Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386875

Summary: sys-kernel/vanilla-sources-3.0.6 - curl/CA auth fails
Product: Gentoo Linux Reporter: Cédric Jeanneret <contact>
Component: [OLD] Core systemAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Status: RESOLVED INVALID    
Severity: major CC: floppym
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Cédric Jeanneret 2011-10-12 08:22:18 UTC
* ERROR: sys-kernel/vanilla-sources-3.0.6 failed (unpack phase):
 *   git-2_initial_clone: can't fetch from https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
 * 
 * Call stack:
 *     ebuild.sh, line   91:  Called src_unpack
 *   environment, line 3518:  Called git-2_src_unpack
 *   environment, line 2459:  Called git-2_fetch
 *   environment, line 2261:  Called git-2_initial_clone
 *   environment, line 2354:  Called die
 * The specific snippet of code:
 *       [[ -n ${EGIT_REPO_URI_SELECTED} ]] || die "${FUNCNAME}: can't fetch from ${EGIT_REPO_URI}"
 * 
 * If you need support, post the output of 'emerge --info =sys-kernel/vanilla-sources-3.0.6',
 * the complete build log and the output of 'emerge -pqv =sys-kernel/vanilla-sources-3.0.6'.
 * The complete build log is located at '/var/tmp/portage/sys-kernel/vanilla-sources-3.0.6/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/sys-kernel/vanilla-sources-3.0.6/temp/environment'.
 * S: '/var/tmp/portage/sys-kernel/vanilla-sources-3.0.6/work/linux-3.0.6'



curl -I https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
curl: (60) Peer certificate cannot be authenticated with given CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.


seems that our kernel.org friends are doing some crap with SSL certificates.

Reproducible: Always

Steps to Reproduce:
1. try to update the kernel
2.
3.
Actual Results:  
git/curl crashes because of crappy ssl certificate.

Expected Results:  
should accept the certificate

maybe adding some feature/use to ensure that proper options are passed to git/curl/whatever to bypass the SSL certificate cert ?
Comment 1 Mike Gilbert gentoo-dev 2011-10-16 03:45:39 UTC
Are you still having this problem? It works fine for me.

If you are, please provide emerge --info and a full build log.
Comment 2 Diego Augusto Molina 2011-10-16 15:51:51 UTC
(In reply to comment #0)
> seems that our kernel.org friends are doing some crap with SSL certificates.

I don't think so. I enter "https://git.kernel.org" and see a beautiful message "The identity of this website has been verified by Thawte Premium Server CA.".

I was able to do this this:

$ git clone https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

And this:

$ emerge -q =sys-kernel/vanilla-sources-3.0.6

With no problems at all. That means that it may have been caused by a problem in your machine (networking?) or an eventual problem in kernel.org.

Please, close this bug as there is no reason to keep it. If you have further problems open a new bug describing that problem.
Comment 3 Cédric Jeanneret 2011-10-18 08:00:56 UTC
hmm, seems that it's a CURL problem - will see if there's already a bug, or open one new about that...

Sorry for the noise.