Bug 667122
Summary: | Anaconda doesn't work with https enabled repos. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Patrik Martinsson <martinsson.patrik> | ||||||
Component: | anaconda | Assignee: | Ales Kozumplik <akozumpl> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 6.0 | CC: | ahecox, atodorov, gavin, jzeleny, mganisin, mjc, mmatsuya | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | anaconda-13.21.87-1 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2011-05-19 12:36:37 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Patrik Martinsson
2011-01-04 14:32:22 UTC
Patrik, can you attach '/tmp/anaconda.log' to this bug? Also: what step do you see the error, is it during package selection? Thanks. Yes sure, it fails right after the partitioning process, i think it says something like "retrieving information from foo-repo", and then presents the error "Unable to read package metadaga. This may be to a missing repodata directory...." Attaching log. Created attachment 471693 [details]
anaconda log.
note that i only added https on one of the repos during this test.
We are missing libnsspem.so in the image for some reason and I think this is what prevents libcurl from verifying a certificate. Fix coming shortly. QA, this can be verified by trying to use urlgrabber or curl (must be scp'd into the installation's /tmp) to download any file from a https server that uses a cerficicate of a well known authority from /etc/pki/tls/certs/ca-bundle.crt, if you don't have such a private key/certificate then just overwrite ca-bundle.crt with a generated one. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. I've confirmed this, I rebuilt the install.img with the libnsspem.so included in /usr/lib64/ (running 64bit), and now the https enabled repo works. Before I did the rebuild I tried to scp over curl, tried to run curl in verbose but it was complaining about missing the libnsspem.so. After copying over the lib to /tmp, adding /tmp to LD_LIBRARY_PATH, running curl to a https adress works as expected. Thanks for the quick response on this. Btw, I mounted the img (mount -o loop install.img /foo) copied it over to /bar, inserted the libnsspem.so into /bar/usr/lib64/ and ran mksquashfs on /bar to genereate a new install.img. *** Bug 660565 has been marked as a duplicate of this bug. *** Fixed by b3c70555b64c9a1accb294f31c4dfeb14c33d0b2. Ales -- is there a test spin we can use? Thanks! Andrew, you'll need to wait for a nightly build that includes anaconda-13.21.87-1. We did the build of *-86 just yesterday, it's going to take at most 7 days before we do *-87 (but possibly much sooner if there are emergency fixes that need to make it to the nightlies) and then around one day until it makes it to the nightlies. So I would say you can test this with nightlies from Monday 16th. Ales Thanks Ales, I'll test once available... libnsspem.so is present in stage2 image for 0308.n.1 tree and using cutl against https URL signed by well known CA works as expected. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0530.html |