On 2/22/2019 8:14 PM, Ken Moffat via blfs-support wrote:
> On Thu, Feb 21, 2019 at 11:42:58PM +0000, Ken Moffat via blfs-support
> wrote:
>> On Thu, Feb 21, 2019 at 11:46:23AM +0000, Ken Moffat via blfs-support
>> wrote:
>>> I was coming towards the end of a test build of 8.4-rc1, installing
>>> a few essential packages before trying to build. And then make-ca
>>> failed.
>> Well, that was a major misdiagnosis of *where* it was failing. I
>> tried adding ' || true' after invoking make-ca, and discovered it
>> didn't get that far.
> Unfortunately, my build is still broken. I've just ripped out:
> /etc/pki/ /usr/sbin/make-ca /etc/make-ca.conf.dist and /etc/ssl/local
> and rebuilt make-ca, followed by installing recent mozilla
> certificates. The output from make-ca is voluminous, I am guessing
> that the approximately 8 certs it is unable to load are probably
> expired or not from a trusted authority and nothing much to worry
> about. But none of the certs get extracted. At this point I don't have
> any of gnutls, nss, java - this is a server build, I've never needed
> them but I would like https: to work in e.g. links and perhaps wget or
> curl. unable to load certificate 140497972445696:error:0909006C:PEM
> routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting:
> TRUSTED CERTIFICATE Added to p11-kit anchor directory with trust ',,'.
Okay, so the bit of code that extracts the text and octal data from
cacerts.txt are on lines 589-599. Lines 601-610 are what converts them
to PEM files. awk, grep, printf, and openssl are the commands used.
This error implies that the cert isn't extracted from the certdata.txt
file correctly.
Do this... replace line 849 (rm -rf "${TEMPDIR}") with echo ${TEMPDIR}
instead and lets see what's in there.
${TEMPDIR}/certs should contain all of the extracted mozilla format files
These files should begin with '#Certificate "Name"' and be readable, but
I suspect not. If not, then make sure the downloaded
$TEMPDIR/work/certdata.txt looks sane, should begin with a mecurial
revision number.
${TEMPDIR}/pki/anchors should contain a bunch of pem files ini style
layout, first line should be '[p11-kit-object-v1]'.
Let's see where we are after that.
--DJ
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
