2380436 – Moving of off /etc/pki/tls/certs/ca-bundle.crt

Bug 2380436 - Moving of off /etc/pki/tls/certs/ca-bundle.crt

Summary: Moving of off /etc/pki/tls/certs/ca-bundle.crt

Keywords:
Status:	ON_QA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	NetworkManager
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Lubomir Rintel
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2360110
TreeView+	depends on / blocked

Reported:	2025-07-16 09:02 UTC by Frantisek Krenzelok
Modified:	2025-08-25 15:01 UTC (History)
CC List:	9 users (show)
Fixed In Version:	NetworkManager-1.54.0-2.fc43
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
freedesktop.org Gitlab	NetworkManager NetworkManager merge_requests 2257	0	None	opened	rpm: change system_ca_path on Fedora 43+	2025-08-20 08:36:07 UTC

Description Frantisek Krenzelok 2025-07-16 09:02:54 UTC

Hello in anticipation of https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile fedora change proposal, which is taking effect during the fedora rawhide mass rebuild (starting 23th of July), we would like you to validate this and if applicable, use `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` instead of the `/etc/ssl/certs/cert.pem` certificate bundle which was found in the source-code

https://src.fedoraproject.org/rpms/NetworkManager/blob/rawhide/f/NetworkManager.spec#_685

Comment 1 Michael Catanzaro 2025-08-18 16:24:16 UTC

Probably shouldn't ignore this.

Comment 2 Frantisek Krenzelok 2025-08-18 16:45:11 UTC

I have tried to patch my self but it seems you need permissions even to fork the repo..

Comment 3 Beniamino Galvani 2025-08-20 08:36:08 UTC

Frantisek, does this look correct?

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2257

The upstream spec file is the reference for Fedora and RHEL. At the next rebase, the package will be aligned to the upstream spec file.

Comment 4 Frantisek Krenzelok 2025-08-20 09:20:03 UTC

Replied in MR

Note You need to log in before you can comment on or make changes to this bug.