packager ssl issue with rf git push/new-sources/upload
David Timms
dtimms at iinet.net.au
Mon Nov 14 21:31:29 CET 2016
On 15/11/16 06:18, Stuart Gathman wrote:
> On 11/14/2016 07:18 AM, Nicolas Chauvet wrote:
>> 2016-11-14 12:47 GMT+01:00 David Timms <dtimms at iinet.net.au>:
>>> Hi, I'm trying to do the above actions with rfpkg and getting error:
>>> $ rfpkg upload ~/rpmbuild/SOURCES/audacity-zz.tar.gz
>>> Could not execute new_sources: (58, 'SSL peer rejected your certificate
>>> as expired.')
>> The message should have been explicit. It's more about your x509 than
>> your ssh key:
>> There is a need to generate a new key periodically (same as fedora).
>> $ openssl x509 -text -in ~/.rpmfusion.cert -dates -noout
This shows that it is legit but expired a few days ago.
>> Are you sure to have rpmfusion-packager 0.5.3
$ rpm -q rpmfusion-packager
rpmfusion-packager-0.5.3-1.fc24.noarch
and that the content of
>> ~/.rpmfusion-server-ca.cert looks good ?
Yes.
> Yeah. In my case, ~/.rpmfusion.cert had an HTML "Not Found" page, not a
> cert. I had to manually download the certs.
Mine is a legitimate one, but expired 2016-11-12.
I couldn't find the information and creating a new one. The link used to
be inside fas.rpmfusion.org in the account section, but I don't see it.
I tried again: rpmfusion-packager-setup --help
Setting up RPM Fusion packager environment
~/.rpmfusion.cvsuser already exists - skipping
~/.rpmfusion-upload-ca.cert already exists - skipping
~/.rpmfusion-server-ca.cert already exists - skipping
~/.plague-client-rpmfusion.cfg already exists - skipping
Done!
I then guessed to delete the existing ~/.rpmfusion.cert, and ran again:
Setting up RPM Fusion packager environment
~/.rpmfusion.cvsuser already exists - skipping
You need a client certificate from the RPM Fusion Account System
Please download one from https://admin.rpmfusion.org/accounts/user/gencert
Save it to ~/.rpmfusion.cert and re-run this script
OK, that gave me the link and I was able to generate a new one from the
admin.rf .org system.
I saved this with the correct (hidden) name. still failed, new message:
Missing certificate: /home/myusername/.rpmfusion.cert
, because the firefox browser removed the leading . from the name when I
saved it. Renamed using nemo.
Upload now works.
An enhancement could be for rf-packager-setup to use Nicolas command to
check the certificate is legit and within data range, remove/rename the
dead one, and fire the browser to get a new one (or at least warn it has
expired). Shall I make a bug for that ?
Thanks, Dave.
More information about the rpmfusion-developers
mailing list