Welcome! Log In Create A New Profile

Advanced

[SOLVED] Certificate Problems on 5.16.5

Posted by Marcus 
Forum List Message List New Topic
Marcus
[SOLVED] Certificate Problems on 5.16.5
June 05, 2022 12:47PM
Hello,

I tried to install wsdd to my GoFlex-Home with 5.16.5, based on this link/advice:
https://github.com/christgau/wsdd

Install failed on adding the gpg key from the issuers website.
The command gave me an error 

root@Server:/home/goflex# curl https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor > /etc/apt/trusted.gpg.d/ltec-ag.gpg


Same install worked like a charm on my raspberry with bullseye.

I have no clue...

Many thanks for any help.

Marcus

Corrected kernel version.



Edited 3 time(s). Last edit at 06/08/2022 07:43PM by bodhi.
Reply Quote
Marcus
Re: Certificate Problems on 5.15
June 05, 2022 01:20PM
Oh sorry, forgot the full error, here for the curl command only: 

root@GoFlex-Home:~# curl -O https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0     0    0     0    0     0      0      0 --:--:--  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

root@GoFlex-Home:~#


Thanks for any support!



Edited 1 time(s). Last edit at 06/06/2022 01:18AM by Marcus.
Reply Quote
Marcus
Re: Certificate Problems on 5.16.5
June 05, 2022 01:29PM
With the option -k, curl downloads the key file, but gpg does not accept it as valid. 

root@GoFlex-Home:~# curl -k http://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor > /etc/apt/trusted.gpg.d/ltec-ag.gpg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--100   332  100   332    0     0   2289      0 --:--:-- --:--:-- --:--:--  2289
gpg: no valid OpenPGP data found.
root@GoFlex-Home:~#



Edited 1 time(s). Last edit at 06/06/2022 01:19AM by Marcus.
Reply Quote
bodhi
Re: Certificate Problems on 5.16.5
June 05, 2022 03:28PM
Hi Marcus,

What version you are running exactly? 
uname -a
cat /etc/debian_version

Have you updated Debian lately? 
apt-get update
apt-get upgrade

Problem like that is usually related to Debian distribution, not likely a kernel version issue.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)



Edited 1 time(s). Last edit at 06/05/2022 03:28PM by bodhi.
Reply Quote
Marcus
Re: Certificate Problems on 5.16.5
June 06, 2022 01:15AM
Hi Bodhi!

This is the output: 
root@GoFlex-Home:~# uname -a
Linux GoFlex-Home 5.16.5-kirkwood-tld-1 #1.0 PREEMPT Sat Feb 5 20:02:03 PST 2022 armv5tel GNU/Linux
root@GoFlex-Home:~# cat /etc/debian_version
10.12

I did updates several times, with the added untrusted repository being ignored.
Now I tried: 

root@GoFlex-Home:~# sudo apt update && sudo apt full-upgrade
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 http://ftp.de.debian.org/debian buster InRelease
Get:3 http://cdn-fastly.deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://security.debian.org buster/updates/main Sources [236 kB]
Fetched 354 kB in 5s (72.7 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

What can I do about the distribution?

Many thanks

marcus



Edited 4 time(s). Last edit at 06/06/2022 01:52AM by Marcus.
Reply Quote
bodhi
Re: Certificate Problems on 5.16.5
June 06, 2022 01:51AM
Hey Marcus,

That 10.12 is a bit old. It is oldstable distribution, Debian stable is 11.x now. I don't know for sure if your particular problem will be resolved by upgrading, but it's worth doing. You dont' want to run old distribution because there are security problem that have been fixed in new Debian stable.

I would upgrade the distribution. But make sure you do a back up first. If the system rootfs is on a USB drive, it is easy to do. See:

https://forum.doozan.com/read.php?2,12096,24034#msg-24034

Because the upgrade will be massive change from 10.x to 11.x. You will need the backup in case something goes badly wrong!

