PaulHowarth/Blog/2008-09-19

Friday 19th September 2008

Local Packages

Updated libpng10 to 1.0.40

Whilst preparing the same libpng10 update for Rawhide, I had a problem uploading the new tarball to Fedora's lookaside cache:

$ make new-sources FILES=libpng-1.0.40.tar.bz2

Checking : libpng-1.0.40.tar.bz2 on https://cvs.fedoraproject.org/repo/pkgs/upload.cgi...
ERROR: could not check remote file status
make: *** [new-sources] Error 255

So I looked at the Makefile and tried running the failing command in verbose mode:

$ curl -v -k  --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi
* About to connect() to cvs.fedoraproject.org port 443 (#0)
*   Trying 209.132.176.51... connected
* Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Certificate is signed by an untrusted issuer: 'E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US'
* SSL certificate verify ok.
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
*       subject: E=admin@fedoraproject.org,CN=cvs.fedoraproject.org,OU=CVS,O=Fedora Project,ST=North Carolina,C=US
*       start date: Aug 20 15:22:59 2008 GMT
*       expire date: Aug 18 15:22:59 2018 GMT
*       common name: cvs.fedoraproject.org
*       issuer: E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US
> POST /repo/pkgs/upload.cgi HTTP/1.1
> User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.19.0 NSS/3.12.0.3 zlib/1.2.3 libidn/1.10 libssh2/0.18
> Host: cvs.fedoraproject.org
> Accept: */*
> Content-Length: 392
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------40b4d189dc86
> 
< HTTP/1.1 100 Continue
< HTTP/1.1 403 Forbidden
< Date: Fri, 19 Sep 2008 08:30:34 GMT
< Server: Apache/2.2.3 (Red Hat)
< Content-Length: 310
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /repo/pkgs/upload.cgi
on this server.</p>
<hr>
<address>Apache/2.2.3 (Red Hat) Server at cvs.fedoraproject.org Port 443</address>
</body></html>
* Connection #0 to host cvs.fedoraproject.org left intact
* Closing connection #0

Having had trouble with curl and NSS before, the first thing I tried to resolve this was to replace my own libcurl-7.19.0 package with the libcurl-7.18.2 version from Fedora. That did the trick:

$ curl -v -k  --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi
* About to connect() to cvs.fedoraproject.org port 443 (#0)
*   Trying 209.132.176.51... connected
* Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Certificate is signed by an untrusted issuer: 'E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US'
* SSL certificate verify ok.
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
*       subject: E=admin@fedoraproject.org,CN=cvs.fedoraproject.org,OU=CVS,O=Fedora Project,ST=North Carolina,C=US
*       start date: Aug 20 15:22:59 2008 GMT
*       expire date: Aug 18 15:22:59 2018 GMT
*       common name: cvs.fedoraproject.org
*       issuer: E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US
> POST /repo/pkgs/upload.cgi HTTP/1.1
> User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.18.2 NSS/3.12.0.3 zlib/1.2.3 libidn/1.10 libssh2/0.18
> Host: cvs.fedoraproject.org
> Accept: */*
> Content-Length: 392
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------26a91c00c1c1
> 
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Fri, 19 Sep 2008 08:38:47 GMT
< Server: Apache/2.2.3 (Red Hat)
< AppTime: D=275070
< AppServer: cvs1.fedora.phx.redhat.com
< Transfer-Encoding: chunked
< Content-Type: text/plain
< 
Missing
* Connection #0 to host cvs.fedoraproject.org left intact
* Closing connection #0

So it would appear that NSS support in my curl-7.19.0 package is broken (perhaps that's why Rawhide hasn't updated to 7.19.0 yet?). I therefore decided to rebuild my curl package with NSS support turned off, building against OpenSSL instead. With that installed, curl-7.19.0 and libcurl-7.19.0 work just fine:

$ curl -v -k  --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi
* About to connect() to cvs.fedoraproject.org port 443 (#0)
*   Trying 209.132.176.51... connected
* Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*        subject: /C=US/ST=North Carolina/O=Fedora Project/OU=CVS/CN=cvs.fedoraproject.org/emailAddress=admin@fedoraproject.org
*        start date: 2008-08-20 15:22:59 GMT
*        expire date: 2018-08-18 15:22:59 GMT
*        common name: cvs.fedoraproject.org (matched)
*        issuer: /C=US/ST=North Carolina/L=Raleigh/O=Fedora Project/OU=Fedora Project CA/CN=Fedora Project CA/emailAddress=admin@fedoraproject.org
*        SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> POST /repo/pkgs/upload.cgi HTTP/1.1
> User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8g zlib/1.2.3 libidn/1.10 libssh2/0.18
> Host: cvs.fedoraproject.org
> Accept: */*
> Content-Length: 392
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------ece5fb64ab6a
> 
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Fri, 19 Sep 2008 10:35:16 GMT
< Server: Apache/2.2.3 (Red Hat)
< AppTime: D=276513
< AppServer: cvs1.fedora.phx.redhat.com
< Transfer-Encoding: chunked
< Content-Type: text/plain
< 
Available
* Connection #0 to host cvs.fedoraproject.org left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Fedora Project

Updated libpng10 to 1.0.40

Friday 19th September 2008

Local Packages

Fedora Project

Search:

Recent

Toolbox