[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: "make upload" broke in Aug 28th rawhide?

Tomas Mraz wrote:
On Fri, 2007-08-31 at 11:15 +0200, Tomas Mraz wrote:
On Fri, 2007-08-31 at 07:15 +0200, Jindrich Novy wrote:

On Wed, Aug 29, 2007 at 12:07:21AM +0200, Michael Schwendt wrote:
On Tue, 28 Aug 2007 17:55:17 -0400, Warren Togami wrote:

This afternoon I was attempting to diagnose why clumens' attempts to upload new source tarballs were failing, while it continued to work on my machine and nobody else was complaining. Didn't have time to isolate what exactly broke it, and I don't have a local rawhide install here to do so quickly. Can somebody figure out what changed?
Uploads are still done with "curl" afaik. So:

* Tue Aug 28 2007 Jindrich Novy <jnovy redhat com> 7.16.4-3
- don't use openssl, use nss instead

Yes, it's likely caused by the openssl -> nss switch, more at rhbz#266021.
See also workaround in
https://bugzilla.redhat.com/show_bug.cgi?id=266021#c3 which requires
some changes to the Makefile though.
And the changes are here - supposed that the NSS cert db is in ~/.nss,
the cert nickname is Fedora and the NSS cert db password is not password

Index: Makefile.common
RCS file: /cvs/pkgs/common/Makefile.common,v
retrieving revision 1.73
diff -u -r1.73 Makefile.common
--- Makefile.common     24 Jul 2007 17:10:44 -0000      1.73
+++ Makefile.common     31 Aug 2007 09:25:22 -0000
@@ -192,7 +192,7 @@
# we hardwire curl in here because the upload rules are very dependent
 # on curl's behavior on missing pages, ISEs, etc.
-UPLOAD_CERT       = $(shell if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi)
+UPLOAD_CERT       = $(shell if test -d $(HOME)/.nss ; then echo " --cert Fedora --cacert $(HOME)/.nss" ; else if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi ; fi)
 UPLOAD_CHECK      = curl -k $(UPLOAD_CERT) --fail --silent
 UPLOAD_CLIENT     = curl -k $(UPLOAD_CERT) --fail --show-error --progress-bar

We'll have the pem loading working shortly. We had it in nss_compat_ossl, but it didn't get included in curl.

Longer term we should put the cert in the NSS db as tomas's patch show, that way more than just curl can access the certificate.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]