So to start upgrade. Update the apt source list, it should look like this.

cat /etc/apt/sources.list 
deb http://ftp.us.debian.org/debian bullseye main contrib non-free
deb-src http://ftp.us.debian.org/debian bullseye main contrib non-free

deb https://security.debian.org/debian-security bullseye-security main contrib non-free

deb  http://http.debian.net/debian bullseye-updates main contrib non-free
deb-src http://http.debian.net/debian bullseye-updates main contrib non-free

And then 

apt-get update
apt-get dist-upgrade
If you see problem with key-ring then do 

apt-get install debian-keyring debian-archive-keyring

And do it again 
apt-get update
apt-get dist-upgrade



It will take several hours. And whenever you are presented with a dialog that ask to keep current configuration for an app (such as Samba), take the default answer (keeping current configuration). You can always fix any minor problem later, but keep current config will allow you to run the system as before (no surprise).

So it is not an unattended upgrade. You must check the progress and answer questions. I do this because it allows me to keep notes of what's going on in case I need to resolve the new configuration settings and the old ones. I'm sure you will see this with Samba, and a few other apps.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Reply Quote
Marcus
Re: Certificate Problems on 5.16.5
June 06, 2022 03:34PM
Hello,

many, many thanks for your advice!!


So now I made a backup, then changed the sources list. Then: 
goflex@GoFlex-Home:~$ sudo apt-get update
Err:2 https://security.debian.org/debian-security bullseye-security InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.66.132 443]
Hit:3 http://ftp.us.debian.org/debian bullseye InRelease
Hit:1 http://cdn-fastly.deb.debian.org/debian bullseye-updates InRelease
Reading package lists... Done
W: https://security.debian.org/debian-security/dists/bullseye-security/InRelease: No system certificates available. Try installing ca-certificates.
W: Failed to fetch https://security.debian.org/debian-security/dists/bullseye-security/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.66.132 443]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Then I changed /etc/apt/sources.list 
#from
#deb     https://security.debian.org/debian-security bullseye-security main contrib non-free
#to
deb     http://security.debian.org/debian-security bullseye-security main contrib non-free
After that, update and upgrade worked like a charm: 
goflex@GoFlex-Home:~$ uname -a
Linux GoFlex-Home 5.16.5-kirkwood-tld-1 #1.0 PREEMPT Sat Feb 5 20:02:03 PST 2022 armv5tel GNU/Linux
goflex@GoFlex-Home:~$ cat /etc/debian_version
11.3

Finally I installed 
sudo apt install ca-certificates

After that, the update worked smoothly with "https://" in the sources list.
So far so good!!


But still, installing wsdd gave me errors, cuz systemd was not running. I tried reinstall 
sudo apt-get install --reinstall systemd
But then found out that systemd is not the init system booted with, but SysV is .

Right?
Reply Quote
bodhi
Re: Certificate Problems on 5.16.5
June 06, 2022 06:29PM
This rootfs is running with Sysvinit. I mentioned it in the rootfs release instruction.


Quote

To boot with systemd, add parameter init=/bin/systemd to your u-boot env bootargs (beware that in later Debian distribution, the location of systemd binary might have changed).

- For example,
fw_setenv set_bootargs 'setenv bootargs console=ttyS0,115200 root=LABEL=rootfs rootdelay=10 $mtdparts init=/bin/systemd'

- Or, if you are booting with my latest u-boot images you can also use the uEnv.txt capability to do this. In the default envs, custom_params is a variable that allows you to add extra bootargs. So add the following line to uEnv.txt:
custom_params=init=/bin/systemd

If that's still not possible to run systemd, you might want to install it again:
apt-get install systemd

You should try using uEnv.txt first. It is easier to test the option without worrying about mistake/typos...

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Reply Quote
Marcus
Re: Certificate Problems on 5.16.5
June 08, 2022 11:50AM
Hi There,

Hey, I made it!
It works now.

Many thanks for the support!!!
Someone may close this thread as 'solved', now.

Best regards
Marcus
Reply Quote
Newer Topic Older Topic
Author:

Your Email:


Subject:
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: