Bug 797954

Summary: Unable to read package metadata (peer cert invalid; netinst.iso)
Product: [Fedora] Fedora Reporter: Jan "Yenya" Kasprzak <kas>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: anaconda-maint-list, cseagle, g.kaviyarasu, jonathan, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-18 17:06:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan "Yenya" Kasprzak 2012-02-27 15:50:09 UTC 
Description of problem:
I am trying to upgrade a F15 system to F16 using an USB flash drive created from Fedora-16-x86_64-netinst.iso using livecd-iso-to-disk. The system boots from the flash drive, asks for language, keyboard, bootloader, and network settings. When trying to download the mirror list, it fails with the following error message box:

=====
Unable to read package metadata. This may be due to a missing repodata directory. Please ensure that your install tree has been correctly generated.

Cannot retrieve repository metadata (repomd.xml) for repository: fedora. Please verify its path and try again.
=====

When I switch to the third text console (Ctrl-Alt-F3), the last two lines are identical and state the following:

INFO anaconda: Error downloading treeinfo: [Errno 14] Peer cert cannot be verified or peer cert invalid

When I choose [Edit] in the above error box, I can edit the repository URL: enter my own mirror URL http://ftp.linux.cz/pub/linux/fedora/linux/releases/16/Fedora/x86_64/os and uncheck the [this is a mirror list] checkbox.

After that I get the same error message, this time for the "updates" repository. I can edit it to contain the local URL http://ftp.linux.cz/pub/linux/fedora/linux/updates/16/x86_64/, and the installation can continue.

Is there a certificate problem with the mirrorlist URL or something? Another possibility is that the certficate is newer, issued by a CA which has not been known when the netinst.iso has been created, or something like that.
Comment 1 Chris Lumens 2012-02-29 20:47:11 UTC 
I've not seen this before, though perhaps the problem is one of the mirrors in the list is an HTTPS source and provides a cert.  If you are able to reliably reproduce this, can you add "noverifyssl" as a boot argument and see if that gets you past it?
Comment 2 cseagle 2012-09-18 03:45:48 UTC 
I realize that this is an older bug, but as this just happened to me I thought I would share the solution in my case. I was installing onto an older laptop and the system time was not set properly, as a result the cert was deemed invalid by the installer. Setting the time correctly and "Retry"ing the connection solved the problem for me.