Bug 697714

Summary: Can't upload EPEL updates: fedpkg won't accept certificate for lookaside cache
Product: [Fedora] Fedora EPEL Reporter: C Sand <conradsand.fb>
Component: fedora-packagerAssignee: Dennis Gilmore <dennis>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: el6CC: dcantrell, dennis
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-19 03:09:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 693770    

Description C Sand 2011-04-19 02:20:08 UTC 
Description of problem:
Can't upload new sources to update EPEL packages.


Version-Release number of selected component (if applicable):
0.5.5.0-2.el6

How reproducible:

I'm the maintainer of the Armadillo EPEL package. I've tried to update the package to the latest version, but I am unable to upload the source archive. I'm using Scientific Linux 6 (RHEL 6 clone) with EPEL 6.

Following the instructions at http://fedoraproject.org/wiki/PackageMaintainers/UpdatingPackageHowTo  
below is what I've tried:

# su
# yum --noplugins install fedora-packager
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package fedora-packager.noarch 0:0.5.5.0-2.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved
Installing:
fedora-packager  noarch  0.5.5.0-2.el6  epel  34 k
(...)

# rm /root/.fedora*
# fedora-cert -n
Can't determine fas name, lets get a new cert
FAS Username: conrads
FAS Password: 

# cd /tmp
# rm -rf armadillo
# fedpkg clone armadillo
Initialized empty Git repository in /tmp/armadillo/.git/
remote: Counting objects: 113, done.
remote: Compressing objects: 100% (58/58), done.
remote: Total 113 (delta 48), reused 103 (delta 45)
Receiving objects: 100% (113/113), 13.44 KiB, done.
Resolving deltas: 100% (48/48), done.

# cd armadillo
# fedpkg new-sources /tmp/svn_out/armadillo-1.2.0.tar.gz
Uploading: 856268f9730a3e55db38cbc1b7f8f2bc  /tmp/svn_out/armadillo-1.2.0.tar.gz
Missing certificate: /root/.fedora-server-ca.cert
Could not upload new sources: Lookaside failure.  Please run 'fedora-cert -v' to verify your certificate

# fedora-cert -v
Verifying Certificate
cert expires: 2011-10-16
CRL Checking not implemented yet

# fedpkg new-sources /tmp/svn_out/armadillo-1.2.0.tar.gz 
Uploading: 856268f9730a3e55db38cbc1b7f8f2bc  /tmp/svn_out/armadillo-1.2.0.tar.gz
Missing certificate: /root/.fedora-server-ca.cert
Could not upload new sources: Lookaside failure.  Please run 'fedora-cert -v' to verify your certificate

# cp /root/.fedora.cert /root/.fedora-server-ca.cert
# fedpkg new-sources /tmp/svn_out/armadillo-1.2.0.tar.gz 
Uploading: 856268f9730a3e55db38cbc1b7f8f2bc  /tmp/svn_out/armadillo-1.2.0.tar.gz
Could not upload new sources: Lookaside failure.  Please run 'fedora-cert -v' to verify your certificate

Googling the problem pointed to:
http://www.mail-archive.com/devel@lists.fedoraproject.org/msg16274.html


# (openssl x509 -in /root/.fedora.cert -text; echo; openssl rsa -in /root/.fedora.cert)> /root/.fedora.cert.new
writing RSA key

# cp /root/.fedora.cert.new /root/.fedora.cert
cp: overwrite `/root/.fedora.cert'? y

# fedpkg new-sources /tmp/svn_out/armadillo-1.2.0.tar.gz 
Uploading: 856268f9730a3e55db38cbc1b7f8f2bc  /tmp/svn_out/armadillo-1.2.0.tar.gz
Could not upload new sources: Lookaside failure.  Please run 'fedora-cert -v' to verify your certificate

# cp /root/.fedora.cert.new /root/.fedora-server-ca.cert 
cp: overwrite `/root/.fedora-server-ca.cert'? y

# fedpkg new-sources /tmp/svn_out/armadillo-1.2.0.tar.gz 
Uploading: 856268f9730a3e55db38cbc1b7f8f2bc  /tmp/svn_out/armadillo-1.2.0.tar.gz
Could not upload new sources: Lookaside failure.  Please run 'fedora-cert -v' to verify your certificate

# fedora-cert -v
Verifying Certificate
cert expires: 2011-10-16
CRL Checking not implemented yet

# fedpkg new-sources /tmp/svn_out/armadillo-1.2.0.tar.gz 
Uploading: 856268f9730a3e55db38cbc1b7f8f2bc  /tmp/svn_out/armadillo-1.2.0.tar.gz
Could not upload new sources: Lookaside failure.  Please run 'fedora-cert -v' to verify your certificate
Comment 1 C Sand 2011-04-19 02:44:11 UTC 
More info, in case there is a weird version mismatch:

# yum -C deplist fedora-packager

package: fedora-packager.noarch 0.5.5.0-2.el6
  dependency: bodhi-client
   provider: bodhi-client.noarch 0.7.10-1.el6
  dependency: fedpkg = 0.5.5.0-2.el6
   provider: fedpkg.noarch 0.5.5.0-2.el6
  dependency: ykpers
   provider: ykpers.x86_64 1.3.4-1.el6
   provider: ykpers.i686 1.3.4-1.el6
  dependency: pyOpenSSL
   provider: pyOpenSSL.x86_64 0.10-2.el6
  dependency: rpmlint
   provider: rpmlint.noarch 0.94-2.el6
  dependency: /bin/bash
   provider: bash.x86_64 4.1.2-3.el6
  dependency: rpm-build
   provider: rpm-build.x86_64 4.8.0-12.el6
  dependency: mock
   provider: mock.noarch 1.1.8-1.el6
  dependency: /usr/bin/python
   provider: python.x86_64 2.6.5-3.el6
   provider: python.i686 2.6.5-3.el6
  dependency: redhat-rpm-config
   provider: redhat-rpm-config.noarch 9.0.3-25.el6
  dependency: openssh-clients
   provider: openssh-clients.x86_64 5.3p1-20.el6
  dependency: rpmdevtools
   provider: rpmdevtools.noarch 7.5-1.el6
  dependency: fedora-cert = 0.5.5.0-2.el6
   provider: fedora-cert.noarch 0.5.5.0-2.el6
  dependency: /bin/sh
   provider: bash.x86_64 4.1.2-3.el6
  dependency: curl
   provider: curl.x86_64 7.19.7-16.el6
  dependency: koji
   provider: koji.noarch 1.6.0-1.el6.1
Comment 2 C Sand 2011-04-19 02:54:57 UTC 
further info:

# rpm -q openssl nss
openssl-1.0.0-4.el6_0.2.x86_64
nss-3.12.8-1.el6_0.0.sl6.x86_64
Comment 3 Dennis Gilmore 2011-04-19 03:09:03 UTC 
http://fedoraproject.org/wiki/PackageMaintainers/UsingKoji#Fedora_Certificates

please read the faq,  its a know issue with rhel6 and derivatives it should be fixed in 6.1 i believe.