On 12/22/11 17:53, David Sechrest wrote:
On Dec 22, 2011, at 5:53 PM, Shawn Walker wrote:
On 12/22/11 17:37, David Sechrest wrote:
Any ideas why this isn't working? Just trying to get to the GA release.
thanks
...
File "/usr/lib/python2.6/vendor-packages/M2Crypto/X509.py", line 639, in
load_cert_bio
raise X509Error(Err.get_error())
X509Error: 1:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:648:Expecting: CERTIFICATE
My guess is that this is due to some early process issues when packages were
first being signed.
If you change your signature-policy to ignore, you may be able to bypass this:
pkg set-property signature-policy ignore
If that's not sufficient, also try:
pkg set-publisher --set-property signature-policy=ignore solaris
Tried both and still getting the same error.
Huh, this is a new one. This suggests that you've got a trust anchor on
your system which we/M2Crypto can't parse. The first thing I'd
appreciate is if you can tar up your /etc/certs/CA directory and send it
my way off list. I'd like to better understand what's going on there.
If you can, the first thing I'd try is using 'pkg fix'. That may cause
the same error that you're seeing now but it's the simplest step to try
first. If that produces the same error...
The next thing to try is this:
First make sure that your signature policy is still set to ignore then...
mkdir /tmp/justaemptydir
pkg set-property trust-anchor-directory=/tmp/justaemptydir
pkg fix -v
Setting the trust-anchor directory to an empty dir should get you around
the issue you're seeing above. I'd be interested to know if pkg fix
changed anything under /etc/certs/CA.
Assuming that this run of pkg fix didn't abort, you should be able to
safely update to build 165.
After you've updated to build 165, you should set your
trust-anchor-directory property back to being /etc/certs/CA.
I've filed bug 19114 for the issue that we traceback at all.
Hth,
Brock
thanks
Dave
After updating, you can then reset those policies to the default.
If I'm completely wrong about this, the above won't help at all.
-Shawn
---
David Sechrest Phone: (408)276-5800
x15800
Systems Management Email: [email protected]
Oracle Corporation
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
