On January 5, 2017 11:10:06 PM GMT+01:00, Alexander Hall <alexan...@beard.se>
wrote:
>What's the point of installing over https if you don't care about
>validating the cert?
Oh, I read too fast. Please disregard.
/Alexander
>
>On January 5, 2017 12:24:11 PM GMT+01:00, RD Thrush
><open...@st.thrush.com> wrote:
>>Rather than add load to the OpenBSD snapshot servers, for years I
>>download a snapshot to a local netgear nas server. With the recent
>>https changes, I'm no longer able to install from that server. I've
>>appended a console log of a failed install attempt.
>>
>>Per src/distrib/miniroot/install.sub v1.940, I added the recommended
>>question to the response file, ie.
>>Unable to connect using https. Use http instead = yes
>>
>>However, the "ftp: SSL write error: certificate verification failed:
>>self signed certificate" message causes the install to abort.
>>
>>Here's the patch I used to account for the self signed certificate:
>>Index: install.sub
>>===================================================================
>>RCS file: /cvs/src/distrib/miniroot/install.sub,v
>>retrieving revision 1.942
>>diff -u -p -u -p -r1.942 install.sub
>>--- install.sub 4 Jan 2017 13:47:29 -0000 1.942
>>+++ install.sub 5 Jan 2017 11:12:32 -0000
>>@@ -1578,7 +1578,7 @@ install_http() {
>>
>> # Consider the https connect failed either if it was refused by
>> # the server, or it took longer than -w sec (exit code 2).
>>- if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] ) ||
>>+ if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] ||
>>[[
>>$_err == *'self signed'* ]] ) ||
>> (($_rc == 2)); then
>> ask_yn "Unable to connect using https. Use http
>> instead?" ||
>> return
>>
>>
>>######## serial console #########
>>>> OpenBSD/amd64 BOOT 3.33
>>Disk BIOS# Type Cyls Heads Secs Flags Checksum
>>hd0 0x80 label 1023 255 63 0x2 0xdce59776
>>hd1 0x81 label 1023 255 63 0x2 0x2db005d6
>>Region 0: type 1 at 0x0 for 639KB
>>Region 1: type 2 at 0x9fc00 for 1KB
>>Region 2: type 2 at 0xf0000 for 64KB
>>Region 3: type 1 at 0x100000 for 2096000KB
>>Region 4: type 2 at 0x7ffe0000 for 128KB
>>Region 5: type 2 at 0xfeffc000 for 16KB
>>Region 6: type 2 at 0xfffc0000 for 256KB
>>Low ram: 639KB High ram: 2096000KB
>>Total free memory: 2096639KB
>>boot>
>>booting hd0a:bsd.rd.new: 3396680+1430528+3876632+0+606208
>>[72+431976+281240]=0x9914c8
>>entry point at 0x1001000 [7205c766, 34000004, 24448b12, 3550a304]
>>Copyright (c) 1982, 1986, 1989, 1991, 1993
>> The Regents of the University of California. All rights reserved.
>>Copyright (c) 1995-2017 OpenBSD. All rights reserved.
>>https://www.OpenBSD.org
>>
>>OpenBSD 6.0-current (RAMDISK_CD) #103: Wed Jan 4 21:48:20 MST 2017
>> bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
>>real mem = 2130575360 (2031MB)
>>avail mem = 2062315520 (1966MB)
>>mainbus0 at root
>>bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf0cd0 (9 entries)
>>bios0: vendor SeaBIOS version
>>"rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org" date
>>04/01/2014
>>bios0: QEMU Standard PC (i440FX + PIIX, 1996)
>>acpi0 at bios0: rev 0
>>acpi0: tables DSDT FACP SSDT APIC HPET
>>acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
>>cpu0 at mainbus0: apid 0 (boot processor)
>>cpu0: Common KVM processor, 3400.46 MHz
>>cpu0:
>>FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF
>>cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
>>64b/line 16-way L2 cache
>>cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries
>direct-mapped
>>cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries
>direct-mapped
>>cpu0: apic clock running at 1000MHz
>>cpu at mainbus0: not configured
>>ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
>>acpiprt0 at acpi0: bus 0 (PCI0)
>>acpicpu at acpi0 not configured
>>"ACPI0006" at acpi0 not configured
>>"PNP0303" at acpi0 not configured
>>"PNP0F13" at acpi0 not configured
>>"PNP0700" at acpi0 not configured
>>"PNP0501" at acpi0 not configured
>>"PNP0A06" at acpi0 not configured
>>"ACPI0007" at acpi0 not configured
>>"ACPI0007" at acpi0 not configured
>>pvbus0 at mainbus0: KVM
>>pci0 at mainbus0 bus 0
>>pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
>>"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
>>pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
>>channel 0 wired to compatibility, channel 1 wired to compatibility
