From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id jJjBBXmjUmELfgEAgWs5BA (envelope-from ) for ; Tue, 28 Sep 2021 07:09:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id aBPtAHmjUmFSLwAA1q6Kng (envelope-from ) for ; Tue, 28 Sep 2021 05:09:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CB7C22AE8D for ; Tue, 28 Sep 2021 07:09:12 +0200 (CEST) Received: from localhost ([::1]:56846 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mV5Md-0006yO-VG for larch@yhetil.org; Tue, 28 Sep 2021 01:09:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52396) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mV5MU-0006yD-U8 for guix-patches@gnu.org; Tue, 28 Sep 2021 01:09:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60110) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mV5MU-00028h-KD for guix-patches@gnu.org; Tue, 28 Sep 2021 01:09:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mV5MU-00046U-DW for guix-patches@gnu.org; Tue, 28 Sep 2021 01:09:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#49957] [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps Resent-From: John Kehayias Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 28 Sep 2021 05:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49957 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: "49957@debbugs.gnu.org" <49957@debbugs.gnu.org> Cc: Andrew Whatson Received: via spool by 49957-submit@debbugs.gnu.org id=B49957.163280569215705 (code B ref 49957); Tue, 28 Sep 2021 05:09:02 +0000 Received: (at 49957) by debbugs.gnu.org; 28 Sep 2021 05:08:12 +0000 Received: from localhost ([127.0.0.1]:43423 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mV5Lc-00045B-SV for submit@debbugs.gnu.org; Tue, 28 Sep 2021 01:08:12 -0400 Received: from mail-40133.protonmail.ch ([185.70.40.133]:58074) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mV5LZ-00044f-OQ for 49957@debbugs.gnu.org; Tue, 28 Sep 2021 01:08:06 -0400 Date: Tue, 28 Sep 2021 05:07:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1632805675; bh=Rr2gz3bxcXS9EpklfNJzqVS03eZ7WP92z7JPHxASJEk=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=KwMO8aRSZ5mrtuZ4PSKoWX8271arModehg5CXtD4SzRE1NHl4RLKqsw2U40uHcRaV nsOP/H84yEorAfoizxWcjfZSeDGq/n5W4fN3J3DPC6DGduh7dLXLApdgmKgsHJ3SU/ +3Rq/MCXJozxYKVQin+MZ2ZuhIsxlhnglvUdONGk= Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: John Kehayias X-ACL-Warn: , John Kehayias via Guix-patches From: John Kehayias via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632805752; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Rr2gz3bxcXS9EpklfNJzqVS03eZ7WP92z7JPHxASJEk=; b=Opui7VeVvFJR2T34uuENeQ5xrNFpiUw7fWSJqn6sMjlWAdBSUbKKlPs7MfJ+0mfJ+bmcQS dmA5fwmuhvOUmxqQdShJ4Cpakiw3yhoKGOIpPMRbifpYMK+my4zztfmbTTMtWcZWD2t6Tm lXGiTLT3TrJZ+hSTr8FIsq/8j6oJhPCCiFswN7HO0t0qF0bsPA/m9vua42BVCcqwFdUzhp SZrZYzN9uW6PecxxyocJsmkWOWfF+osQpM6UbvT3Bf8aocK7uH0xuCyRyk2J/Ij0P89xUU vQuZiWHcyGHC3qKjSnR+YuQtuQD3S5eTctaEH0Pv/oCc6xpFOfqypEfa2rUOCQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632805752; a=rsa-sha256; cv=none; b=cSKSX5A0yjFAMMVasEowtBE+00bVxwRBzIrb0GzG7wqgcQTK7Plgu/iG/ePk73L/Vx5iXf +usnhUf1lopBZwnj2a+WbAQOBjszs6/Sq7AliPJa+on2Qc8gVcGtB4/aRHSHiUD72V2Uh0 Yo/iPf39esHWsYqzPidxZKRzZJ+vL7Z0WBO9YPYRn2Y+MKfQKAPPP3xYMQTJcv2l3v0fMy ttcSUlOWYGdrPbLtkCUkkcf81d+Nn8J0pfe04dTIyZ4/UgwNMKkBI6IQzibSC5ugOIhMBt n7ZJcYY8kQ7b9NxRQsqsm+uEu5S9RG2G6mX/O9rpNOBeY+zeuV56+uOrt6Vt6A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail header.b=KwMO8aRS; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -3.29 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail header.b=KwMO8aRS; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: CB7C22AE8D X-Spam-Score: -3.29 X-Migadu-Scanner: scn1.migadu.com X-TUID: pld+TS00dctD For the record, I'm using the beta of Flatpak (installs fine with --with-so= urce transformation), version 1.11.3. Also, I found a workaround by manually killing the p11-kit server and runni= ng a new one that I built with this patch and updated to the latest version= . In case this helps anyone, I ran with the parameters Flatpak tries to lau= nch: p11-kit server --sh -n /run/user/1000/.flatpak-helper/pkcs11-flatpak-#### -= -provider p11-kit-trust.so "pkcs11:model=3Dp11-kit-trust?write-protected=3D= yes" where the -n argument #### came from trying to run a Flatpak app and seeing= it fail not finding the p11-kit server at that socket. Probably you can do= this more easily by forcing Flatpak when it first runs to use the fixed p1= 1-kit version (through a patch in Flatpak or some environment setting? or w= hat the system starts?). But with p11-kit server already running for me, th= is did the trick for testing.