On Sun, 2017-10-15 at 02:03 +0200, Kevin Kofler wrote: > Nicolas Chauvet wrote: > > http://blog.kwizart.fr/post/2017/09/26/169-RPM-Fusion-is-near-10-ye > > ars-old > > > > FYI, I've setup the new root certificate, if you want to grab it > > > > curl -o ~/.rpmfusion-server-ca.crt > > https://admin.rpmfusion.org/accounts//rpmfusion-server-ca.cert > > Unfortunately, the error message we get from rfpkg build in this > situation > is really unhelpful, it only says: > > Deprecation warning: kojiconfig is deprecated. Instead, kojiprofile > > should > > be used. > > Certificate is revoked or expired. > > You might want to run rpmfusion-packager-setup to regenerate SSL > > certificate. For more info see > > https://fedoraproject.org/wiki/Using_the_Koji_build_system#Fedora_A > > ccount_System_.28FAS2.29_Setup > > Could not execute build: Could not auth with koji. Login failed: > > [SSL: > > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) > > "Certificate is revoked or expired." crucially does not tell you > which one. > I tried regenerating a new user certificate several times with 4 > different > browsers (QupZilla, Konqueror, Lynx, Firefox) only to realize that > that was > not the problem. (So, I am sorry for the several revoked certificates > that I > generated today.)
That message is in rpkg not in rfpkg [1] [1] /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 343: if koji.is_requests_cert_error(e): 344: self.log.info("Certificate is revoked or expired.") > The other messages are also not helpful: > > * rpmfusion-packager-setup does not regenerate certificates at all. > It can > only download the upload-ca and server-ca certificates and output > the link > for how to manually regenerate the user certificate, and it does > even > these things only if a file is actually missing, not if the > certificate > has expired. yes that is why I proposed : rm ~/.rpmfusion-upload-ca.cert ~/.rpmfusion-server-ca.cert rpmfusion-packager-setup The howto of client certificate expired is here [2] [2] https://rpmfusion.org/Contributors#If_SSL_certificate_expired > * The linked Fedora wiki page no longer contains any mention of > certificates > because Fedora switched to Kerberos for authentication. yeah , maybe we should have an old copy of that page in our wiki ... > We really need better error messages in rfpkg. I would like made the rpmfusion-cert like we have fedora-cert [3] unfortunately kwizart didn't like the ideia at the time , maybe I hadn't explain myself well and also didn't had much time to look at it. Anyway since koji auth change to Kerberos , fedora-cert stopped to work [4] [3] fedora-cert is a sub package of fedora-packager.src.rpm , /usr/bin/fedora-cert [4] https://bugzilla.redhat.com/show_bug.cgi?id=1412260 Best regards, -- Sérgio M. B. _______________________________________________ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org