3637f18b23
Command /usr/sbin/update-ca-certificates updates the system certificate bundle with the below ( simplified ) logic: - delete the bundle - create a new bundle as /etc/ssl/certs/ca-certificates.crt.tmp.XXXX - mv /etc/ssl/certs/ca-certificates.crt.tmp.XXXX to /etc/ssl_certs/ca-certificates.crt This makes the bundle file to be non-existent for a while and that causes FileNotFound errors for processes trying to read the file too frequently such as http clients performing TLS verification. This change removes the delete operation. The current bundle file will now be replaced in its entirety by the atomic move operation. Test plan: PASS Full build, install, bootstrap and unlock PASS Verify that the delete operation is no longer found in /usr/sbin/update-ca-certificates PASS Start a process to read from the certificate bundle in very short intervals. Run 'update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors' many times and verify that no FileNotFound errors show up in the process reading the certificate bundle. Closes-Bug: 2073123 Depends-on: https://review.opendev.org/c/starlingx/root/+/922519 Change-Id: If79156dc2024e5d2ab676a6e812798dbd0a355da Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com> |
||
---|---|---|
.. | ||
debian |