On Dec 22, 2011, at 7:29 PM, Brock Pytlik wrote: > On 12/22/11 17:53, David Sechrest wrote: >> On Dec 22, 2011, at 5:53 PM, Shawn Walker wrote: >> >>> On 12/22/11 17:37, David Sechrest wrote: >>>> Any ideas why this isn't working? Just trying to get to the GA release. >>>> thanks >>> ... >>>> File "/usr/lib/python2.6/vendor-packages/M2Crypto/X509.py", line 639, in >>>> load_cert_bio >>>> raise X509Error(Err.get_error()) >>>> X509Error: 1:error:0906D06C:PEM routines:PEM_read_bio:no start >>>> line:pem_lib.c:648:Expecting: CERTIFICATE >>> My guess is that this is due to some early process issues when packages >>> were first being signed. >>> >>> If you change your signature-policy to ignore, you may be able to bypass >>> this: >>> >>> pkg set-property signature-policy ignore >>> >>> If that's not sufficient, also try: >>> >>> pkg set-publisher --set-property signature-policy=ignore solaris >> Tried both and still getting the same error. > > Huh, this is a new one. This suggests that you've got a trust anchor on your > system which we/M2Crypto can't parse. The first thing I'd appreciate is if > you can tar up your /etc/certs/CA directory and send it my way off list.
sent to you > I'd like to better understand what's going on there. > > If you can, the first thing I'd try is using 'pkg fix'. That may cause the > same error that you're seeing now but it's the simplest step to try first. If > that produces the same error... > The next thing to try is this: > First make sure that your signature policy is still set to ignore then... > mkdir /tmp/justaemptydir > pkg set-property trust-anchor-directory=/tmp/justaemptydir > pkg fix -v 'pkg fix' was quite busy but I was then able to upgrade to b165. I then set trust-anchor-directory back to /etc/certs/CA but got the same error. To upgrade to GA I had to change it again. thanks Dave > > > Setting the trust-anchor directory to an empty dir should get you around the > issue you're seeing above. I'd be interested to know if pkg fix changed > anything under /etc/certs/CA. > > Assuming that this run of pkg fix didn't abort, you should be able to safely > update to build 165. > > After you've updated to build 165, you should set your trust-anchor-directory > property back to being /etc/certs/CA. > > I've filed bug 19114 for the issue that we traceback at all. > > Hth, > Brock > >> >> thanks >> Dave >> >>> After updating, you can then reset those policies to the default. >>> >>> If I'm completely wrong about this, the above won't help at all. >>> >>> -Shawn _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
