[EPEL-devel] Re: Problems with yum update

2020-07-16 Thread warron.french 
Hello Kevin, I did as you suggested and a statement indicated it would be
good to reboot was displayed, so I did reboot.

After that my generic *yum update* did work.
Then I tried to install EPEL Repo again:
[root@wsf-owt-dev001:yum.repos.d]# yum install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Last metadata expiration check: 4:20:17 ago on Thu 16 Jul 2020 03:35:37 PM
EDT.
[MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer
certificate cannot be authenticated with given CA certificates for
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL
certificate problem: EE certificate key too weak]
[MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer
certificate cannot be authenticated with given CA certificates for
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL
certificate problem: EE certificate key too weak]
[MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer
certificate cannot be authenticated with given CA certificates for
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL
certificate problem: EE certificate key too weak]
[MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer
certificate cannot be authenticated with given CA certificates for
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL
certificate problem: EE certificate key too weak]
[FAILED] epel-release-latest-8.noarch.rpm: Curl error (60): Peer
certificate cannot be authenticated with given CA certificates for
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL
certificate problem: EE certificate key too weak]
Curl error (60): Peer certificate cannot be authenticated with given CA
certificates for
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL
certificate problem: EE certificate key too weak]



--
Warron French



On Thu, Jul 16, 2020 at 5:39 PM Kevin Fenzi  wrote:

> On Thu, Jul 16, 2020 at 04:29:08PM -0400, warron.french wrote:
> > Actually the file indicates DEFAULT already.
>
> Odd. Thats the only time I have seen any errors like those.
>
> YOu might try a sudo update-crypto-policies --set DEFAULT
> and see if it helps anyhow.
>
> kevin
> --
> >
> > --
> > Warron French
> >
> >
> >
> > On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi  wrote:
> >
> > > On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
> > > > I work in a lab environment that has a proxy somewhere on the
> network.
> > > >
> > > > I have my VMware VM running CentOS8 and have installed the
> > > > epel-latest-release package.
> > > snip...
> > > >
> > > > I don't know what to do to fix this.  Can someone please explain
> what the
> > > > problem is on a high level and then what to do about it so that I can
> > > learn
> > > > from this?
> > >
> > > What does:
> > >
> > > cat /etc/crypto-policies/state/current
> > >
> > > show?
> > >
> > > If it's FUTURE, thats the problem. You can do back to default with:
> > >
> > > sudo update-crypto-policies --set DEFAULT
> > >
> > > kevin
> > > ___
> > > epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> > > To unsubscribe send an email to
> epel-devel-le...@lists.fedoraproject.org
> > > Fedora Code of Conduct:
> > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> > >
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
> > >
>
> > ___
> > epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
>
> ___
> epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
>
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:

[EPEL-devel] Re: Problems with yum update

2020-07-16 Thread Orion Poplawski 

On 7/16/20 1:59 PM, warron.french wrote:

I work in a lab environment that has a proxy somewhere on the network.

I have my VMware VM running CentOS8 and have installed the 
epel-latest-release package.


When I execute a generic *yum update *I run into problems.  They are here:
[root@wsf-owt-dev001:yum.repos.d]# yum update Extra Packages for 
Enterprise Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01 Errors 
during downloading metadata for repository 'epel-playground': - Curl 
error (60): Peer certificate cannot be authenticated with given CA 
certificates for 
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos 
[SSL certificate problem: EE certificate key too weak] Error: Failed to 
download metadata for repo 'epel-playground': Cannot prepare internal 
mirrorlist: Curl error (60): Peer certificate cannot be authenticated 
with given CA certificates for 
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos 
[SSL certificate problem: EE certificate key too weak]


I see the curl error, so I try a curl command and also run into problems:
[root@wsf-owt-dev001:yum.repos.d]# curl -v 
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos 
[1] 683465 [2] 683466 [3] 683467 [root@wsf-owt-dev001:yum.repos.d]# * 
Uses proxy env variable https_proxy == 'http://214.3.129.49:80' * Trying 
214.3.129.49... * TCP_NODELAY set * Connected to 214.3.129.49 
(214.3.129.49) port 80 (#0) * allocate connect buffer! * Establish HTTP 
proxy tunnel to mirrors.fedoraproject.org:443 
 > CONNECT 
mirrors.fedoraproject.org:443  
HTTP/1.1 > Host: mirrors.fedoraproject.org:443 
 > User-Agent: curl/7.61.1 > 
Proxy-Connection: Keep-Alive > < HTTP/1.0 200 Connection established < * 
Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, 
offering h2 * ALPN, offering http/1.1 * successfully set certificate 
verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: 
none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CONNECT phase 
completed! * CONNECT phase completed! * TLSv1.3 (IN), TLS handshake, 
Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * 
TLSv1.2 (OUT), TLS alert, bad certificate (554): * SSL certificate 
problem: EE certificate key too weak * Closing connection 0 curl: (60) 
SSL certificate problem: EE certificate key too weak More details here: 
https://curl.haxx.se/docs/sslcerts.html curl failed to verify the 
legitimacy of the server and therefore could not establish a secure 
connection to it. To learn more about this situation and how to fix it, 
please visit the web page mentioned above. [1] Exit 60 curl -v 
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8 [2]- 
Done arch=x86_64 [3]+ Done infra=stock


I don't know what to do to fix this.  Can someone please explain what 
the problem is on a high level and then what to do about it so that I 
can learn from this?


What's the output of:

curl --trace-ascii - 
'https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos'



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/



smime.p7s
Description: S/MIME Cryptographic Signature
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org

[EPEL-devel] Re: Problems with yum update

2020-07-16 Thread Kevin Fenzi 
On Thu, Jul 16, 2020 at 04:29:08PM -0400, warron.french wrote:
> Actually the file indicates DEFAULT already.

Odd. Thats the only time I have seen any errors like those. 

YOu might try a sudo update-crypto-policies --set DEFAULT
and see if it helps anyhow.

kevin
--
> 
> --
> Warron French
> 
> 
> 
> On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi  wrote:
> 
> > On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
> > > I work in a lab environment that has a proxy somewhere on the network.
> > >
> > > I have my VMware VM running CentOS8 and have installed the
> > > epel-latest-release package.
> > snip...
> > >
> > > I don't know what to do to fix this.  Can someone please explain what the
> > > problem is on a high level and then what to do about it so that I can
> > learn
> > > from this?
> >
> > What does:
> >
> > cat /etc/crypto-policies/state/current
> >
> > show?
> >
> > If it's FUTURE, thats the problem. You can do back to default with:
> >
> > sudo update-crypto-policies --set DEFAULT
> >
> > kevin
> > ___
> > epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
> >

> ___
> epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org



signature.asc
Description: PGP signature
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org

[EPEL-devel] Re: Problems with yum update

2020-07-16 Thread warron.french 
Actually the file indicates DEFAULT already.

--
Warron French



On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi  wrote:

> On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
> > I work in a lab environment that has a proxy somewhere on the network.
> >
> > I have my VMware VM running CentOS8 and have installed the
> > epel-latest-release package.
> snip...
> >
> > I don't know what to do to fix this.  Can someone please explain what the
> > problem is on a high level and then what to do about it so that I can
> learn
> > from this?
>
> What does:
>
> cat /etc/crypto-policies/state/current
>
> show?
>
> If it's FUTURE, thats the problem. You can do back to default with:
>
> sudo update-crypto-policies --set DEFAULT
>
> kevin
> ___
> epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
>
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org

[EPEL-devel] Re: Problems with yum update

2020-07-16 Thread Kevin Fenzi 
On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
> I work in a lab environment that has a proxy somewhere on the network.
> 
> I have my VMware VM running CentOS8 and have installed the
> epel-latest-release package.
snip...
> 
> I don't know what to do to fix this.  Can someone please explain what the
> problem is on a high level and then what to do about it so that I can learn
> from this?

What does: 

cat /etc/crypto-policies/state/current

show?

If it's FUTURE, thats the problem. You can do back to default with: 

sudo update-crypto-policies --set DEFAULT

kevin


signature.asc
Description: PGP signature
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org