Re: All certificates missing after update

[u34]

James Crake-Merani <ja...@jamescm.co.uk> wrote:

> Hello,
> 
> After my last update, I noticed a strange issue: I could not do anything that 
> required HTTPS. I could not use curl, update the system etc. I eventually 
> traced the problem back to ca-certificates. I noticed that 
> /etc/ca-certificates/extracted/tls-ca-bundle.pem , which although still 
> existed on the system, was just a completely empty file while on my laptop it 
> was filled with certificates. What I had to do was copy over the missing 
> certificates from my laptop, and then it was working. But what I noticed is 
> that previously I had downgraded some ca-certificates packages (specifically 
> the utils, and mozilla one I think),and when I upgraded the system the 
> certificates were all once again missing, and I had to replace them for a 
> second time.

    $ pacman -Qi ca-certificates-utils|grep 'Provides\|Required'
    Provides        : ca-certificates  ca-certificates-java
    Required By     : ca-certificates-mozilla  curl  neon
    $ pacman -Qo /etc/ca-certificates/extracted 
    /etc/ca-certificates/extracted/ is owned by ca-certificates-utils 20220905-1
    $ pacman -Qo /etc/ca-certificates/extracted/tls-ca-bundle.pem
    error: No package owns /etc/ca-certificates/extracted/tls-ca-bundle.pem
    $ ls /etc/ca-certificates/extracted/tls-ca-bundle.pem -l
    -r--r--r-- 1 root root 220514 Sep 14 14:32 
/etc/ca-certificates/extracted/tls-ca-bundle.pem

> 
> I am not educated at all on the ca-certificates package. I assume it has 
> something to do with SSL but I know little beyond that. I therefore can't 
> deduce whether this issue is the fault of a bug, or if I have done something 
> wrong. I'd like to know if anyone has experienced this problem as well, or if 
> someone has knowledge that might be of use.

It could be /etc/ca-certificates/extracted/tls-ca-bundle.pem is the output 
of some install script. Perhaps you should install the latest 
ca-certificates-mozilla, run pacman -Qkk, and see if the issue will return. 
I assume you did something wrong, but I didn't delve further into it.

> 
> Thanks.
> James Crake-Merani

--
u34