Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-55765

update-ca-certificates fails with permission denied on directory-hash

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Minor Minor
    • rhel-9.5.z
    • rhel-9.4
    • ca-certificates
    • None
    • Yes
    • None
    • sst_security_crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      A component of OpenShift is trying to run `update-ca-certificates` using ca-certificates-0-2024.2.69_v8.0.303-91.4.el9_4-noarch, and we are getting permission denied errors.

      Please provide the package NVR for which bug is seen:

      ca-certificates-0-2024.2.69_v8.0.303-91.4.el9_4-noarch

      How reproducible:

      Always

      Steps to reproduce

      Here is how we invoke it: https://github.com/openshift/cluster-image-registry-operator/blob/b745da05603700af8edf5b946a3c7f9dc377c5b6/pkg/resource/podtemplatespec.go#L489

      Expected results

      Success

      Actual results

       

      2024-08-22T06:14:14.743856620Z ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': Permission denied 

       

      We noticed this change seems to be culprit: https://pkgs.devel.redhat.com/git/rpms/ca-certificates/commit/?h=rhel-9.4.0&id=55331c705878ae6b017abc42df3fcd454f1c8a90

            fkrenzel František Krenželok
            stbenjam Stephen Benjamin
            František Krenželok František Krenželok
            Alexander Sosedkin Alexander Sosedkin
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: