1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109469: Regression in apt 3.0

    From Sven Mueller@21:1/5 to All on Fri Jul 18 15:30:01 2025
    Source: apt
    Version: 3.0.3

    Hi.

    We had this working in apt for years, in apt.conf:

    Acquire::https::some.host::SslCert "pkcs11:token=sometoken;object-type=cert;object=someobject;pin-source=file:/dev/null";
    Acquire::https::some.host::SslKey "pkcs11:token=sometoken;object-type=private;object=someobject;pin-source=file:/dev/null";

    Where sometoken refers to an access mechanism pkcs11 understands and
    someobject identifies the actual credentials (cert and key under the
    same name, but differentiated via the type). The relevant credential
    is hardware-backed, so just giving a filename wouldn't work.

    This broke with apt 3.0 - probably with 2.9.19, but I didn't cross-check.

    Are you aware of any way to achieve this with current apt? Could
    support for such a configuration be added back?

    Kind regards,
    Sven

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)