Re: [pca] getupdates.oracle.com now available for testing!
Martin Paul wrote: Has anybody been successful in downloading a README file? Obviously there was an error in the InfoDoc. A note has been added: http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 18 November 2010: * Corrected error in documentation for downloading readmes. The base URL should read https://getupdates.oracle.com/readme/patch_id. Using /readme/ instead of /readmes/ I could now download the READMEs of all 4 sample patches successfully. This works without specifying --http-user and --http-passwd, too. Martin.
Re: [pca] getupdates.oracle.com now available for testing!
Hi Martin/All, I was just about to send out a mail about this; looks like you've beaten me to it! Yes, there was a typo with the original mail that was sent out wrt README downloads, which the document now addresses. Also patch 119254-77 has now been released, so AFAICT it has been made public in place of 119254-76. I've retested this morning (using my test MOS SSO) and have successfully downloaded patches for 119318-01 112951-15 113713-28 119254-77 and their associated READMEs. If anyone is still having issues downloading any of the 4 patches listed above, or their READMEs please let me know. Here's the syntax that works for me: wget --http-user="" --http-passwd="" --no-check-certificate "https://getupdates.oracle.com/all_unsigned/119254-77.zip" -O /tmp/119254-77.zip wget --http-user="" --http-passwd="" --no-check-certificate "https://getupdates.oracle.com/readme/120068-02" -O /tmp/README.120068-02 Best, -Don Martin Paul wrote: Martin Paul wrote: Has anybody been successful in downloading a README file? Obviously there was an error in the InfoDoc. A note has been added: http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 18 November 2010: * Corrected error in documentation for downloading readmes. The base URL should read https://getupdates.oracle.com/readme/patch_id. Using /readme/ instead of /readmes/ I could now download the READMEs of all 4 sample patches successfully. This works without specifying --http-user and --http-passwd, too. Martin. -- Don O'Malley Manager, Patch System Test Revenue Product Engineering | Solaris | Hardware East Point Business Park, Dublin 3, Ireland Phone: +353 1 8199764 Team Alias: rpe_patch_system_test...@oracle.com
Re: [pca] getupdates.oracle.com now available for testing! - certs q
Gerard Henry wrote: On 11/17/10 11:05, Don O'Malley wrote: I've tested downloading patchdiag.xref and 119254-76.zip, both using the certificate file and the --no-check-certificate option and everything looks good: bash-3.00# wget --http-user="" --http-passwd="" --ca-certificate=/tmp/WGET3_getupdates.pem"https://getupdates.oracle.com/reports/patchdiag.xref" -O /tmp/patchdiag.xref --09:49:59--https://getupdates.oracle.com/reports/patchdiag.xref hello, where did you get this certificate called /tmp/WGET3_getupdates.pem ? Is it important? I'm no security expert, but here's my understanding of the certificate info. You must provide 'wget' with direction on how to handle security certificate information. Otherwise, patch downloads via 'wget' will fail. The purpose of the certificates is for customers to be able to verify that the content that you are downloading from Oracle, has actually come from Oracle and has not been intercepted by a "man-in-the-middle" Domains, getupdates.oracle.com a248.e.akamai.net, are signed by trusted Certificate Authorities. (Verisign for Oracle's and GTE Cybertrust for the case of Akamai.) Without a pointer to these certificates being provided to 'wget', download attempts will fail. Which certs are required? (These may have changed since the Oracle acquisition) CN=GTE CyberTrust Global Root CN=VeriSign Class 3 Secure Server CA - G2 What kind of error message can you expect to see from a failing 'wget' request? ERROR: Certificate verification error for getupdates.oracle.com: unable to get local issuer certificate To connect to getupdates.oracle.