On Sun, 2017-10-15 at 02:03 +0200, Kevin Kofler wrote:
> Nicolas Chauvet wrote:
> > http://blog.kwizart.fr/post/2017/09/26/169-RPM-Fusion-is-near-10-ye
> > ars-old
> > 
> > FYI, I've setup the new root certificate, if you want to grab it
> > 
> > curl -o ~/.rpmfusion-server-ca.crt
> > https://admin.rpmfusion.org/accounts//rpmfusion-server-ca.cert
> 
> Unfortunately, the error message we get from rfpkg build in this
> situation
> is really unhelpful, it only says:
> > Deprecation warning: kojiconfig is deprecated. Instead, kojiprofile
> > should
> > be used.
> > Certificate is revoked or expired.
> > You might want to run rpmfusion-packager-setup to regenerate SSL
> > certificate. For more info see
> > https://fedoraproject.org/wiki/Using_the_Koji_build_system#Fedora_A
> > ccount_System_.28FAS2.29_Setup
> > Could not execute build: Could not auth with koji. Login failed:
> > [SSL:
> > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
> 
> "Certificate is revoked or expired." crucially does not tell you
> which one.
> I tried regenerating a new user certificate several times with 4
> different
> browsers (QupZilla, Konqueror, Lynx, Firefox) only to realize that
> that was
> not the problem. (So, I am sorry for the several revoked certificates
> that I
> generated today.)


That message is in rpkg not in rfpkg  [1] 

[1]
/usr/lib/python2.7/site-packages/pyrpkg/__init__.py

343: if koji.is_requests_cert_error(e):
344:    self.log.info("Certificate is revoked or expired.") 

> The other messages are also not helpful:
> 
> * rpmfusion-packager-setup does not regenerate certificates at all.
> It can
>   only download the upload-ca and server-ca certificates and output
> the link
>   for how to manually regenerate the user certificate, and it does
> even
>   these things only if a file is actually missing, not if the
> certificate
>   has expired.

yes that is why I proposed : 

rm ~/.rpmfusion-upload-ca.cert ~/.rpmfusion-server-ca.cert
rpmfusion-packager-setup

The howto of client certificate expired is here [2]

[2] 
https://rpmfusion.org/Contributors#If_SSL_certificate_expired


> * The linked Fedora wiki page no longer contains any mention of
> certificates
>   because Fedora switched to Kerberos for authentication.

yeah , maybe we should have an old copy of that page in our wiki ... 

> We really need better error messages in rfpkg.

I would like made the rpmfusion-cert like we have fedora-cert [3] 
unfortunately kwizart didn't like the ideia at the time , maybe I
hadn't explain myself well and also didn't had much time to look at it.
Anyway since koji auth change to Kerberos , fedora-cert stopped to work
[4] 

[3] fedora-cert is a sub package of fedora-packager.src.rpm , 
/usr/bin/fedora-cert 

[4] 
https://bugzilla.redhat.com/show_bug.cgi?id=1412260


Best regards,
-- 
Sérgio M. B.
_______________________________________________
rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org
To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org

Reply via email to