#acl PaulHowarth:read,write,admin,revert,delete All:read
=== Friday 19th September 2008 ===
==== Local Packages ====
* Updated `libpng10` to 1.0.40
Whilst preparing the same `libpng10` update for Rawhide, I had a problem uploading the new tarball to Fedora's
lookaside cache:
{{{
$ make new-sources FILES=libpng-1.0.40.tar.bz2
Checking : libpng-1.0.40.tar.bz2 on https://cvs.fedoraproject.org/repo/pkgs/upload.cgi...
ERROR: could not check remote file status
make: *** [new-sources] Error 255
}}}
So I looked at the `Makefile` and tried running the failing command in verbose mode:
{{{
$ curl -v -k --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi
* About to connect() to cvs.fedoraproject.org port 443 (#0)
* Trying 209.132.176.51... connected
* Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Certificate is signed by an untrusted issuer: 'E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US'
* SSL certificate verify ok.
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
* subject: E=admin@fedoraproject.org,CN=cvs.fedoraproject.org,OU=CVS,O=Fedora Project,ST=North Carolina,C=US
* start date: Aug 20 15:22:59 2008 GMT
* expire date: Aug 18 15:22:59 2018 GMT
* common name: cvs.fedoraproject.org
* issuer: E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US
> POST /repo/pkgs/upload.cgi HTTP/1.1
> User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.19.0 NSS/3.12.0.3 zlib/1.2.3 libidn/1.10 libssh2/0.18
> Host: cvs.fedoraproject.org
> Accept: */*
> Content-Length: 392
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------40b4d189dc86
>
< HTTP/1.1 100 Continue
< HTTP/1.1 403 Forbidden
< Date: Fri, 19 Sep 2008 08:30:34 GMT
< Server: Apache/2.2.3 (Red Hat)
< Content-Length: 310
< Content-Type: text/html; charset=iso-8859-1
<
403 Forbidden
Forbidden
You don't have permission to access /repo/pkgs/upload.cgi
on this server.
Apache/2.2.3 (Red Hat) Server at cvs.fedoraproject.org Port 443
* Connection #0 to host cvs.fedoraproject.org left intact
* Closing connection #0
}}}
Having had trouble with `curl` and NSS before, the first thing I tried to resolve this was to replace my own
`libcurl-7.19.0` package with the `libcurl-7.18.2` version from Fedora.
That did the trick:
{{{
$ curl -v -k --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi
* About to connect() to cvs.fedoraproject.org port 443 (#0)
* Trying 209.132.176.51... connected
* Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Certificate is signed by an untrusted issuer: 'E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US'
* SSL certificate verify ok.
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
* subject: E=admin@fedoraproject.org,CN=cvs.fedoraproject.org,OU=CVS,O=Fedora Project,ST=North Carolina,C=US
* start date: Aug 20 15:22:59 2008 GMT
* expire date: Aug 18 15:22:59 2018 GMT
* common name: cvs.fedoraproject.org
* issuer: E=admin@fedoraproject.org,CN=Fedora Project CA,OU=Fedora Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US
> POST /repo/pkgs/upload.cgi HTTP/1.1
> User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.18.2 NSS/3.12.0.3 zlib/1.2.3 libidn/1.10 libssh2/0.18
> Host: cvs.fedoraproject.org
> Accept: */*
> Content-Length: 392
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------26a91c00c1c1
>
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Fri, 19 Sep 2008 08:38:47 GMT
< Server: Apache/2.2.3 (Red Hat)
< AppTime: D=275070
< AppServer: cvs1.fedora.phx.redhat.com
< Transfer-Encoding: chunked
< Content-Type: text/plain
<
Missing
* Connection #0 to host cvs.fedoraproject.org left intact
* Closing connection #0
}}}
So it would appear that NSS support in my `curl-7.19.0` package is broken
(perhaps that's why Rawhide hasn't updated to 7.19.0 yet?).
I therefore decided to rebuild my `curl` package with NSS support turned off, building against OpenSSL instead.
With that installed, `curl-7.19.0` and `libcurl-7.19.0` work just fine:
{{{
$ curl -v -k --cert /home/paul/.fedora.cert -F "name=libpng10" -F "md5sum=0803ce684c70a9b6aa7223be4df0c4b7" -F "filename=libpng-1.0.40.tar.bz2" https://cvs.fedoraproject.org/repo/pkgs/upload.cgi
* About to connect() to cvs.fedoraproject.org port 443 (#0)
* Trying 209.132.176.51... connected
* Connected to cvs.fedoraproject.org (209.132.176.51) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=North Carolina/O=Fedora Project/OU=CVS/CN=cvs.fedoraproject.org/emailAddress=admin@fedoraproject.org
* start date: 2008-08-20 15:22:59 GMT
* expire date: 2018-08-18 15:22:59 GMT
* common name: cvs.fedoraproject.org (matched)
* issuer: /C=US/ST=North Carolina/L=Raleigh/O=Fedora Project/OU=Fedora Project CA/CN=Fedora Project CA/emailAddress=admin@fedoraproject.org
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> POST /repo/pkgs/upload.cgi HTTP/1.1
> User-Agent: curl/7.19.0 (x86_64-unknown-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8g zlib/1.2.3 libidn/1.10 libssh2/0.18
> Host: cvs.fedoraproject.org
> Accept: */*
> Content-Length: 392
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------ece5fb64ab6a
>
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Fri, 19 Sep 2008 10:35:16 GMT
< Server: Apache/2.2.3 (Red Hat)
< AppTime: D=276513
< AppServer: cvs1.fedora.phx.redhat.com
< Transfer-Encoding: chunked
< Content-Type: text/plain
<
Available
* Connection #0 to host cvs.fedoraproject.org left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
}}}
==== Fedora Project ====
* Updated `libpng10` to 1.0.40
----