Ubuntu Trunk Checksum failed



  • Ubuntu 14.04.4

    Upgrading from a working 1.2.0 to latest trunk version

    Follow standard install/upgrade instructions using svn

    installer fails at “getting cheksum files for kernels and inits…failed!”

    Below is a screenshot of the configuration home page; notice the lack of info for the bzimage versions

    0_1458229851862_Capture.PNG

    Also a screenshot of the kernel update page; notice no options for upgrading kernels via the GUI

    0_1458229988157_Capture.PNG any help/guidance would be greatly appreciated


  • Developer

    Good to know. So it seams to only cause problems with a distinct combination of curl and openssl version(s). Possibly the newer curl version works around an openssl bug or the other way round… :-D


  • Moderator

    @Sebastian-Roth The same as reflexxion, but my curl is newer.

    I have : 7.43.0-1ubuntu2.1


  • Developer

    @reflexxion Thanks for your patients trying all the things out. This will definitely help others who run into similar issues. But I guess not very many people have the package repo deb.sury.org added like you have. Seams like others have trouble with curl and ssl versions as well: https://sourceforge.net/p/curl/bugs/1319/

    @Quazz Which “same” version of openssl did you mean? 1.0.1f-1ubuntu2.18 or @reflexxion’s 1.0.2g-1+deb.sury.org~trusty+1?? If it is 1.0.2… then which version of curl you have?



  • @Sebastian-Roth Well, it fixed the install issue. The kernel update portion of the GUI is still not functional (not significant I don’t think) and the “estimated fog sites” is not working as well. No worries with that stuff… just thought I’d report it!



  • @Sebastian-Roth THAT FIXED IT SIR! Thanks! Not sure if this has been helpful diagnostics for you guys… but I’ve certainly learned a lot! Thanks again!


  • Developer

    @reflexxion Ok, TLSv1.1 seams to work. So as a quick fix you can force curl to always use TLSv1.1 encrpytion via curlrc: echo "tlsv1.1" >> ~/.curlrc
    Then try running the installer again!



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# curl --tlsv1 --ciphers AES256-SHA -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    454      0 --:--:-- --:--:-- --:--:--   454
    root@FogWest:~/svn/trunk/bin# curl --tlsv1.0 -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    498      0 --:--:-- --:--:-- --:--:--   499
    root@FogWest:~/svn/trunk/bin# curl --tlsv1.1 -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    481      0 --:--:-- --:--:-- --:--:--   480
    root@FogWest:~/svn/trunk/bin# curl --tlsv1.2 -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
    curl: (35) Unknown SSL protocol error in connection to fogproject.org:443 
    root@FogWest:~/svn/trunk/bin# curl --tlsv1 --ciphers AES256-SHA -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    401      0 --:--:-- --:--:-- --:--:--   400
    root@FogWest:~/svn/trunk/bin# 
    

  • Developer

    @reflexxion Before downgrading you might want to try forcing curl to use different SSL protocol versions and/or cipher suites:

    curl --tlsv1.0 -ko "checksums" https://fogproject.org/inits/index.php
    curl --tlsv1.1 -ko "checksums" https://fogproject.org/inits/index.php
    curl --tlsv1.2 -ko "checksums" https://fogproject.org/inits/index.php
    curl --tlsv1 --ciphers AES256-SHA -ko "checksums" https://fogproject.org/inits/index.php
    

    See if any of those is working for you…


  • Moderator

    I have the same openssl version on my production system.



  • @Sebastian-Roth do you know how I can downgrade to test?


  • Developer

    @reflexxion Ok, I have: curl 7.35.0-1ubuntu2.6 but openssl 1.0.1f-1ubuntu2.18 on one of my test servers (curl downloading the checksums fine!)



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# dpkg -l | grep -e "curl" -e "openssl"
    ii  curl                                                  7.35.0-1ubuntu2.6                                   i386         command line tool for transferring data with URL syntax
    ii  libcurl3:i386                                         7.35.0-1ubuntu2.6                                   i386         easy-to-use client-side URL transfer library (OpenSSL flavour)
    ii  libcurl3-gnutls:i386                                  7.35.0-1ubuntu2.6                                   i386         easy-to-use client-side URL transfer library (GnuTLS flavour)
    ii  libcurl4-openssl-dev:i386                             7.35.0-1ubuntu2.6                                   i386         development files and documentation for libcurl (OpenSSL flavour)
    ii  libgnutls-openssl27:i386                              2.12.23-12ubuntu2.5                                 i386         GNU TLS library - OpenSSL wrapper
    ii  openssl                                               1.0.2g-1+deb.sury.org~trusty+1                      i386         Secure Sockets Layer toolkit - cryptographic utility
    ii  php5-curl                                             5.6.19+dfsg-1+deb.sury.org~trusty+1                 i386         CURL module for php5
    ii  python-openssl                                        0.13-2ubuntu6                                       i386         Python 2 wrapper around the OpenSSL library
    ii  python3-pycurl                                        7.19.3-0ubuntu3                                     i386         Python 3 bindings to libcurl
    root@FogWest:~/svn/trunk/bin# 
    

  • Developer

    @reflexxion Which version of curl and openssl? dpkg -l | grep -e " curl" -e " openssl"



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# curl -vvko "checksums" https://fogproject.org/inits/index.php
    * Hostname was NOT found in DNS cache
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 162.213.199.177...
    * Connected to fogproject.org (162.213.199.177) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Server hello (2):
    { [data not shown]
    * SSLv3, TLS handshake, CERT (11):
    { [data not shown]
    * SSLv3, TLS handshake, Server key exchange (12):
    { [data not shown]
    * SSLv3, TLS handshake, Server finished (14):
    { [data not shown]
    * SSLv3, TLS handshake, Client key exchange (16):
    } [data not shown]
    * SSLv3, TLS change cipher, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Finished (20):
    } [data not shown]
    * Unknown SSL protocol error in connection to fogproject.org:443 
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
    * Closing connection 0
    curl: (35) Unknown SSL protocol error in connection to fogproject.org:443 
    root@FogWest:~/svn/trunk/bin# 
    

  • Developer

    @reflexxion Ok, and what about verbose curl output: curl -vvko "checksums" https://fogproject.org/inits/index.php

    Maybe this is related: https://sourceforge.net/p/curl/bugs/1319/



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# openssl s_client -connect fogproject.org:443
    CONNECTED(00000003)
    depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
    verify return:1
    depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Domain Validation CA - SHA256 - G2
    verify return:1
    depth=0 OU = Domain Control Validated, CN = www.fogproject.org
    verify return:1
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/CN=www.fogproject.org
       i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
     1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
       i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
     2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
       i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIGHzCCBQegAwIBAgISESEX9Cbj3NHROwUOEHFlfU6JMA0GCSqGSIb3DQEBCwUA
    MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD
    VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
    RzIwHhcNMTUwNTEyMjAzNzUyWhcNMTYwNTEyMjAzNzUyWjBAMSEwHwYDVQQLExhE
    b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMTEnd3dy5mb2dwcm9qZWN0
    Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMuzuXvvvV4q2W8
    AzmzpOFS0O4DIoI6CfPTORZBGKqqC8FGdo1y52wXM+UplDR11rd0QdVX8ejmGfwt
    8dX7X1saj+zS5saeddBnZB/YjLwNc0mU5KkcTaECLTFYtdvpk2TYDRBTHbAxjU6o
    IFyUCeFt4gzddBfytzVdGxmZ3PqQNEqXb7/Oq4V0T6aSECb5EXXgqLEgU+JJPDvl
    8qLgGC4Mavx6/4GYBS+mF4ByetsaBL1EcJmDCEggTXRK5nHmiqIsThfmJjGhqTY2
    +AP3tu7A0z4Zm0gXt4WwvT/MUGBR7l/tmNJR+BCRGsjdCUKXvZhFwnfqgP2D69iJ
    4E1dqsECAwEAAaOCAvEwggLtMA4GA1UdDwEB/wQEAwIFoDBJBgNVHSAEQjBAMD4G
    BmeBDAECATA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
    bS9yZXBvc2l0b3J5LzCCAUgGA1UdEQSCAT8wggE7ghJ3d3cuZm9ncHJvamVjdC5v
    cmeCE2Jsb2cuZm9ncHJvamVjdC5vcmeCE2RlbW8uZm9ncHJvamVjdC5vcmeCEmRl
    di5mb2dwcm9qZWN0Lm9yZ4IUZmlsZXMuZm9ncHJvamVjdC5vcmeCFWZvcnVtcy5m
    b2dwcm9qZWN0Lm9yZ4ISZ2l0LmZvZ3Byb2plY3Qub3JnghVtaXJyb3IuZm9ncHJv
    amVjdC5vcmeCE25ld3MuZm9ncHJvamVjdC5vcmeCFXBvcnRhbC5mb2dwcm9qZWN0
    Lm9yZ4IWcHJldmlldy5mb2dwcm9qZWN0Lm9yZ4ITdGVzdC5mb2dwcm9qZWN0Lm9y
    Z4IRdm0uZm9ncHJvamVjdC5vcmeCE3dpa2kuZm9ncHJvamVjdC5vcmeCDmZvZ3By
    b2plY3Qub3JnMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
    BwMCMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20v
    Z3MvZ3Nkb21haW52YWxzaGEyZzIuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDBHBggr
    BgEFBQcwAoY7aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nk
    b21haW52YWxzaGEyZzJyMS5jcnQwOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwMi5n
    bG9iYWxzaWduLmNvbS9nc2RvbWFpbnZhbHNoYTJnMjAdBgNVHQ4EFgQUcRo84Nto
    hT9tDrVEUVfsg74fgUUwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8w
    DQYJKoZIhvcNAQELBQADggEBAAa4CLixH0WBSV7S5pk0HPTklIK1IuKXseVlcGU7
    j3xXHnQKdXpmH/iBDUYgHrMxdxxGTP8B0ZyajB6UNX/Qie/2LOFjo8VCsFlQ/2G0
    8bRltd9kuf0GvaJByqTiGf3o2dNNbcmvWbl537ohd8Iry0O9GfiTel7+TShYx80j
    egBf/ob3BfTms1K0uFhenisfyOYPIvjFC41bDMhJpf1cc7K+S4RSjdqtL+cxTe1s
    9as//voRxtCjAB3zdi9sXEORTcON3pexRF4xNIcUBOYwf5J6ylJYfFDhGbx3V9SF
    V7Q+yRhKgjwR7QQTl9yZfdVikcHag14y6sndYKHLj0RuU68=
    -----END CERTIFICATE-----
    subject=/OU=Domain Control Validated/CN=www.fogproject.org
    issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 4268 bytes and written 431 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: 3D9E36636E42207F6A4725680FE0318953437B0C138AC009E40AC77D993A254E
        Session-ID-ctx: 
        Master-Key: 3D99DF9630DCE2E4B51EBA407AAA491F771EA67EDF61C1448756E64C38A09B8129B9C729EEE576420DA2227766A8F850
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - 0c 1b 69 ce e2 db 66 10-f5 a9 81 82 76 9a 7c 34   ..i...f.....v.|4
        0010 - 6f 03 24 99 72 2d c4 0f-0d 8b bb 5d 17 1b 1e 81   o.$.r-.....]....
        0020 - e0 3d c0 28 3d ea 7d b9-0d 3c e5 bb e8 70 08 63   .=.(=.}..<...p.c
        0030 - 20 3e 62 8f a2 ef 5f 8e-54 69 bf de 75 41 c4 e2    >b..._.Ti..uA..
        0040 - c5 72 7b 8d 38 3b 49 b5-d9 24 8f 88 22 a7 54 46   .r{.8;I..$..".TF
        0050 - 9e 77 73 cc 00 3a 34 39-03 88 61 2d 3c d9 36 14   .ws..:49..a-<.6.
        0060 - 75 45 ad 41 da ee 1a 7e-67 57 39 a0 bc d5 fe 69   uE.A...~gW9....i
        0070 - 71 b8 93 16 20 de 65 56-2c be 32 80 9c cf 4a 19   q... .eV,.2...J.
        0080 - 9c 28 35 67 96 f6 3d 2f-0d 6f bb 7a 55 18 ff e7   .(5g..=/.o.zU...
        0090 - 8e 68 58 af 41 9e dd 07-5e f7 f7 4b d9 f8 44 33   .hX.A...^..K..D3
        00a0 - ab 71 aa e6 4c ad cb f2-e1 6f ae e6 6e 2c 9b 71   .q..L....o..n,.q
    
        Start Time: 1458575172
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    

  • Developer

    @reflexxion Try openssl s_client -connect fogproject.org:443 (just hit Ctrl-c to get back to the shell) and post the fully output you see here…


  • Senior Developer

    @reflexxion It’s ssl related, but not from FOG’s perspective. Something on your system is blocking ssl requests (or transforming it on reception)



  • @Tom-Elliott hey Tom, I just re-ran that curl command again without the “https” and it returned data… does that mean it’s an ssl issue?


Log in to reply
 

471
Online

38746
Users

10572
Topics

100071
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.