Bug#1035849: opam: `opam init` fails. Missing ca-certificates dependency, only listed as recommended
Package: opam
Version: 2.1.2-1
Severity: important
X-Debbugs-Cc: cuihtlauac.alvarado@gmail.com
Dear Maintainer,
* What led up to the situation?
Trying to install opam without recommended dependencies. Here is the
command I used:
sudo apt-get install -y --no-install-recommends opam
* What exactly did you do (or not do) that was effective (or
ineffective)?
Once installed, to be usable, opam needs to be initialized. Here is
the command:
opam init
* What was the outcome of this action?
Failure. Here is the full output (answering yes to all the questions)
$ opam init
No configuration file found, using built-in defaults.
Checking for available remotes: none.
- you won't be able to use rsync and local repositories unless you install
the rsync command on your system.
- you won't be able to use git repositories unless you install the git
command on your system.
- you won't be able to use mercurial repositories unless you install the hg
command on your system.
- you won't be able to use darcs repositories unless you install the darcs
command on your system.
[ERROR] Sandboxing is not working on your platform debian:
"~/.opam/opam-init/hooks/sandbox.sh build sh -c echo SUCCESS
>$TMPDIR/opam-sandbox-check-out && cat $TMPDIR/opam-sandbox-check-out;
rm -f $TMPDIR/opam-sandbox-check-out" exited with code 1 "bwrap: No
permissions to create new namespace, likely because the kernel does not
allow non-privileged user namespaces. See <https://deb.li/bubblewrap>
or <file:///usr/share/doc/bubblewrap/README.Debian.gz>."
Do you want to disable it? Note that this will result in less secure package
builds, so please ensure that you have some other isolation mechanisms in place
(such as running within a container or virtual machine). [y/N]
anonymous@ed86d6201383:~$ opam init
No configuration file found, using built-in defaults.
Checking for available remotes: none.
- you won't be able to use rsync and local repositories unless you install
the rsync command on your system.
- you won't be able to use git repositories unless you install the git
command on your system.
- you won't be able to use mercurial repositories unless you install the hg
command on your system.
- you won't be able to use darcs repositories unless you install the darcs
command on your system.
[ERROR] Sandboxing is not working on your platform debian:
"~/.opam/opam-init/hooks/sandbox.sh build sh -c echo SUCCESS
>$TMPDIR/opam-sandbox-check-out && cat $TMPDIR/opam-sandbox-check-out;
rm -f $TMPDIR/opam-sandbox-check-out" exited with code 1 "bwrap: No
permissions to create new namespace, likely because the kernel does not
allow non-privileged user namespaces. See <https://deb.li/bubblewrap>
or <file:///usr/share/doc/bubblewrap/README.Debian.gz>."
Do you want to disable it? Note that this will result in less secure package
builds, so please ensure that you have some other isolation mechanisms in place
(such as running within a container or virtual machine). [y/N] y
<><> Fetching repository information ><><><><><><><><><><><><><><><><><><><><><>
[ERROR] Could not update repository "default": OpamDownload.Download_fail(_,
"Download command failed: \"/usr/bin/wget --content-disposition -t 3 -O
/tmp/opam-833-815fca/index.tar.gz.part -U opam/2.1.2 --
https://opam.ocaml.org/index.tar.gz\" exited with code 5 \"ERROR: The
certificate of 'opam.ocaml.org' doesn't have a known issuer.\"")
[ERROR] Initial download of repository failed.
* What outcome did you expect instead?
Exit success after some time and more output with the following last
two lines:
Done.
# Run eval $(opam env --switch=default) to update the current shell environment
* Additional notes
ca-certificates listed in the report as installed because it was
pulled by the reportbug tool itself.
I found this when trying to install opam in a debian container. In
such a context the option --disable-sandboxing should be passed to
opam init in order to remove warnings.
In order to avoid being asked question options -ya should be passed
to opam init
-- System Information:
Debian Release: 12.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.19.0-41-generic (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages opam depends on:
ii bubblewrap 0.8.0-2
ii build-essential 12.9
ii libc6 2.36-9
ii libgcc-s1 12.2.0-14
ii libglpk40 5.0-1
ii libstdc++6 12.2.0-14
ii opam-installer 2.1.2-1
ii unzip 6.0-28
ii wget 1.21.3-1+b2
Versions of packages opam recommends:
ii ca-certificates 20230311
pn darcs <none>
pn git <none>
pn m4 <none>
pn mercurial <none>
pn ocaml <none>
pn rsync <none>
Versions of packages opam suggests:
pn opam-doc <none>
-- no debconf information
Reply to: