guestregister and ca-certificates.service race problem

[ld9379435]

in some suse distro，guestregister and ca-certificates.service has a race problem like that：https://www.suse.com/support/kb/doc/?id=000021252 ;

I noticed in the new version, there is a commit at 3007f85 that aims to alleviate this race problem.

However, I have a question regarding the import_smtcert_12 function in the file at

cloud-regionsrv-client/lib/cloudregister/registerutils.py

Line 1012 in 3962bc4

def import_smtcert_12(smt):

. When smt.write_cert(key_chain) is executed, it triggers the monitoring of ca-certificates.path, which subsequently invokes the ca-certificates.service to run /usr/sbin/update-ca-certificates for updating the certificates. But then, in the update_ca_chain function, it seems that this update operation is called again, thus causing this issue. I am puzzled as to why this update operation needs to be invoked twice.

[rjschwei]

It doesn't need to be invoked twice. The certs used to be written to a different location that was not monitored because there was a bug somewhere else. When the location where we write the certs changed the now superfluous invocation to refresh the certs was not removed. At the same time, if we remove the invocation than we depend on the monitoring to work properly and if for some reason it does not we create problems. As such it is not as simple as removing the invocation. We'd have to verify that the new certs got picked up by the system and if not run the command.