Bananian Linux - Bananian Linux
View Issue Details
0000192Bananian Linux[All Projects] Generalpublic2016-03-02 17:392016-05-14 10:33
mokami 
Nico 
normalminoralways
assignedopen 
 
15.04 
 
0000192: Bananian-update throws ssl-error
Same as https://dev.bananian.org/view.php?id=97 [^]
Run bananian-update
https://www.ssllabs.com/ssltest/analyze.html?d=dl.bananian.org [^] works but takes over two minutes for each server. Is that normal?

provider: COX (USA)
ipv6: no
home network
no proxy

OUTPUT:
cat /etc/bananian_version
150401
root@seshat ~ # date
Wed Mar 2 11:37:19 EST 2016
root@seshat ~ # bananian-update

---------------------------------------------------------------------------------
Welcome to bananian-update!

This script upgrades your Bananian installation.

For news and updates check: http://www.bananian.org [^]

Don't panic, you will be asked to confirm before applying any updates!

---------------------------------------------------------------------------------
receiving/updating public key...

gpg: requesting key 24BFF712 from hkp server keys.gnupg.net
gpg: key 24BFF712: "Nico Isenbeck (Bananian Linux) <download@bananian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

---------------------------------------------------------------------------------
downloading latest upgrade from dl.bananian.org... (this might take a while)

  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html [^]

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html [^]

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

---------------------------------------------------------------------------------
verifying signature...

gpg: can't open `/tmp/tmp.SI6ZKCJ2MP/update.tar.gz.asc'
gpg: verify signatures failed: file open error

invalid signature. exiting!
No tags attached.
Issue History
2016-03-02 17:39mokamiNew Issue
2016-03-03 15:10mokamiNote Added: 0000329
2016-03-11 14:36NicoAssigned To => Nico
2016-03-11 14:36NicoStatusnew => assigned
2016-05-14 10:33NicoNote Added: 0000382

Notes
(0000329)
mokami   
2016-03-03 15:10   
Fixed by updating stale .pem file like this:

cd
wget http://curl.haxx.se/ca/cacert.pem [^]
echo cacert /root/cacert.pem >> ~/.curlrc

Should these be autoupdated in the future?
(0000382)
Nico   
2016-05-14 10:33   
We are not able to reproduce the issue with Bananian 15.04.
Make sure you have "ca-certificates" installed.