Bug#923784: update-ca-certificates: corrupts ca-certificates.crt on full root file system

[Michael Shuler]

On 3/5/19 11:47 AM, Arthur de Jong wrote:
> I have created a merge request in Salsa for this:
> https://salsa.debian.org/debian/ca-certificates/merge_requests/2

Thank for the MR. I'll take a look.

-- 
Kind regards,
Michael

Bug#923784: update-ca-certificates: corrupts ca-certificates.crt on full root file system

[Arthur de Jong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Control: tags + patch

I have created a merge request in Salsa for this:
https://salsa.debian.org/debian/ca-certificates/merge_requests/2

- -- 
- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJcfrYlAAoJECqLdGgQ4K/BnngP/ilZ2mOYKDI7bEkcwGVWUra6
w2I2akNBTYbkcpWB89N9AUhR32Q7kS0ihfOhbA/+wxEhuzZC2ATwT70Ks9NwlHh8
V9KUNUrJTQRioE2PJoNI/ESw5NmJ+lFw+QUW6+aisCjt/tuBxS8ILwh5O93r+v99
Dl+wjtyYPqoSQ0I3TMRp+QJcaQaU7zqANC4d0vzdfjRdQKnKLOqOi65OIkgzdTMf
zmDi4sxgNEXukgg1WtIurrxzVVy4YJGHkj1cJk4aiSHqr7Br4GIKLGHgUx8YolT7
hvZ/Ql7Wq+9HCF/U3FcpVzX46GeWq7Y/Uat++t4Gbcx7kF6YfoFWxzfO/VGk5NtT
c8k8IKbq0UWrMw3W5/nOv/4h8fzyb26p0Y0LPDQJiYThzUYfOhF5oVvYotyt1Kua
83D1KF4+qwT4fUh/qu8ad3I1anhI8/b0hF0fs8QpNHcn+4Hx36cAluQiYC3BryiO
ei9ubFQo1hV0D8Qig9jPZHvX3AXak92Y3klvp3aXKmUqaK78xjuS2jBqkejQmDW+
iO0k3tu6TgZvEirYdwuqd5zOMjQu1Ccsi3RHMpX4CuhhrV6t9lW2XuPbQOHmLbYZ
JDE+EiKjOqJDC0DeiaId8uAn+uAPjSlpqMg7KyDz702c2WxYGh7sAIcOqTxSPHMM
k1kR/RQfx1nejY2CYPUj
=a93d
-END PGP SIGNATURE-

Bug#923784: update-ca-certificates: corrupts ca-certificates.crt on full root file system

[Arthur de Jong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Package: ca-certificates
Version: 20161130+nmu1+deb9u1
Severity: normal
File: /usr/sbin/update-ca-certificates

If the root file system is full update-ca-certificates will corrupt the 
/etc/ssl/certs/ca-certificates.crt file.


The script will create a temporary file and move the new certificate 
bundle in place but the temporary file may be on a different file system 
(/tmp) which means the move is not atomic.


- -- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  openssl1.1.0j-1~deb9u1

- -- 
- -- arthur - adej...@debian.org - https://people.debian.org/~adejong --

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJcfmbJAAoJECqLdGgQ4K/BkM0P/RintkRODLwBoTyuBMUQx5Lc
ByWL/LqCdYq+41HPSmoGkKrV95dpA8787QpJZrCnEi0wKx5Evo1YR5/0fE0Ar9t7
sLxlIPf/zcqoRxcyeZm+N8VehvvwRGBH9mXtq9KKrbC65/LgB3OCsQftXljhlyV6
5P9rJkHqgAMTTqXaSBmg/S+DP2BQHepL+YO4BuEqSgaGONwL1YVim1tJ2vy2lLhw
l8zV1+4yrwtcx+GHl0L0Sz3ZdbpwKofdFDXLeE9jPWLdKiYIMhGR3sMBe+HkZGJZ
/1lXDnWTD5askuOjvwl9MqSjJtbV+bHoeKwGTE61/Ls9JzS4HpyH6nBxQo3k0xD8
hNuJR6mZBsf9NfNpLgjbTGrCckgOQdG5DcT2+BiXACdxk3xSOvO6III7WgCBTlUp
RGDfLdCMBKyYME31P5sof5uoL87qffXh52d7QUNzlttduH58OJw8J3zx9lSspqw+
kmJaObxT9SWqfeYnNoRvOIP+eaec51BuBCF1+f/btoHcQVbVBQwgaBQ37DX4Ihnz
t7cRd3p/94ZEwlZRNTWnYob0KXSatylpr5A45XiwSMlTEdONIpK25JHZgZxkCFv9
xehM6EDFil2vKTbNj8dHg00zbHRsyq+bXzI7pAcj7vUAeQCFZpjG2OsoBo+wvmXO
XyaFadebxdG5w7ToGA0K
=T3NE
-END PGP SIGNATURE-