You are not logged in.

#1 2017-02-21 11:20:57

lightstream
Member
From: Britain
Registered: 2011-10-30
Posts: 64

Fresh Installation - question about CA Certs

Following a hard disk death, I have just completed a fresh install of Arch for the first time in several years.

I wasn't able to find a USB keydrive for the installation, and instead did the installation by booting up an old drive that had a somewhat out of date Arch on it. My understanding is that it being out of date doesn't matter as pacstrap /mnt base gets the latest packages for the new installation.

The only surprise I encountered was a couple of SSL verification failures, when running reflector to update my mirrorlist and when trying to check out a package from AUR. This was fixed by running sudo trust extract-compat.

Did I miss this step in the installation process? Or is it something related to my unusual installation medium?

The most important thing is that I want to be sure that I have the correct CA bundle installed, and that there's no risk of any dodgy CAs being in there (especially as I live in the UK where assorted government departments are allowed to mess around with private individuals' computers at will!)

Offline

#2 2017-02-21 11:26:20

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Fresh Installation - question about CA Certs

How old is your "somewhat out of date arch"?  There have been major changes in pacman and in cert handling that could readily explain your symptoms.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2017-02-21 12:31:01

lightstream
Member
From: Britain
Registered: 2011-10-30
Posts: 64

Re: Fresh Installation - question about CA Certs

It is probably about 18 months old .. but could be more. it was my previous spinning platter drive from before the SSD which I just replaced.

Are there likely to be any remaining issues or should all be fine now?

Offline

#4 2017-02-21 13:05:54

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Fresh Installation - question about CA Certs

There's no way to know without knowing how outdated the installation was.  You can check your pacman logs to find when it was last updated.  Then check the news for any changes in that time period.  Two that are likely directly relevant to the symptoms you've described:
https://www.archlinux.org/news/ca-certificates-update/
https://www.archlinux.org/news/required … 016-04-23/

If you've been able to boot the newly installed system and do another full system upgrade you will likely be fine.  But you may have little nagging issues on updates of some packages until every package gets updated with a post 5.0 pacman version.  In other words, in the future if you update and see some complains from pacman, this is likely the reason.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2017-02-21 14:16:33

lightstream
Member
From: Britain
Registered: 2011-10-30
Posts: 64

Re: Fresh Installation - question about CA Certs

OK great, that's reassuring to hear. So far there haven't been any pacman errors, so I'll bear that in mind should I encounter any in future.

Thanks a lot

Offline

Board footer

Powered by FluxBB