up2date for testing (with apt/yum/dir repo support)
Barry K. Nathan
barryn at pobox.com
Thu Aug 14 02:27:18 UTC 2003
[root at i5000e root]# up2date -ui
Traceback (most recent call last):
File "/usr/sbin/up2date", line 25, in ?
from up2date_client import repoDirector
File "repoDirector.py", line 12, in ?
File "rhnChannel.py", line 128, in getChannels
File "up2dateAuth.py", line 150, in getLoginInfo
File "up2dateAuth.py", line 112, in login
File "rpcServer.py", line 114, in doCall
File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.2/site-packages/rhn/rpclib.py", line 302, in
_request
verbose=self._verbose
File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 167,
in request
headers, fd = req.send_http(host, handler)
File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 680,
in send_http
headers=self.headers)
File "/usr/lib/python2.2/httplib.py", line 701, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.2/httplib.py", line 723, in _send_request
self.endheaders()
File "/usr/lib/python2.2/httplib.py", line 695, in endheaders
self._send_output()
File "/usr/lib/python2.2/httplib.py", line 581, in _send_output
self.send(msg)
File "/usr/lib/python2.2/httplib.py", line 560, in send
self.sock.sendall(str)
File "/usr/lib/python2.2/site-packages/rhn/SSL.py", line 191, in write
sent = self._connection.send(data)
SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
verify failed')]
I'm using a Current server, but I do think I've stubled upon another
client bug here.
[root at i5000e root]# fgrep -B1 RHNS-CA-CERT /etc/sysconfig/rhn/up2date
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHNS-CA-CERT.rula
So, my SSL cert is in RHNS-CA-CERT.rula, not RHNS-CA-CERT. (If that
filename makes no sense, don't worry about that. The important thing
here is that the filename is not RHNS-CA-CERT.)
This always worked with previous up2date releases in somewhat recent
memory. I had to copy /usr/share/rhn/RHNS-CA-CERT.rula to
/usr/share/rhn/RHNS-CA-CERT before things worked again. I haven't had to
do that since Red Hat 7.x. (What's really new and annoying here is that
if I don't copy the cert over, up2date-config blows up with the same
traceback!)
Another weird quirk: If I delete RHNS-CA-CERT, up2date-config just dies
silently:
[root at i5000e rhn]# up2date-config --nox
[root at i5000e rhn]#
Same goes for up2date itself:
[root at i5000e rhn]# up2date
[root at i5000e rhn]#
I grepped through the up2date 3.9.6 source code once and wasn't able to
find the culprit, but I think I'll try again in a few minutes...
I haven't actually tried to apply updates with the new up2date -- the
most I've done is trying to reregister my machine with my Current 1.4.4
server (that succeeded once I copied over the SSL cert to RHNS-CA-CERT).
Anyway, this is what I've discovered so far...
-Barry K. Nathan <barryn at pobox.com>
More information about the devel
mailing list