From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 28 01:08:12 2021 Received: (at 49957) by debbugs.gnu.org; 28 Sep 2021 05:08:12 +0000 Received: from localhost ([127.0.0.1]:43423 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mV5Lc-00045B-SV for submit@debbugs.gnu.org; Tue, 28 Sep 2021 01:08:12 -0400 Received: from mail-40133.protonmail.ch ([185.70.40.133]:58074) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mV5LZ-00044f-OQ for 49957@debbugs.gnu.org; Tue, 28 Sep 2021 01:08:06 -0400 Date: Tue, 28 Sep 2021 05:07:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1632805675; bh=Rr2gz3bxcXS9EpklfNJzqVS03eZ7WP92z7JPHxASJEk=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=KwMO8aRSZ5mrtuZ4PSKoWX8271arModehg5CXtD4SzRE1NHl4RLKqsw2U40uHcRaV nsOP/H84yEorAfoizxWcjfZSeDGq/n5W4fN3J3DPC6DGduh7dLXLApdgmKgsHJ3SU/ +3Rq/MCXJozxYKVQin+MZ2ZuhIsxlhnglvUdONGk= To: "49957@debbugs.gnu.org" <49957@debbugs.gnu.org> From: John Kehayias Subject: Re: [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 49957 Cc: Andrew Whatson X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: John Kehayias Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) For the record, I'm using the beta of Flatpak (installs fine with --with-so= urce transformation), version 1.11.3. Also, I found a workaround by manually killing the p11-kit server and runni= ng a new one that I built with this patch and updated to the latest version= . In case this helps anyone, I ran with the parameters Flatpak tries to lau= nch: p11-kit server --sh -n /run/user/1000/.flatpak-helper/pkcs11-flatpak-#### -= -provider p11-kit-trust.so "pkcs11:model=3Dp11-kit-trust?write-protected=3D= yes" where the -n argument #### came from trying to run a Flatpak app and seeing= it fail not finding the p11-kit server at that socket. Probably you can do= this more easily by forcing Flatpak when it first runs to use the fixed p1= 1-kit version (through a patch in Flatpak or some environment setting? or w= hat the system starts?). But with p11-kit server already running for me, th= is did the trick for testing.