public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Warnings about (un)trusted certs during emerge
@ 2015-05-02 12:58 Walter Dnes
  2015-05-02 15:24 ` Mick
  0 siblings, 1 reply; 2+ messages in thread
From: Walter Dnes @ 2015-05-02 12:58 UTC (permalink / raw
  To: Gentoo Users List

[-- Attachment #1: Type: text/plain, Size: 601 bytes --]

  The latest update on my netbook is still stumbling along due to a few
speed bumps.  Here's something that I noticed strictly by accident as
the build scrolled by.  I checked in /var/portage/elog afterwards, but
only found a few messages about broken symlinks, and their removal.

  I don't know how to interpret the attached.  Were the certificates
installed or not?  As a general question, is there a tool to dig through
and list the certs on a machine... without pulling in 90% of QT or
GNOME?

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

[-- Attachment #2: certs.txt.gz --]
[-- Type: application/octet-stream, Size: 927 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-user] Warnings about (un)trusted certs during emerge
  2015-05-02 12:58 [gentoo-user] Warnings about (un)trusted certs during emerge Walter Dnes
@ 2015-05-02 15:24 ` Mick
  0 siblings, 0 replies; 2+ messages in thread
From: Mick @ 2015-05-02 15:24 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: Text/Plain, Size: 1571 bytes --]

On Saturday 02 May 2015 13:58:09 Walter Dnes wrote:
>   The latest update on my netbook is still stumbling along due to a few
> speed bumps.  Here's something that I noticed strictly by accident as
> the build scrolled by.  I checked in /var/portage/elog afterwards, but
> only found a few messages about broken symlinks, and their removal.

The ca-certificates ebuild will remove any root certificates or hash symlinks, 
which are no longer trusted from your /etc/ssl/certs/ directory.  I recall in 
the past I had to tidy up manually, but these days I don't need to.


>   I don't know how to interpret the attached.  Were the certificates
> installed or not?  As a general question, is there a tool to dig through
> and list the certs on a machine... without pulling in 90% of QT or
> GNOME?

You can have a look in /etc/ssl/certs/ which contains the default OS Root CA 
certificates and see if there are any broken symlinks.

You can also run a manual update, if it's been a long time since you updated 
this package, or put it in a cron job:

# /usr/sbin/update-ca-certificates --verbose
Updating certificates in /etc/ssl/certs... Doing .
A-Trust-nQual-03.pem => 9c472bf7.0
ACCVRAIZ1.pem => a94d09e5.0
ACEDICOM_Root.pem => 381ce4dd.0
AC_Raíz_Certicámara_S.A..pem => 6f2c1157.0
[snip ...]

thawte_Primary_Root_CA.pem => 2e4eed3c.0
thawte_Primary_Root_CA_-_G2.pem => c089bbbd.0
thawte_Primary_Root_CA_-_G3.pem => ba89ed3b.0
174 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-05-02 15:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-02 12:58 [gentoo-user] Warnings about (un)trusted certs during emerge Walter Dnes
2015-05-02 15:24 ` Mick

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox