packager ssl issue with rf git push/new-sources/upload
Nicolas Chauvet
kwizart at gmail.com
Tue Nov 15 12:12:06 CET 2016
2016-11-14 21:31 GMT+01:00 David Timms <dtimms at iinet.net.au>:
> On 15/11/16 06:18, Stuart Gathman wrote:
>> On 11/14/2016 07:18 AM, Nicolas Chauvet wrote:
>>> 2016-11-14 12:47 GMT+01:00 David Timms <dtimms at iinet.net.au>:
>>>> Hi, I'm trying to do the above actions with rfpkg and getting error:
>>>> $ rfpkg upload ~/rpmbuild/SOURCES/audacity-zz.tar.gz
>>>> Could not execute new_sources: (58, 'SSL peer rejected your certificate
>>>> as expired.')
>>> The message should have been explicit. It's more about your x509 than
>>> your ssh key:
>>> There is a need to generate a new key periodically (same as fedora).
>>> $ openssl x509 -text -in ~/.rpmfusion.cert -dates -noout
> This shows that it is legit but expired a few days ago.
>
>>> Are you sure to have rpmfusion-packager 0.5.3
> $ rpm -q rpmfusion-packager
> rpmfusion-packager-0.5.3-1.fc24.noarch
>
> and that the content of
>>> ~/.rpmfusion-server-ca.cert looks good ?
> Yes.
>
>> Yeah. In my case, ~/.rpmfusion.cert had an HTML "Not Found" page, not a
>> cert. I had to manually download the certs.
> Mine is a legitimate one, but expired 2016-11-12.
>
> I couldn't find the information and creating a new one. The link used to
> be inside fas.rpmfusion.org in the account section, but I don't see it.
>
> I tried again: rpmfusion-packager-setup --help
> Setting up RPM Fusion packager environment
> ~/.rpmfusion.cvsuser already exists - skipping
> ~/.rpmfusion-upload-ca.cert already exists - skipping
> ~/.rpmfusion-server-ca.cert already exists - skipping
> ~/.plague-client-rpmfusion.cfg already exists - skipping
> Done!
>
> I then guessed to delete the existing ~/.rpmfusion.cert, and ran again:
> Setting up RPM Fusion packager environment
> ~/.rpmfusion.cvsuser already exists - skipping
> You need a client certificate from the RPM Fusion Account System
> Please download one from https://admin.rpmfusion.org/accounts/user/gencert
> Save it to ~/.rpmfusion.cert and re-run this script
>
> OK, that gave me the link and I was able to generate a new one from the
> admin.rf .org system.
>
> I saved this with the correct (hidden) name. still failed, new message:
> Missing certificate: /home/myusername/.rpmfusion.cert
>
> , because the firefox browser removed the leading . from the name when I
> saved it. Renamed using nemo.
>
> Upload now works.
>
> An enhancement could be for rf-packager-setup to use Nicolas command to
> check the certificate is legit and within data range, remove/rename the
> dead one, and fire the browser to get a new one (or at least warn it has
> expired). Shall I make a bug for that ?
You can report and bug, and you can even send a patch ;)
If there is a need to update the doc somewhere, please do so.
It's preferable to use our bugzilla for bugs and github for merge
request if possible.
Best would be to have a look on how it's done in fedora side.
There are too much things to handle in the infra, so I cannot dedicate
time on this topic quite soon.
Right now I'm between f25 GA, dnf/weak-deps in infra, migrating the
wiki and phasing down old hypervisor, so If anyone want to make
improvements in some area, feel free.
ps: your build failed because libmad was't in BR for audacity .
Btw, can you reimport dvbcut in f25+
Thx
--
-
Nicolas (kwizart)
More information about the rpmfusion-developers
mailing list