>>pciide0: channel 0 disabled (no drives)
>>atapiscsi0 at pciide0 channel 1 drive 0
>>scsibus0 at atapiscsi0: 2 targets
>>cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom
>>removable
>>cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
>>uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0
>int
>>11
>>"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
>>vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
>>vga1: aperture needed
>>wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
>>virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00
>>virtio0: no matching child driver; not configured
>>virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00
>>vioblk0 at virtio1
>>scsibus1 at vioblk0: 2 targets
>>sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct
>>fixed
>>sd0: 32768MB, 512 bytes/sector, 67108864 sectors
>>virtio1: msix shared
>>virtio2 at pci0 dev 11 function 0 "Qumranet Virtio Storage" rev 0x00
>>vioblk1 at virtio2
>>scsibus2 at vioblk1: 2 targets
>>sd1 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct
>>fixed
>>sd1: 51200MB, 512 bytes/sector, 104857600 sectors
>>virtio2: msix shared
>>virtio3 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00
>>vio0 at virtio3: address 8a:2e:d1:64:f7:6b
>>virtio3: msix shared
>>usb0 at uhci0: USB revision 1.0
>>uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
>>1.00/1.00 addr 1
>>isa0 at mainbus0
>>com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>>com0: console
>>pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>>pckbd0 at pckbc0 (kbd slot)
>>wskbd0 at pckbd0: console keyboard, using wsdisplay1
>>uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB
>>Tablet" rev 2.00/0.00 addr 2
>>uhidev0: iclass 3/0
>>uhid at uhidev0 not configured
>>softraid0 at root
>>scsibus3 at softraid0: 256 targets
>>root on rd0a swap on rd0b dump on rd0b
>>erase ^?, werase ^W, kill ^U, intr ^C, status ^T
>>
>>Welcome to the OpenBSD/amd64 6.0 installation program.
>>(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? a
>>DHCPDISCOVER on vio0 - interval 1
>>DHCPOFFER from 10.1.2.1 (00:08:a2:0a:73:bd)
>>DHCPREQUEST on vio0 to 255.255.255.255
>>DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd)
>>bound to 10.1.2.7 -- renewal in 302400 seconds.
>>Fetching
>>http://tarpit/config/openbsd/amd64/8a:2e:d1:64:f7:6b-upgrade.conf?path=snapshots/amd64
>>Fetching
>>http://tarpit/config/openbsd/amd64/obsd64-upgrade.conf?path=snapshots/amd64
>>Performing non-interactive upgrade...
>>Terminal type? [vt220] vt220
>>Available disks are: sd0 sd1.
>>Which disk is the root disk? ('?' for details) [sd0] sd0
>>Checking root filesystem (fsck -fp /dev/sd0a)...OK.
>>Mounting root filesystem (mount -o ro /dev/sd0a /mnt)...OK.
>>DHCPREQUEST on vio0 to 255.255.255.255
>>DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd)
>>bound to 10.1.2.7 -- renewal in 302400 seconds.
>>Force checking of clean non-root filesystems? [no] no
>>fsck -p 8f3e304cddb66a7a.g...OK.
>>fsck -p 8f3e304cddb66a7a.f...OK.
>>fsck -p 8f3e304cddb66a7a.l...OK.
>>fsck -p c1a908809de1d866.o...OK.
>>fsck -p 8f3e304cddb66a7a.e...OK.
>>/dev/sd0a (8f3e304cddb66a7a.a) on /mnt type ffs (rw, local)
>>/dev/sd0g (8f3e304cddb66a7a.g) on /mnt/home type ffs (rw, local,
>nodev,
>>nosuid)
>>/dev/sd0f (8f3e304cddb66a7a.f) on /mnt/usr type ffs (rw, local, nodev)
>>/dev/sd0l (8f3e304cddb66a7a.l) on /mnt/usr/local type ffs (rw, local,
>>nodev, wxallowed)
>>/dev/sd1o (c1a908809de1d866.o) on /mnt/usr/obj type ffs (rw,
>>asynchronous, local, nodev, nosuid)
>>/dev/sd0e (8f3e304cddb66a7a.e) on /mnt/var type ffs (rw, local, nodev,
>>nosuid)
>>
>>Let's upgrade the sets!
>>Location of sets? (cd0 disk http or 'done') [http] http
>>HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none
>>HTTP Server? (hostname, list#, 'done' or '?') [10.1.2.15] 10.1.2.15
>>Server directory? [pub/OpenBSD/snapshots/amd64]
>>pub/OpenBSD/snapshots/amd64
>>ftp: SSL write error: certificate verification failed: self signed
>>certificate
>>Looked at https://10.1.2.15/pub/OpenBSD/snapshots/amd64 and found no
>>OpenBSD/amd64 6.0 sets. The set names looked for were:
>>bsd comp60.tgz xshare60.tgz
>site60-obsd64.tgz
>> bsd.rd man60.tgz xfont60.tgz
>> bsd.mp game60.tgz xserv60.tgz
>> base60.tgz xbase60.tgz site60.tgz
>>failed; check /tmp/ai/ai.log
