Public bug reported:

Actually I had the same problem described in 
http://askubuntu.com/questions/773955/apt-get-ssl-client-certificate-not-working-on-16-04-error-while-reading-file
I want to use client certificates with apt. But I don't want to make them world 
readable in order to make apt working. So I created a group 'ssl-cert' and 
changed the group ownership of the ssl cert files to match this group. I also 
added the _apt user to the ssl-cert group.

Then I tried to open these files as user '_apt' in bash (su -s /bin/bash
_apt) which works well.

But if I run: "apt-get -o "Debug::Acquire::https=true" update" I still get the 
following error:
* error reading ca cert file /etc/certs/mycert/ca.pem (Error while reading 
file.)
* Closing connection 26

So my guess is that apt somehow ignores the ssl-cert membership.

Possible workarounds:
- make ssl client cert world readable
- change owner ssl client cert to _apt
- change main group of _apt user from 'nogroup' to 'ssl-cert'
- set APT::Sandbox::User "root"; in apt.conf.d

Neither of them is pretty. 
Maybe this is a wanted behavior, then just suggest how to fix the issue in nice 
way.

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668944

Title:
  The _apt user ignores group membership.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1668944/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to