up2date for testing (with apt/yum/dir repo support)

Barry K. Nathan barryn at pobox.com
Thu Aug 14 02:27:18 UTC 2003 

[root at i5000e root]# up2date -ui
Traceback (most recent call last):
  File "/usr/sbin/up2date", line 25, in ?
    from up2date_client import repoDirector
  File "repoDirector.py", line 12, in ?
  File "rhnChannel.py", line 128, in getChannels
  File "up2dateAuth.py", line 150, in getLoginInfo
  File "up2dateAuth.py", line 112, in login
  File "rpcServer.py", line 114, in doCall
  File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.2/site-packages/rhn/rpclib.py", line 302, in
_request
    verbose=self._verbose
  File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 167,
in request
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 680,
in send_http
    headers=self.headers)
  File "/usr/lib/python2.2/httplib.py", line 701, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.2/httplib.py", line 723, in _send_request
    self.endheaders()
  File "/usr/lib/python2.2/httplib.py", line 695, in endheaders
    self._send_output()
  File "/usr/lib/python2.2/httplib.py", line 581, in _send_output
    self.send(msg)
  File "/usr/lib/python2.2/httplib.py", line 560, in send
    self.sock.sendall(str)
  File "/usr/lib/python2.2/site-packages/rhn/SSL.py", line 191, in write
    sent = self._connection.send(data)
SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
verify failed')]

I'm using a Current server, but I do think I've stubled upon another
client bug here.

[root at i5000e root]# fgrep -B1 RHNS-CA-CERT /etc/sysconfig/rhn/up2date
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHNS-CA-CERT.rula

So, my SSL cert is in RHNS-CA-CERT.rula, not RHNS-CA-CERT. (If that
filename makes no sense, don't worry about that. The important thing
here is that the filename is not RHNS-CA-CERT.)

This always worked with previous up2date releases in somewhat recent
memory. I had to copy /usr/share/rhn/RHNS-CA-CERT.rula to
/usr/share/rhn/RHNS-CA-CERT before things worked again. I haven't had to
do that since Red Hat 7.x. (What's really new and annoying here is that
if I don't copy the cert over, up2date-config blows up with the same
traceback!)

Another weird quirk: If I delete RHNS-CA-CERT, up2date-config just dies
silently:

[root at i5000e rhn]# up2date-config --nox
[root at i5000e rhn]#

Same goes for up2date itself:
[root at i5000e rhn]# up2date
[root at i5000e rhn]#

I grepped through the up2date 3.9.6 source code once and wasn't able to
find the culprit, but I think I'll try again in a few minutes...

I haven't actually tried to apply updates with the new up2date -- the
most I've done is trying to reregister my machine with my Current 1.4.4
server (that succeeded once I copied over the SSL cert to RHNS-CA-CERT).
Anyway, this is what I've discovered so far...

-Barry K. Nathan <barryn at pobox.com>

More information about the devel mailing list