[Bug 258709] lang/mono6.8: cert-sync doesn't work on iocage style base jails
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 258709] lang/mono6.8: cert-sync doesn"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 24 Sep 2021 19:46:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258709 --- Comment #1 from Oscar Carlsson <oscar@spindel.tax> --- I tried setting up a Mono application in a iocage base jail (iocage -b ...) but noticed that my certificate store was empty, and that I couldn't use the cert-sync tool to sync with my system certificate store - the tool threw error messages that my file system was mounted as read only. I setup an nearly identical new jail, but made it a 'thick' jail instead (iocage -T ...) instead, and now my Mono certificate store was full of CAs (as expected). Running cert-sync again worked fine (although it was already in sync). So I suspect that cert-sync (and mozroots) tries to write to a folder that is mounted as read-only in a iocage base jail. This is a list of read-only folders on one such jail: /bin /boot /lib /libexec /rescue /sbin /usr/bin /usr/include /usr/lib /usr/libexec /usr/sbin /usr/share /usr/libdata /usr/lib32 I couldn't make either mozroots or cert-sync to be more verbose (as to which folder it was trying to write), but I _guess_ that it's /usr/lib or so. An acceptable workaround is to use a thick jail instead, but it would be _nice_ to have it working in a base jail as well. -- You are receiving this mail because: You are the assignee for the bug.