Bananian Linux

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000097Bananian Linux[All Projects] Generalpublic2015-01-14 21:512015-03-09 08:45
Reporterhblockx 
Assigned ToNico 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
Product Version 
Target Version15.04Fixed in Version15.04 
Summary0000097: Bananian-update throws ssl-error (wrong date/time)
Descriptionroot@bananapi ~ # bananian-update
---------------------------------------------------------------------------------
Welcome to bananian-update!




This script upgrades your Bananian installation.


For news and updates check: http://www.bananian.org [^]


Don't panic, you will be asked to confirm before applying any updates!




---------------------------------------------------------------------------------
receiving/updating public key...




gpg: requesting key 24BFF712 from hkp server keys.gnupg.net
gpg: key 24BFF712: "Nico Isenbeck (Bananian Linux) <download@bananian.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1


---------------------------------------------------------------------------------
downloading latest upgrade from dl.bananian.org... (this might take a while)




  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html [^]




curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html [^]




curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.




---------------------------------------------------------------------------------
verifying signature...


gpg: can't open `/tmp/tmp.YTd3bp8BzB/update.tar.gz.asc'
gpg: verify signatures failed: file open error
Steps To Reproducejust update
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000146)
Nico (manager)
2015-01-14 22:29

I can't reproduce.

Works some on IPv4 and IPv6.
Please povide us some more details on your network infrastructure.

Are the following commands work:
curl -6 dl.bananian.org
curl -4 dl.bananian.org

SSL seems to be working fine, see:
https://www.ssllabs.com/ssltest/analyze.html?d=dl.bananian.org [^]
(0000147)
hblockx (reporter)
2015-01-14 23:17

they work for me...
(0000148)
Nico (manager)
2015-01-15 06:48

You have to provide some more information then:
- provider?
- IPv6 enabled?
- home or company network?
- proxy?
- if possible, delete all private files, make a image and upload it for testing.

If you need a FTP account, let me know.
(0000150)
Geldaril (reporter)
2015-01-17 22:02

I had the same problem when starting with bananian on my new BPi-R1. The cause is rather simple:

After a startup the clock is not set correctly. I could not figure out why but the ntpd takes a very long time until the local clock is modified.

So when trying the bananian-update right after installation the certs are not (yet) vaild an this error is thrown.

Maybe a good idea is a simple script to set the date/time of the box. Maybe the relase-date of the banian-version could be used as "check if older then --> set to".
(0000151)
Nico (manager)
2015-01-17 22:05

Thank you Geldaril, good explanation and solution. Will be integrated in the next release.
(0000163)
Nico (manager)
2015-03-04 22:42
edited on: 2015-03-04 22:43

fake-hwclock seems to be a program for this:

https://packages.debian.org/wheezy/fake-hwclock [^]

(0000168)
Nico (manager)
2015-03-09 08:45

added fake-hwclock

- Issue History
Date Modified Username Field Change
2015-01-14 21:51 hblockx New Issue
2015-01-14 22:29 Nico Note Added: 0000146
2015-01-14 22:29 Nico Assigned To => Nico
2015-01-14 22:29 Nico Status new => assigned
2015-01-14 23:17 hblockx Note Added: 0000147
2015-01-15 06:48 Nico Note Added: 0000148
2015-01-17 22:02 Geldaril Note Added: 0000150
2015-01-17 22:05 Nico Note Added: 0000151
2015-01-17 22:05 Nico Target Version => 15.04
2015-01-17 22:06 Nico Summary Bananian-update throws ssl-error => Bananian-update throws ssl-error (wrong date/time)
2015-03-04 22:42 Nico Note Added: 0000163
2015-03-04 22:43 Nico Note Edited: 0000163 View Revisions
2015-03-09 08:45 Nico Note Added: 0000168
2015-03-09 08:45 Nico Status assigned => resolved
2015-03-09 08:45 Nico Fixed in Version => 15.04
2015-03-09 08:45 Nico Resolution open => fixed


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker