Hi Mark,
Unfortunately, in this case the certificate has already been added to the system, necessary to get https working. Greg ________________________________ From: Mark Hatle <mark.ha...@windriver.com> Sent: Thursday, September 7, 2017 9:31:02 AM To: Greg Wilson-Lindberg; Andre McCurdy Cc: yocto@yoctoproject.org Subject: Re: [yocto] Working behind a Palo Alto firewall/proxy I've had a customer with a similar problem. The way they resolved it was to download the certification from their proxy and add it to their system as a known certificate. Sorry I don't have any more details then that, but maybe that can spark someone who knows the actual steps to be able to comment. --Mark On 9/7/17 11:28 AM, Greg Wilson-Lindberg wrote: > Hi Andre, > > > Here is the complete error output: > > ERROR: qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch: Fetcher > failure: Fetch command export > DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-9ReQWXYEk1"; export > SSH_AUTH_SOCK="/run/user/1000/keyring-4PGABB/ssh"; export > PATH="/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/poky/scripts:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/bin/arm-poky-linux-gnueabi:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/raspberrypi3/usr/bin/crossscripts:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/sbin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/sbin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/poky/scripts:/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/poky/bitbake/bin:/home/gwilson/TEE:/home/gwilson/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/microchip/xc32/v1.34/bin:/home/gwilson/RPi3/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin"; > export HOME="/home/gwilson"; LANG=C git -c core.fsyncobjectfiles=0 clone > --bare > --mirror http://codereview.qt-project.org/qt/qtdeviceutilities > /home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/../downloads/git2/codereview.qt-project.org.qt.qtdeviceutilities > --progress failed with exit code 128, output: > Cloning into bare repository > '/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/../downloads/git2/codereview.qt-project.org.qt.qtdeviceutilities'... > fatal: unable to access > 'https://codereview.qt-project.org/qt/qtdeviceutilities/': server certificate > verification failed. CAfile: > /usr/share/ca-certificates/cert_Decryption-Certificate.pem CRLfile: none > > ERROR: qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch: Fetcher > failure for URL: > 'git://codereview.qt-project.org/qt/qtdeviceutilities;nobranch=1;protocol=http'. > Unable to fetch URL from any source. > ERROR: qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch: Function > failed: base_do_fetch > ERROR: Logfile of failure stored in: > /home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/work/cortexa7hf-neon-vfpv4-poky-linux-gnueabi/qtdeviceutilities/5.9.1+gitAUTOINC+48fb704e64-r0/temp/log.do_fetch.8128 > ERROR: Task > (/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/meta-boot2qt/recipes-qt/qt5/qtdeviceutilities.bb:do_fetch) > failed with exit code '1' > > So it looks like: > > qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch > > is what's running. > > > > -------------------------------------------------------------------------------- > *From:* Andre McCurdy <armccu...@gmail.com> > *Sent:* Wednesday, September 6, 2017 6:34:07 PM > *To:* Greg Wilson-Lindberg > *Cc:* yocto@yoctoproject.org > *Subject:* Re: [yocto] Working behind a Palo Alto firewall/proxy > > On Wed, Sep 6, 2017 at 2:42 PM, Greg Wilson-Lindberg > <gwil...@sakuraus.com> wrote: >> Hi List, >> >> Does anybody have any experience trying to run Yocto behind a Palo Alto >> firewall. The Palo Alto firewall basically works as a Man in the Middle >> system, it hands out its own certificate to boxes behind it and then >> decrypts and re-encrypts traffic going through it. The Palo Alto box is >> supposed to act as a transparent Proxy. >> >> I'm getting an error that the 'server certificate verification failed' about >> an hour into a yocto build. The certificate that the Palo Alto box is >> sending to my system is self-signed so will fail if checked for a valid root >> CA, and also is not from whatever site is being downloaded from. > > Which site is being downloaded from and at which point in the build > (ie which recipe and task) ? > >
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto