"make upload" broke in Aug 28th rawhide?

Robert Relyea rrelyea at redhat.com
Fri Aug 31 18:18:49 UTC 2007 

Tomas Mraz wrote:
> On Fri, 2007-08-31 at 11:15 +0200, Tomas Mraz wrote:
>   
>> On Fri, 2007-08-31 at 07:15 +0200, Jindrich Novy wrote:
>>     
>>> Hi,
>>>
>>> On Wed, Aug 29, 2007 at 12:07:21AM +0200, Michael Schwendt wrote:
>>>       
>>>> On Tue, 28 Aug 2007 17:55:17 -0400, Warren Togami wrote:
>>>>
>>>>         
>>>>> This afternoon I was attempting to diagnose why clumens' attempts to 
>>>>> upload new source tarballs were failing, while it continued to work on 
>>>>> my machine and nobody else was complaining.
>>>>>           
>>>>> Didn't have time to isolate what exactly broke it, and I don't have a 
>>>>> local rawhide install here to do so quickly.  Can somebody figure out 
>>>>> what changed?
>>>>>           
>>>> Uploads are still done with "curl" afaik. So:
>>>>
>>>> * Tue Aug 28 2007 Jindrich Novy <jnovy at redhat.com> 7.16.4-3
>>>> - don't use openssl, use nss instead
>>>>
>>>>         
>>> Yes, it's likely caused by the openssl -> nss switch, more at rhbz#266021.
>>>       
>> See also workaround in
>> https://bugzilla.redhat.com/show_bug.cgi?id=266021#c3 which requires
>> some changes to the Makefile though.
>>     
> And the changes are here - supposed that the NSS cert db is in ~/.nss,
> the cert nickname is Fedora and the NSS cert db password is not password
> protected.
>
> Index: Makefile.common
> ===================================================================
> RCS file: /cvs/pkgs/common/Makefile.common,v
> retrieving revision 1.73
> diff -u -r1.73 Makefile.common
> --- Makefile.common     24 Jul 2007 17:10:44 -0000      1.73
> +++ Makefile.common     31 Aug 2007 09:25:22 -0000
> @@ -192,7 +192,7 @@
>  
>  # we hardwire curl in here because the upload rules are very dependent
>  # on curl's behavior on missing pages, ISEs, etc.
> -UPLOAD_CERT       = $(shell if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi)
> +UPLOAD_CERT       = $(shell if test -d $(HOME)/.nss ; then echo " --cert Fedora --cacert $(HOME)/.nss" ; else if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi ; fi)
>  UPLOAD_CHECK      = curl -k $(UPLOAD_CERT) --fail --silent
>  UPLOAD_CLIENT     = curl -k $(UPLOAD_CERT) --fail --show-error --progress-bar
>
>   
We'll have the pem loading working shortly. We had it in 
nss_compat_ossl, but it didn't get included in curl.

 Longer term we should put the cert in the NSS db as tomas's patch show, 
that way more than just curl can access the certificate.

bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3420 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070831/85446af3/attachment.bin>

More information about the fedora-devel-list mailing list