Fix p11-kit to work with host trusted certificates
Make sure to use flatpak with this PR: https://github.com/flatpak/flatpak/pull/1757
So, i tried this with the 1.8 runtime, and it seems to fail because:
flatpak run -d --command=strace org.freedesktop.Sdk//unstable p11tool --list-all-trusted 2>&1 | grep pkcs11/modules openat(AT_FDCWD, "/home/alex/.config/pkcs11/modules", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/etc/pkcs11/modules", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
i.e. p11-kit reads the config from /usr/etc, not /etc, so it will not pick up the /etc/pkcs11/modules/p11-kit-trust.module added by flatpak. Could you fix this in fd.o?
To be complete, we need to run p11tool --list-all-trusted
in the Sdk. And it should show the certificates from the host.
Make sure to be running ./flatpak-session-helper -r -v
if running from build.