[flatpak] no integration with host p11-kit trust store
Categories
(Core :: Widget: Gtk, enhancement)
Tracking
()
People
(Reporter: fred, Unassigned)
References
(Blocks 1 open bug)
Details
Currently, firefox flatpak doesn't plug itself with the host p11-kit trust store, which can have additional CA (and so forth).
Fedora already fixed it in their own flatpak ( https://src.fedoraproject.org/rpms/firefox/pull-request/34#request_diff ).
+1 on this please. Currently a blocker for deploying flatpak based firefox on our hosts.
|
||
Comment 2•2 years ago
|
||
Could you please test that the host p11-kit trust store works with the upstream binary - ie. non-flatpak ?
|
Reporter | |
Comment 3•2 years ago
|
||
I just tested with latest upstream binary and it works if we remove libnssckbi.so from firefox tarball to force it to use system one located in /usr/lib64.
This is also the default behavior of Firefox packaged as RPM (and probably Deb) by several distributions (Fedora / openSUSE).
|
||
Comment 4•2 years ago
|
||
You may also test if removing libnssckb.so from firefox flatpak makes it work (the runtime contains own libnssckb.so symlinked to p11kit-trust).
Description
•