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection. Issue resolution: If you wish to ignore this failure you can use the '--no-check-certificate' switch in 'wget'. Example of the syntax: # /usr/sfw/bin/wget --http-user="" --http-passwd="xxx" --no-check-certificate "https://getupdates.oracle.com/all_unsigned/119254-77.zip" -O /tmp/119254-77.zip If you wish to check against the certificates, you can use the '--ca-certificate' switch to point to a file containing the certificates. http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 has an attachment called WGET3_getupdates.pem, which is a concatenation of the two certificates. If you save this file locally (eg to /tmp/cacerts.pem), you can use a syntax similar to: # /usr/sfw/bin/wget --ca-certificate=/tmp/cacerts.pem --http-user="" --http-passwd="xxx" "http://sunsolve.sun.com/pdownload.pl?target=142284method=h" -O /tmp/140778-01.zip HTH, -Don the following command works for me, with my valid account: $ wget --http-user="xx" --http-passwd="xxx" --no-check-certificate "https://getupdates.oracle.com/all_unsigned/119254-76.zip" -O 119254-76.zip --17:12:10-- https://getupdates.oracle.com/all_unsigned/119254-76.zip = `119254-76.zip' Resolving getupdates.oracle.com... 192.18.110.9 Connecting to getupdates.oracle.com|192.18.110.9|:443... connected. WARNING: Certificate verification error for getupdates.oracle.com: unable to get local issuer certificate HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/21808/patches/patchroot/all_unsigned/119254-76.zip?AuthParam=1290096781_9ed819b85c4f609ba7e00f2d9b7f3472TicketId=C19a%2FE6JV18%3DGroupName=SWUPFilePath=/21808/patches/patchroot/all_unsigned/119254-76.zipFile=119254-76.zip [following] --17:12:13-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/21808/patches/patchroot/all_unsigned/119254-76.zip?AuthParam=1290096781_9ed819b85c4f609ba7e00f2d9b7f3472TicketId=C19a%2FE6JV18%3DGroupName=SWUPFilePath=/21808/patches/patchroot/all_unsigned/119254-76.zipFile=119254-76.zip = `119254-76.zip' Resolving a248.e.akamai.net... 193.51.224.7, 193.51.224.23 Connecting to a248.e.akamai.net|193.51.224.7|:443... connected. WARNING: Certificate verification error for a248.e.akamai.net: unable to get local issuer certificate HTTP request sent, awaiting response... 200 OK Length: 1,708,956 (1.6M) [application/zip] 100%[] 1,708,956 897.62K/s 17:12:16 (894.74 KB/s) - `119254-76.zip' saved [1708956/1708956] -- Don O'Malley Manager, Patch System Test Revenue Product Engineering | Solaris | Hardware East Point Business Park, Dublin 3, Ireland Phone: +353 1 8199764 Team Alias: rpe_patch_system_test...@oracle.com
Re: [pca] getupdates.oracle.com now available for testing!
Don O'Malley wrote: The new patch download service - getupdates.oracle.com - is now available for testing. I have completed the necessary changes to PCA to make it work with the testing service of getupdates.oracle.com. The current development release (20101119-01) includes these changes: * Use correct URLs when sshost is set to getupdates.oracle.com * Include and use VeriSign certificate for HTTPS downloads from Oracle * Disable JAR downloads when using Oracle server * Use standard wget authentication options with Oracle It can download the patchdiag.xref, the sample patches and the patch READMEs from the new patch download service by setting the sshost option to getupdates.oracle.com. The user and passwd options must be set to the My Oracle Service-Account as well. Of course this is for testing only, and not for production: The new patch download service on getupdates.oracle.com is available for testing only, and does not provide all patches! As soon as the service goes into production (planned for Dec 10th), a new stable release of PCA will be published which will use getupdates.oracle.com by default. Let's hope for a flawless transition! Martin.
Re: [pca] getupdates.oracle.com now available for testing!
Hi Amy, Currently only the 4 patches explicitly listed in http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 and their REAMDEs are available for customers to verify that they can access the system. All other patches and patch entitlement will be rolled out on the 10th December. Best, -Don amy.r...@tufts.edu wrote: don.omalley Also patch 119254-77 has now been released, so AFAICT it has been don.omalley made public in place of 119254-76. I noticed this yesterday and was able to download 119254-77 at that time. This is why I sarted to look at the status of the patches before the whole site started returning errors. With my support contract linked to my MOS account, shouldn't I be able to download patches that require entitlement, too, though? Maybe that hasn't been implemented yet? -- Don O'Malley Manager, Patch System Test Revenue Product Engineering | Solaris | Hardware East Point Business Park, Dublin 3, Ireland Phone: +353 1 8199764 Team Alias: rpe_patch_system_test...@oracle.com
Re: [pca] getupdates.oracle.com now available for testing!
Hi Rajiv, Rajiv Gunja wrote: Don, All of them fail for me, including the Xref file. I get these errors: Xref File: --2010-11-19 11:05:23-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/21808/patches/patchroot/reports/patchdiag.xref?AuthParam=1290182758_a9a40aa3e570351d129bfd29146ca317TicketId=C19Y%2B0yKV14%3DGroupName=SWUPFilePath=/21808/patches/patchroot/reports/patchdiag.xrefFile=patchdiag.xref Resolving a248.e.akamai.net (a248.e.akamai.net)... failed: Name or service not known. wget: unable to resolve host address a248.e.akamai.net This is an internal network issue. Patch with Oracle SSO: Reusing existing connection to getupdates.oracle.com:443. HTTP request sent, awaiting response... 403 You are not entitled to retrieve this content. 2010-11-19 11:07:04 ERROR 403: You are not entitled to retrieve this content.. Which patch are you trying to download here? Will you cut and paste the wget command (with xxx for your passwd). Are you sure that this is using the Oracle SSO account credentials you have registered? Patch with Old sunsolve ID: Reusing existing connection to getupdates.oracle.com:443. HTTP request sent, awaiting response... 403 Service Error 2010-11-19 11:07:23 ERROR 403: Service Error. Your old Sun Onlkine Account info will not work with getupdates.oracle.com. I tried this from outside our Proxy. From behind the firewall, I am unable to resolve the getupdates.oracle.com This is an internal networking issue. Best, -Don -GGR -- Rajiv G Gunja Blog: http://ossrocks.blogspot.com On Thu, Nov 18, 2010 at 10:11, Don O'Malley don.omal...@oracle.com wrote: Hi, Is anyone having issues downloading any of the 4 sample patches? Please remember that you must register and use your Oracle Single Sign On (SSO) account (that you register for on My Oracle Support - http://support.oracle.com) as part of the wget requests to getupdates.oracle.com. i.e. --http-user and --http-passwd should be your Oracle SSO. I've seen 2 reports of issues on the PCA alias to date (from Martin Zube). Could you please cut and paste your wget requests into your reply if you are seeing issues ? (Remember to the --http-user and --http-passwd entries) Thanks! -Don Don O'Malley wrote: Hi Martin/All, The new patch download service - getupdates.oracle.com - is now available for testing. Details of how to use the new download service are available in the updated wget document - http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1. Please remember that you will need to resister for an Oracle SSO account on MOS (My Oracle Support - http://support.oracle.com) prior to being able to use the new download service, if you have not already done so. Here's an overview of that process: 1) Go to https://support.oracle.com/CSP/ui/flash.html (MOS) click "Register" in the green "Get Started" box 2) Complete required personal info to set up MOS SSO account. 3) Once you have gone through account setup successfully, wait a couple of minutes for your account to be setup and then login to MOS. 4) You are now redirected to MOS "User Registration", where you need to provide the following info: a) Support Contract Identifier agree to the Oracle Terms Of Use: Sun Customers should select the "Sun Contract Identifier" option and enter in their existing Sun Contract ID here. (You find your Sun Contract ID by logging into SunSolve with your existing Sun Online Account username/password and clicking the "Update Account" link on the top right of the page. Your Sun Contract Identifier(s) are the entries in the "Current Contracts:" field on this page.) b) Your contact information 5) When you've completed the Registration form (ensuring that you have a Green tick opposite "Support Identifier, Terms of Use"), click "Send" to complete registration receive confirmation that you have registered successfully. Please note that only the patches indicated in http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 (119254-76, 119318-01, 112951-15, 113713-28) and patchdiag.xref can be downloaded as part of this preview. I've tested downloading patchdiag.xref and 119254-76.zip, both using the certificate file and the --no-check-certificate option and everything looks good: bash-3.00# wget --http-user="" --http-passwd="" --no-check-certificate "https://getupdates.oracle.com/reports/patchdiag.xref" -O /tmp/patchdiag.xref --09:48:39-- https://getupdates.oracle.com/reports/patchdiag.xref = `/tmp/patchdiag.xref' Resolving getupdates.oracle.com... 192.18.110.9 Connecting to getupdates.oracle.com|192.18.110.9|:443... connected. WARNING: Certificate verification error for getupdates.oracle.com: unable to get local issuer certificate HTTP request sent, awaiting response... 302 Moved Temporarily Location: