integ/base/ca-certificates
Rei Oliveira 3637f18b23 Patch ca-certificates package
Command /usr/sbin/update-ca-certificates updates the system
certificate bundle with the below ( simplified ) logic:

- delete the bundle
- create a new bundle as /etc/ssl/certs/ca-certificates.crt.tmp.XXXX
- mv /etc/ssl/certs/ca-certificates.crt.tmp.XXXX to
  /etc/ssl_certs/ca-certificates.crt

This makes the bundle file to be non-existent for a while and that
causes FileNotFound errors for processes trying to read the file too
frequently such as http clients performing TLS verification.

This change removes the delete operation. The current bundle file will
now be replaced in its entirety by the atomic move operation.

Test plan:
PASS Full build, install, bootstrap and unlock
PASS Verify that the delete operation is no longer found in
     /usr/sbin/update-ca-certificates
PASS Start a process to read from the certificate bundle in
     very short intervals. Run 'update-ca-certificates
     --localcertsdir /etc/pki/ca-trust/source/anchors'
     many times and verify that no FileNotFound errors
     show up in the process reading the certificate bundle.

Closes-Bug: 2073123
Depends-on: https://review.opendev.org/c/starlingx/root/+/922519

Change-Id: If79156dc2024e5d2ab676a6e812798dbd0a355da
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
2024-07-15 13:47:07 +00:00
..
debian Patch ca-certificates package 2024-07-15 13:47:07 +00:00