[BUG]: AppImage automatic updates broken on openSUSE

[a931vwewi]

Describe the Bug

AppImage automatic updates do not work in openSUSE Tumbleweed. I assume it is because "ca-certificates.crt" does not exist at CAfile path /etc/ssl/certs/ca-certificates.crt. It is located at /etc/ssl/ca-bundle.pem.

You have to link /etc/ssl/ca-bundle.pem to /etc/ssl/certs/ca-certificates.crt for automatic updates to work.

Whenever the package ca-certificates updates/changes, automatic updates breaks and you have to relink /etc/ssl/ca-bundle.pem to /etc/ssl/certs/ca-certificates.crt for automatic updates to work.

This seems related to closed issue #10794.

Reproduction Steps

1. Launch AppImage in openSUSE Tumbleweed.
2. Check for updates
3. See error example:

[   37.2842] Request for 'https://api.pcsx2.net/v1/nightlyReleases?pageSize=1' returned error 77
[   37.2845] Updater Error: Failed to download latest release info: 0

Expected Behavior

• Automatic updates to function.

PCSX2 Revision

v1.7.5799

Operating System

Linux (64bit) - Specify distro below

If Linux - Specify Distro

openSUSE Tumbleweed

Logs & Dumps

No response

[stenzek]

Don't think there's much we can do about this, we use the libssl from the runner, which is Ubuntu. Building libssl and including the certs also seems like a bad idea. Appimages are a pretty terrible solution, and this is one reason why.

I guess an option would be to blacklist libssl from being included, and hope the system has a recent enough version.

I'd suggest using the Flatpak, which won't have this problem.

[a931vwewi]

Hi @stenzek, thanks for taking a look at this and the effort you put in.

The workaround of linking /etc/ssl/ca-bundle.pem to /etc/ssl/certs/ca-certificates.crt for automatic updates works well enough for the AppImage.

I'm not sure if blacklisting libssl would be worthwhile if trying to make the AppImage updater functional for all. Perhaps it would introduce more issues/bug reports.

[a931vwewi]

Followup on release [v1.7.5816] #11252

The issue still occurs. The autoupdate still fails unless you link /etc/ssl/ca-bundle.pem to /etc/ssl/certs/ca-certificates.crt.

I assume the AppImage only looks for "ca-certificates.crt" at path /etc/ssl/certs/ca-certificates.crt regardless if libssl is included or not.

[stenzek]

Looks like it's either coming from libcurl, or libgnutls. I'm not really comfortable omitting those too, so I'll probably just back out the libssl change, since it wasn't beneficial. As far as I'm aware, there isn't a way to load specific libraries from the global search directory over the RPATH, but still leave it there for others.

I think you'll just have to deal with it, or use the Flatpak. This is one of the many flaws of AppImages. RetroAchievements and runtime font downloading will also be broken, they use the same downloader.