Re: "make upload" broke in Aug 28th rawhide?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tomas Mraz wrote:

On Fri, 2007-08-31 at 11:15 +0200, Tomas Mraz wrote:

On Fri, 2007-08-31 at 07:15 +0200, Jindrich Novy wrote:

Hi,

On Wed, Aug 29, 2007 at 12:07:21AM +0200, Michael Schwendt wrote:

On Tue, 28 Aug 2007 17:55:17 -0400, Warren Togami wrote:
This afternoon I was attempting to diagnose why clumens' attempts to upload new source tarballs were failing, while it continued to work on my machine and nobody else was complaining. Didn't have time to isolate what exactly broke it, and I don't have a local rawhide install here to do so quickly. Can somebody figure out what changed? 
Uploads are still done with "curl" afaik. So:

* Tue Aug 28 2007 Jindrich Novy <jnovy@xxxxxxxxxx> 7.16.4-3
- don't use openssl, use nss instead


Yes, it's likely caused by the openssl -> nss switch, more at rhbz#266021.

See also workaround in
https://bugzilla.redhat.com/show_bug.cgi?id=266021#c3 which requires
some changes to the Makefile though.

And the changes are here - supposed that the NSS cert db is in ~/.nss,
the cert nickname is Fedora and the NSS cert db password is not password
protected.

Index: Makefile.common
===================================================================
RCS file: /cvs/pkgs/common/Makefile.common,v
retrieving revision 1.73
diff -u -r1.73 Makefile.common
--- Makefile.common     24 Jul 2007 17:10:44 -0000      1.73
+++ Makefile.common     31 Aug 2007 09:25:22 -0000
@@ -192,7 +192,7 @@
# we hardwire curl in here because the upload rules are very dependent 
 # on curl's behavior on missing pages, ISEs, etc.
-UPLOAD_CERT       = $(shell if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi)
+UPLOAD_CERT       = $(shell if test -d $(HOME)/.nss ; then echo " --cert Fedora --cacert $(HOME)/.nss" ; else if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi ; fi)
 UPLOAD_CHECK      = curl -k $(UPLOAD_CERT) --fail --silent
 UPLOAD_CLIENT     = curl -k $(UPLOAD_CERT) --fail --show-error --progress-bar
We'll have the pem loading working shortly. We had it in nss_compat_ossl, but it didn't get included in curl.
Longer term we should put the cert in the NSS db as tomas's patch show, that way more than just curl can access the certificate. 

bob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux