-
-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup Issue - alertRinstaller - Could not list repository information #13
Comments
This is interesting. I just tested it myself and it worked out: sqall@towel: I guess the installer could not create a temporary file to which the certificate content is written to. At least, this is what it looks like regarding your error message. At the moment, I have no idea why this happens. So we have to debug it a little bit. Can you please try the attached installation script and paste me the output? Since github does not support ".py" files, you have to rename it. The changes I made were just some debug outputs. If you do not trust it, just diff both versions of it. P.S. |
pi@alertr-server:~ $ python alertRinstaller.py -l 06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository Could not list repository information.
|
Looks like our hitting a local SSL certificate trust issue on your pi I would make sure your system is first up to date; sudo apt-get update and If you are very technical you can try running through this guide: Andre - Is there a way to disable the VerifiedHTTPSConnection option on the On Wed, Jun 1, 2016 at 7:42 PM rlefever notifications@github.com wrote:
|
Andre - I hit the send too soon. Can you remove the Certificate pinning in I dont have time to clone/merge but It could be as simple as: import urllib.request Instead of pinning to a particular Digicert Root. caCertificate = "-----BEGIN CERTIFICATE-----\n" On Thu, Jun 2, 2016 at 7:26 AM Chris Perez akkord64@gmail.com wrote:
|
Update and Upgrade performed again. Nothing to update. Per the referenced guide I tried to modify the cert-verification.cfg. I
|
Can you paste the output of this command: openssl s_client -showcerts -connect raw.githubusercontent.com:443 On Thu, Jun 2, 2016 at 9:35 AM rlefever notifications@github.com wrote:
|
pi@alertr-server:~ $ openssl s_client -showcerts -connect verify return:0Certificate chain -----END CERTIFICATE-----Server certificate Assurance Server CANo client certificate CA names sentSSL handshake has read 3326 bytes and written 415 bytesNew, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Stopped here and did not return to a prompt.
|
Thanks. Lastly can you run the the debugging installer linked by Andre? I On Thu, Jun 2, 2016 at 11:52 AM rlefever notifications@github.com wrote:
|
pi@alertr-server:~ $ python alertRinstaller.py -l 06/02/2016 17:20:40 ERROR: [alertRinstaller.py]: Getting repository Could not list repository information. Thanks,
|
As a workaround I just uploaded a version that can disable the SSL certificate check (parameter --no-check-ssl-certificate) into the alertR repository. This is just a "dirty" workaround and will weaken the security of the installer. But for testing purposes it should be fine. @akkord64 I know that Github can change the certificate any time and it will then break the installer. But still I will leave the pinning in there. The reason is the following: Your way will download the certificate and will use this for checking the Github SSL connection. But how do I check the download SSL connection of the certificate? With certificate pinning? This is kind of the chicken-and-egg problem. But I have an idea to come around the SSL certificate pinning. I will add code signing to the repository. This way I can pin the certificate used to verify the downloaded files. As long as the installer and updater of alertR are used, there should not be any problem. Just added it to my to-do list ;) @rlefever I will look into the problem at the weekend. Then I will install a Pi with the newest Rasbian Lenny version. I will keep you updated when I have solved this problem or need some information. |
Finally wiped and reinstalled a fresh copy of Raspian Jessie, downloaded Thanks so much for all your efforts.
|
Must be missing something in step 1, Brand new install of Raspbian jessie, full updated
python alertRinstaller.py -l
05/31/2016 23:11:30 ERROR: [alertRinstaller.py]: Getting repository information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1020, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 97, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)
Could not list repository information
tried running as root but got the same error.
The text was updated successfully, but these errors were encountered: