speedo Error 2, download swdb.lst failed

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

speedo Error 2, download swdb.lst failed

Murphy
Hi all - during a routine build of gnupg-2.1.21 for Ubuntu 16.04 LTS a
speedo build from source that has consistently worked as recently as a
few days ago has now consistently hung up.  This is true on a Raspberry
Pi 3 armhf environment as well as Ubuntu linux.  The offending command
seems to be:

$ sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local
[sudo] password for murphy:
make -f /home/murphy/Downloads/gnupg-2.1.21/build-aux/speedo.mk
UPD_SWDB=1 TARGETOS=native WHAT=release WITH_GUI=0 all
make[1]: Entering directory '/home/murphy/Downloads/gnupg-2.1.21'
download of swdb.lst failed.
/home/murphy/Downloads/gnupg-2.1.21/build-aux/speedo.mk:272: *** Error
getting GnuPG software version database.  Stop.
make[1]: Leaving directory '/home/murphy/Downloads/gnupg-2.1.21'
build-aux/speedo.mk:72: recipe for target 'native' failed
make: *** [native] Error 2

Has there been a recent change affecting swdb.lst???  I have been using
the provided speedo method for years and have never encountered this
problem before.  It is now reproducible even on installations where it
previously succeeded in installing gnupg-2.1.21.

Thanks in advance, Murphy



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: speedo Error 2, download swdb.lst failed

Peter Lebbing
On 21/06/17 17:14, murphy wrote:
> download of swdb.lst failed.

I think this is because of an expired certificate for versions.gnupg.org:

$ wget -S https://versions.gnupg.org/swdb.lst
--2017-06-21 19:11:03--  https://versions.gnupg.org/swdb.lst
Resolving versions.gnupg.org (versions.gnupg.org)...
2001:aa8:fff1:2100::56, 217.69.76.56
Connecting to versions.gnupg.org
(versions.gnupg.org)|2001:aa8:fff1:2100::56|:443... failed: Connection
refused.
Connecting to versions.gnupg.org
(versions.gnupg.org)|217.69.76.56|:443... connected.
ERROR: The certificate of ‘versions.gnupg.org’ is not trusted.
ERROR: The certificate of ‘versions.gnupg.org’ has expired.
The certificate has expired

$ gnutls-cli -p https versions.gnupg.org
Processed 175 CA certificate(s).
Resolving 'versions.gnupg.org'...
Connecting to '2001:aa8:fff1:2100::56:443'...
Cannot connect to 2001:aa8:fff1:2100::56:443: Connection refused
Connecting to '217.69.76.56:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=versions.gnupg.org', issuer `C=US,O=Let's
Encrypt,CN=Let's Encrypt Authority X3', RSA key 2048 bits, signed using
RSA-SHA256, activated `2017-03-22 09:00:00 UTC', expires `2017-06-20
09:00:00 UTC', SHA-1 fingerprint `57a54fb00d2eabc40afe221720b73fd3038e3929'
        Public Key ID:
                ee4ff057a2b9a377fd7c4499e48f535633ccf304
        Public key's random art:
                +--[ RSA 2048]----+
                |              E. |
                |               Bo|
                |              o.O|
                |               +=|
                |        S   . .=.|
                |       . o o oo o|
                |        . = .. o |
                |       . .oo. ...|
                |        o+oo   .+|
                +-----------------+

- Certificate[1] info:
 - subject `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', issuer
`O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 2048 bits,
signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires
`2021-03-17 16:40:46 UTC', SHA-1 fingerprint
`e6a3b45b062d509b3382282d196efe97d5956ccb'
- Status: The certificate is NOT trusted. The certificate chain uses
expired certificate.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.


My guess is that certbot, the tool usually responsible for downloading
new Let's Encrypt! certificates, hasn't been able to get a new
certificate for a month, and a system administrator needs to look into
getting it to succesfully obtain a new one.

The webserver also seems to reject IPv6 connections, BTW. I can
succesfully open IPv6 https connections with gnutls-cli to other sites.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: speedo Error 2, download swdb.lst failed

Werner Koch
On Wed, 21 Jun 2017 19:11, [hidden email] said:

> I think this is because of an expired certificate for versions.gnupg.org:

Sorry for this.  Fixed.


Shalom-Salam,

   Werner



--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

attachment0 (233 bytes) Download Attachment
Loading...