On Sun, 2017-10-15 at 02:03 +0200, Kevin Kofler wrote:
> Nicolas Chauvet wrote:
> > http://blog.kwizart.fr/post/2017/09/26/169-RPM-Fusion-is-near-10-ye
> > ars-old
> >
> > FYI, I've setup the new root certificate, if you want to grab it
> >
> > curl -o ~/.rpmfusion-server-ca.crt
> > https://admin.rpmfusion.org/accounts//rpmfusion-server-ca.cert
>
> Unfortunately, the error message we get from rfpkg build in this
> situation
> is really unhelpful, it only says:
> > Deprecation warning: kojiconfig is deprecated. Instead, kojiprofile
> > should
> > be used.
> > Certificate is revoked or expired.
> > You might want to run rpmfusion-packager-setup to regenerate SSL
> > certificate. For more info see
> > https://fedoraproject.org/wiki/Using_the_Koji_build_system#Fedora_A
> > ccount_System_.28FAS2.29_Setup
> > Could not execute build: Could not auth with koji. Login failed:
> > [SSL:
> > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
>
> "Certificate is revoked or expired." crucially does not tell you
> which one.
> I tried regenerating a new user certificate several times with 4
> different
> browsers (QupZilla, Konqueror, Lynx, Firefox) only to realize that
> that was
> not the problem. (So, I am sorry for the several revoked certificates
> that I
> generated today.)
That message is in rpkg not in rfpkg [1]
[1]
/usr/lib/python2.7/site-packages/pyrpkg/__init__.py
343: if koji.is_requests_cert_error(e):
344: self.log.info("Certificate is revoked or expired.")
> The other messages are also not helpful:
>
> * rpmfusion-packager-setup does not regenerate certificates at all.
> It can
> only download the upload-ca and server-ca certificates and output
> the link
> for how to manually regenerate the user certificate, and it does
> even
> these things only if a file is actually missing, not if the
> certificate
> has expired.
yes that is why I proposed :
rm ~/.rpmfusion-upload-ca.cert ~/.rpmfusion-server-ca.cert
rpmfusion-packager-setup
The howto of client certificate expired is here [2]
[2]
https://rpmfusion.org/Contributors#If_SSL_certificate_expired
> * The linked Fedora wiki page no longer contains any mention of
> certificates
> because Fedora switched to Kerberos for authentication.
yeah , maybe we should have an old copy of that page in our wiki ...
> We really need better error messages in rfpkg.
I would like made the rpmfusion-cert like we have fedora-cert [3]
unfortunately kwizart didn't like the ideia at the time , maybe I
hadn't explain myself well and also didn't had much time to look at it.
Anyway since koji auth change to Kerberos , fedora-cert stopped to work
[4]
[3] fedora-cert is a sub package of fedora-packager.src.rpm ,
/usr/bin/fedora-cert
[4]
https://bugzilla.redhat.com/show_bug.cgi?id=1412260
Best regards,
--
Sérgio M. B.
_______________________________________________
rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org
To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
