On Thursday 29 January 2015 18:11:53 Allen Hewes wrote: Hi,
el7 have md5 disable and if you have your ssl certificates with 'default_md=md5' parameter, you must recreate your pki with this parameter to sha1 or better sha256 in your ssl.cnf (http://fedoraproject.org/wiki/Koji/ServerHowTo). to be sure that's the problem: OPENSSL_ENABLE_MD5_VERIFY=1 koji regen-repo el5-decisiv if this command run successfully, you know what to do ... > Hi, > > I am trying to move from Koji 1.9.0 on RHEL 5.11 to Koji 1.9.0 (gitcd45e886) > on CentOS 7. But it didn't help my issue: > > Testing out the new Koji instance with a task submission: > $ koji --debug regen-repo el5-decisiv > successfully connected to hub > Warning: el5-decisiv is not a build tag > Warning: tag el5-decisiv has an empty arch list Regenerating repo for tag > el5-decisiv Watching tasks (this may be safely interrupted)... 30 newRepo > (el5-decisiv): open (koji.decisiv.net) Traceback (most recent call last): > File "/usr/bin/koji", line 6566, in <module> > rv = locals()[command].__call__(options, session, args) > File "/usr/bin/koji", line 6410, in handle_regen_repo > return watch_tasks(session, [task_id], quiet=options.quiet) > File "/usr/bin/koji", line 472, in watch_tasks > changed = task.update() > File "/usr/bin/koji", line 377, in update > self.info = self.session.getTaskInfo(self.id, request=True) > File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1556, in > __call__ return self.__func(self.__name,args,opts) > File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1899, in > _callMethod return self._sendCall(handler, headers, request) > File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1810, in > _sendCall return self._sendOneCall(handler, headers, request) > File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1830, in > _sendOneCall response = cnx.getresponse() > File "/usr/lib64/python2.7/httplib.py", line 1045, in getresponse > response.begin() > File "/usr/lib64/python2.7/httplib.py", line 409, in begin > version, status, reason = self._read_status() > File "/usr/lib64/python2.7/httplib.py", line 365, in _read_status > line = self.fp.readline(_MAXLINE + 1) > File "/usr/lib64/python2.7/socket.py", line 476, in readline > data = self._sock.recv(self._rbufsize) > File "/usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py", line > 140, in recv return con.recv(bufsize, flags) > OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF') > > I added a rescue of SSL.SysCallError in the recv() function in > /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py: > > diff -uab /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py > /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py.b --- > /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py 2015-01-29 > 04:00:08.000000000 +0000 +++ > /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py.b > 2015-01-29 04:00:56.224059850 +0000 @@ -138,6 +138,11 @@ > > try: > return con.recv(bufsize, flags) > + except SSL.SysCallError as e: > + if e.args == (-1, 'Unexpected EOF'): > + break > + else: > + raise > except SSL.ZeroReturnError: > return None > except SSL.WantReadError: > > Which then the task submission succeeds: > $ koji --debug regen-repo el5-decisiv > successfully connected to hub > Warning: el5-decisiv is not a build tag > Warning: tag el5-decisiv has an empty arch list Regenerating repo for tag > el5-decisiv Watching tasks (this may be safely interrupted)... 32 newRepo > (el5-decisiv): free > 32 newRepo (el5-decisiv): free -> closed > 0 free 0 open 1 done 0 failed > > 32 newRepo (el5-decisiv) completed successfully > > I couldn't find a Koji ticket for this error so I don't know if I am making > it worse or what I added is Good Enough to use? Is this a known issue? > > I also had to install a newer createrepo. I was getting the mergerepo error > here: https://bugzilla.redhat.com/show_bug.cgi?id=1058975 > > Maybe createrepo should be updated for EPEL 7? > > /allen > > ________________________________ > > Disclaimer Confidentiality Notice: This e-mail, and any attachments and/or > documents linked to this email, are intended for the addressee and may > contain information that is privileged, confidential, proprietary, or > otherwise protected by law. Any dissemination, distribution, or copying is > prohibited. This notice serves as a confidentiality marking for the purpose > of any confidentiality or nondisclosure agreement. If you have received > this communication in error, please contact the original sender. -- > buildsys mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/buildsys -- Didier -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
