Bug 244518
| Summary: | emulators/linux_base-c7: missing ca-certificates | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Johannes Jost Meixner <xmj> |
| Component: | Individual Port(s) | Assignee: | freebsd-emulation (Nobody) <emulation> |
| Status: | New --- | ||
| Severity: | Affects Only Me | CC: | grobe0ba, trasz |
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(emulation) |
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Johannes Jost Meixner
2020-02-29 11:31:04 UTC
<jell48> finally got the traces out with "truss chroot /compat/linux curl https://google.com 2>&1". almost all of the files are found, except for "linux_open("/proc/sys/crypto/fips_enabled",0x0,0666) ERR#-2 'No such file or directory'". not sure how relevant is that crypto for curl to function (or is that a real cause)? Recent versions of OpenSSL and other SSL libraries on Linux check for a kernel/userland setup that operates in a FIPS certified mode, which whether or not it is used, it includes a sysctl visible under /proc/sys/crypto/fips_enabled. When the system is not in this mode, /proc/sys/crypto/fips_enabled should have a content of ASCII 0 (for false), which it should always be under emulation since we don't do FIPS certified crypto under linux emulation. (In reply to Byron Grobe from comment #1) From further discussion in #freebsd, it appears the proper location to do this would be in linprocfs. I'm not sure if the /proc file is the problem here. In strace output, I can see:
stat("/etc/pki/tls/certs/ca-bundle.crt", 0x7fffffffb8c0) = -1 ENOENT (No such file or directory)
Providing this file - eg by copying from FreeBSD's /usr/local/share/certs/ca-root-nss.crt - makes Linux curl work.
|