Friday 19th September 2008
Local Packages
Updated libpng10 to 1.0.40
Whilst preparing the same libpng10 update for Rawhide, I had a problem uploading the new tarball to Fedora's lookaside cache:
$ make new-sources FILES=libpng-1.0.40.tar.bz2 Checking : libpng-1.0.40.tar.bz2 on https://cvs.fedoraproject.org/repo/pkgs/upload.cgi... ERROR: could not check remote file status make: *** [new-sources] Error 255
So I looked at the Makefile and tried running the failing command in verbose mode:
$ curl -v -k --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi * About to connect() to cvs.fedoraproject.org port 443 (#0) * Trying 209.132.176.51... connected * Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0) * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Certificate is signed by an untrusted issuer: 'E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US' * SSL certificate verify ok. * SSL connection using SSL_RSA_WITH_RC4_128_MD5 * Server certificate: * subject: E=admin@fedoraproject.org,CN=cvs.fedoraproject.org,OU=CVS,O=Fedora Project,ST=North Carolina,C=US * start date: Aug 20 15:22:59 2008 GMT * expire date: Aug 18 15:22:59 2018 GMT * common name: cvs.fedoraproject.org * issuer: E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US > POST /repo/pkgs/upload.cgi HTTP/1.1 > User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.19.0 NSS/3.12.0.3 zlib/1.2.3 libidn/1.10 libssh2/0.18 > Host: cvs.fedoraproject.org > Accept: */* > Content-Length: 392 > Expect: 100-continue > Content-Type: multipart/form-data; boundary=----------------------------40b4d189dc86 > < HTTP/1.1 100 Continue < HTTP/1.1 403 Forbidden < Date: Fri, 19 Sep 2008 08:30:34 GMT < Server: Apache/2.2.3 (Red Hat) < Content-Length: 310 < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /repo/pkgs/upload.cgi on this server.</p> <hr> <address>Apache/2.2.3 (Red Hat) Server at cvs.fedoraproject.org Port 443</address> </body></html> * Connection #0 to host cvs.fedoraproject.org left intact * Closing connection #0
Having had trouble with curl and NSS before, the first thing I tried to resolve this was to replace my own libcurl-7.19.0 package with the libcurl-7.18.2 version from Fedora. That did the trick:
$ curl -v -k --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi * About to connect() to cvs.fedoraproject.org port 443 (#0) * Trying 209.132.176.51... connected * Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0) * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Certificate is signed by an untrusted issuer: 'E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US' * SSL certificate verify ok. * SSL connection using SSL_RSA_WITH_RC4_128_MD5 * Server certificate: * subject: E=admin@fedoraproject.org,CN=cvs.fedoraproject.org,OU=CVS,O=Fedora Project,ST=North Carolina,C=US * start date: Aug 20 15:22:59 2008 GMT * expire date: Aug 18 15:22:59 2018 GMT * common name: cvs.fedoraproject.org * issuer: E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US > POST /repo/pkgs/upload.cgi HTTP/1.1 > User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.18.2 NSS/3.12.0.3 zlib/1.2.3 libidn/1.10 libssh2/0.18 > Host: cvs.fedoraproject.org > Accept: */* > Content-Length: 392 > Expect: 100-continue > Content-Type: multipart/form-data; boundary=----------------------------26a91c00c1c1 > < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < Date: Fri, 19 Sep 2008 08:38:47 GMT < Server: Apache/2.2.3 (Red Hat) < AppTime: D=275070 < AppServer: cvs1.fedora.phx.redhat.com < Transfer-Encoding: chunked < Content-Type: text/plain < Missing * Connection #0 to host cvs.fedoraproject.org left intact * Closing connection #0
So it would appear that NSS support in my curl-7.19.0 package is broken (perhaps that's why Rawhide hasn't updated to 7.19.0 yet?). I therefore decided to rebuild my curl package with NSS support turned off, building against OpenSSL instead. With that installed, curl-7.19.0 and libcurl-7.19.0 work just fine:
$ curl -v -k --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi * About to connect() to cvs.fedoraproject.org port 443 (#0) * Trying 209.132.176.51... connected * Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: /C=US/ST=North Carolina/O=Fedora Project/OU=CVS/CN=cvs.fedoraproject.org/emailAddress=admin@fedoraproject.org * start date: 2008-08-20 15:22:59 GMT * expire date: 2018-08-18 15:22:59 GMT * common name: cvs.fedoraproject.org (matched) * issuer: /C=US/ST=North Carolina/L=Raleigh/O=Fedora Project/OU=Fedora Project CA/CN=Fedora Project CA/emailAddress=admin@fedoraproject.org * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > POST /repo/pkgs/upload.cgi HTTP/1.1 > User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8g zlib/1.2.3 libidn/1.10 libssh2/0.18 > Host: cvs.fedoraproject.org > Accept: */* > Content-Length: 392 > Expect: 100-continue > Content-Type: multipart/form-data; boundary=----------------------------ece5fb64ab6a > < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < Date: Fri, 19 Sep 2008 10:35:16 GMT < Server: Apache/2.2.3 (Red Hat) < AppTime: D=276513 < AppServer: cvs1.fedora.phx.redhat.com < Transfer-Encoding: chunked < Content-Type: text/plain < Available * Connection #0 to host cvs.fedoraproject.org left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1):
Fedora Project
Updated libpng10 to 1.0.40