the whole > postinst script to fail. > > After cleaning out the offending file, the package installed without any > problems.
Thanks for the debugging info. I tried to reproduce a non-zero exit from both the old c_rehash and new openssl rehash calls, in order to see if we've found another behavior difference, but each call ended up with a clean 0 exit for me with a key file in the same place. cd /etc/ssl/certs/ sudo cp ../private/ssl-cert-snakeoil.key privkey.pem sudo c_rehash -v . echo $? sudo openssl rehash -v . echo $? sudo update-ca-certificates --fresh -v echo $? sudo rm privkey.pem I do see an expected warning "rehash: warning: skipping privkey.pem,it does not contain exactly one certificate or CRL" but no non-zero exit. I do have the same version of openssl installed, 1.1.1a-1. I'd like to see if we can reproduce and maybe come up with some basic error avoidance, if this is a common practice to put keys here? (I wouldn't, so not sure how common this is.) Kind regards, Michael
