Latest release has empty ca-bundle.crt

[jschwartzentruber]

The latest release from 2022-01-18 has an empty msys64/usr/ssl/certs/ca-bundle.crt and a number of other crt bundles are empty as well.

$ tar tavf msys2-base-x86_64-20220118.tar.xz | grep \\.crt\$
-rw-r--r-- runneradmin/None     0 2021-10-04 05:48 msys64/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- runneradmin/None        0 2021-10-04 05:48 msys64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
-rw-r--r-- runneradmin/None        0 2021-10-04 05:48 msys64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
-rw-r--r-- runneradmin/None   863205 2021-10-04 05:48 msys64/usr/share/pki/ca-trust-source/ca-bundle.trust.crt
-rw-r--r-- runneradmin/None        0 2021-10-04 05:48 msys64/usr/ssl/certs/ca-bundle.crt
-rw-r--r-- runneradmin/None        0 2021-10-04 05:48 msys64/usr/ssl/certs/ca-bundle.trust.crt

vs previous release:

$ tar tavf msys2-base-x86_64-20211130.tar.xz | grep \\.crt\$
-r--r--r-- runneradmin/None 230529 2021-11-30 11:39 msys64/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- runneradmin/None        0 2021-10-04 05:48 msys64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
-rw-r--r-- runneradmin/None        0 2021-10-04 05:48 msys64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
-rw-r--r-- runneradmin/None   863205 2021-10-04 05:48 msys64/usr/share/pki/ca-trust-source/ca-bundle.trust.crt
-rw-r--r-- runneradmin/None   203117 2021-11-30 11:39 msys64/usr/ssl/certs/ca-bundle.crt
-rw-r--r-- runneradmin/None   230529 2021-11-30 11:39 msys64/usr/ssl/certs/ca-bundle.trust.crt

This prevents pacman from verifying mirrors and pulling any updates.

[lazka]

Thanks (someone on gitter/matrix already reported that some days ago, but no one filed an issue yet)

The file will be created if you follow the guide here: https://www.msys2.org/docs/ci/#other-systems The C:\msys64\usr\bin\bash -lc ' ' line is the important one.

We need to

• Figure out what changed
• Test this scenario (running pacman without ever starting a login shell) in the CI pipeline so it doesn't happen with any future release.

[lazka]

The post install scripts are failing, which might be related:

• last working (13 Dec 2021): https://github.com/msys2/msys2-installer/runs/4501523027?check_suite_focus=true
• first broken (19 Dec 2021): https://github.com/msys2/msys2-installer/runs/4575993993?check_suite_focus=true

[lazka]

ok, found the issue, will fix/re-release tomorrow.

and libxml2 needs a rebuild so users using this broken installer get the post_install script executed. and ca-certificates for good measure, even though the login shell should handle that, but better safe than sorry.

[lazka]

A new fixed installer is released now.

Thanks again for the report.

[jschwartzentruber]

No problem, thanks for the quick fix!

The file will be created if you follow the guide here: https://www.msys2.org/docs/ci/#other-systems The C:\msys64\usr\bin\bash -lc ' ' line is the important one.

This worked anyways with the 2022-01-18 release. Maybe it's worth noting there that bash -l ... actually is necessary so the profile can perform first-run actions? I normally leave -l off in scripts.

[lazka]

Yeah, good point, it's on my todo list for the docs.

Due to Linux starting a login shell either on login or when you connect via ssh not many users assume that it is needed with MSYS2.