Public bug reported:
Actually I had the same problem described in
http://askubuntu.com/questions/773955/apt-get-ssl-client-certificate-not-working-on-16-04-error-while-reading-file
I want to use client certificates with apt. But I don't want to make them world
readable in order to make apt working. So I created a group 'ssl-cert' and
changed the group ownership of the ssl cert files to match this group. I also
added the _apt user to the ssl-cert group.
Then I tried to open these files as user '_apt' in bash (su -s /bin/bash
_apt) which works well.
But if I run: "apt-get -o "Debug::Acquire::https=true" update" I still get the
following error:
* error reading ca cert file /etc/certs/mycert/ca.pem (Error while reading
file.)
* Closing connection 26
So my guess is that apt somehow ignores the ssl-cert membership.
Possible workarounds:
- make ssl client cert world readable
- change owner ssl client cert to _apt
- change main group of _apt user from 'nogroup' to 'ssl-cert'
- set APT::Sandbox::User "root"; in apt.conf.d
Neither of them is pretty.
Maybe this is a wanted behavior, then just suggest how to fix the issue in nice
way.
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668944
Title:
The _apt user ignores group membership.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1668944/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
