On November 11, 2016 11:10:42 AM CST, John Burrell <[email protected]> wrote: >When installing the CA Certificates from scratch, I get: > >'make-ca.sh' -> '/usr/bin/make-ca.sh' >/bin/install: creating directory '/etc/ssl/java' >/bin/install: creating directory '/etc/ssl/local' >cp: cannot stat '/etc/ssl/ca-bundle.crt': No such file or directory >/tmp/tmp.io5YmbUkEq ~ >SHA256 of old file: 0 >Downloading certdata.txt ... >Get certdata with curl! >% Total % Received % Xferd Average Speed Time Time Time >Current > Dload Upload Total Spent Left Speed >0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0 >curl: (77) error setting certificate verify locations: > CAfile: /etc/ssl/ca-bundle.crt > CApath: none >Failed downloading via HTTPS with curl >Falling back to HTTP >URLs other than HTTPS are disabled by default, to enable use -k >/bin/install: creating directory 'certs' >grep: ca-bundle.crt: No such file or directory >grep: ca-bundle.crt: No such file or directory >ls: cannot access 'certs/*': No such file or directory >Error! Only 0 certificates were generated! >Exiting without update! > >As you can see, I don't have a ca-bundle.crt file before running the >script. >(BTW, /etc/ssl/certs is already installed by openssl) > >I'm running the script in chroot and I'm also using a proxy server on >the host. >I've set up the http_proxy and https_proxy variables like so: > >ipadd=$( /usr/bin/ip addr | grep 192 | awk '{print $2}' | awk -F\/ >'{print $1}' ) >proxyset=http://${ipadd}:3128/ >http_proxy=$proxyset >ftp_proxy=$proxyset >https_proxy=$proxyset >wgetopts="-e http_proxy=$http_proxy -e ftp_proxy=$ftp_proxy -e >https_proxy=$https_proxy" > >I pass wgetopts to wget, which works fine. Do I need to pass wgetopts >to curl in the make-ca.sh script in order to download certdata.txt? Is >this the reason the download failed?
Yes, curl has no way of knowing the proxy info unless you tell it. That script is getting replaced this weekend. You should be able to use the script linked from the "take 3" thread in my home directory. There are a couple of minor issues that prevent me from putting it into the book right this second, but it is functional if you already have a copy of certdata.txt handy (use the nightly one from Anduin). --DJ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
