Ubuntu Trunk Checksum failed



  • Ubuntu 14.04.4

    Upgrading from a working 1.2.0 to latest trunk version

    Follow standard install/upgrade instructions using svn

    installer fails at “getting cheksum files for kernels and inits…failed!”

    Below is a screenshot of the configuration home page; notice the lack of info for the bzimage versions

    0_1458229851862_Capture.PNG

    Also a screenshot of the kernel update page; notice no options for upgrading kernels via the GUI

    0_1458229988157_Capture.PNG any help/guidance would be greatly appreciated


  • Developer

    Good to know. So it seams to only cause problems with a distinct combination of curl and openssl version(s). Possibly the newer curl version works around an openssl bug or the other way round… :-D


  • Moderator

    @Sebastian-Roth The same as reflexxion, but my curl is newer.

    I have : 7.43.0-1ubuntu2.1


  • Developer

    @reflexxion Thanks for your patients trying all the things out. This will definitely help others who run into similar issues. But I guess not very many people have the package repo deb.sury.org added like you have. Seams like others have trouble with curl and ssl versions as well: https://sourceforge.net/p/curl/bugs/1319/

    @Quazz Which “same” version of openssl did you mean? 1.0.1f-1ubuntu2.18 or @reflexxion’s 1.0.2g-1+deb.sury.org~trusty+1?? If it is 1.0.2… then which version of curl you have?



  • @Sebastian-Roth Well, it fixed the install issue. The kernel update portion of the GUI is still not functional (not significant I don’t think) and the “estimated fog sites” is not working as well. No worries with that stuff… just thought I’d report it!



  • @Sebastian-Roth THAT FIXED IT SIR! Thanks! Not sure if this has been helpful diagnostics for you guys… but I’ve certainly learned a lot! Thanks again!


  • Developer

    @reflexxion Ok, TLSv1.1 seams to work. So as a quick fix you can force curl to always use TLSv1.1 encrpytion via curlrc: echo "tlsv1.1" >> ~/.curlrc
    Then try running the installer again!



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# curl --tlsv1 --ciphers AES256-SHA -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    454      0 --:--:-- --:--:-- --:--:--   454
    root@FogWest:~/svn/trunk/bin# curl --tlsv1.0 -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    498      0 --:--:-- --:--:-- --:--:--   499
    root@FogWest:~/svn/trunk/bin# curl --tlsv1.1 -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    481      0 --:--:-- --:--:-- --:--:--   480
    root@FogWest:~/svn/trunk/bin# curl --tlsv1.2 -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
    curl: (35) Unknown SSL protocol error in connection to fogproject.org:443 
    root@FogWest:~/svn/trunk/bin# curl --tlsv1 --ciphers AES256-SHA -ko "checksums" https://fogproject.org/inits/index.php
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   277    0   277    0     0    401      0 --:--:-- --:--:-- --:--:--   400
    root@FogWest:~/svn/trunk/bin# 
    

  • Developer

    @reflexxion Before downgrading you might want to try forcing curl to use different SSL protocol versions and/or cipher suites:

    curl --tlsv1.0 -ko "checksums" https://fogproject.org/inits/index.php
    curl --tlsv1.1 -ko "checksums" https://fogproject.org/inits/index.php
    curl --tlsv1.2 -ko "checksums" https://fogproject.org/inits/index.php
    curl --tlsv1 --ciphers AES256-SHA -ko "checksums" https://fogproject.org/inits/index.php
    

    See if any of those is working for you…


  • Moderator

    I have the same openssl version on my production system.



  • @Sebastian-Roth do you know how I can downgrade to test?


  • Developer

    @reflexxion Ok, I have: curl 7.35.0-1ubuntu2.6 but openssl 1.0.1f-1ubuntu2.18 on one of my test servers (curl downloading the checksums fine!)



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# dpkg -l | grep -e "curl" -e "openssl"
    ii  curl                                                  7.35.0-1ubuntu2.6                                   i386         command line tool for transferring data with URL syntax
    ii  libcurl3:i386                                         7.35.0-1ubuntu2.6                                   i386         easy-to-use client-side URL transfer library (OpenSSL flavour)
    ii  libcurl3-gnutls:i386                                  7.35.0-1ubuntu2.6                                   i386         easy-to-use client-side URL transfer library (GnuTLS flavour)
    ii  libcurl4-openssl-dev:i386                             7.35.0-1ubuntu2.6                                   i386         development files and documentation for libcurl (OpenSSL flavour)
    ii  libgnutls-openssl27:i386                              2.12.23-12ubuntu2.5                                 i386         GNU TLS library - OpenSSL wrapper
    ii  openssl                                               1.0.2g-1+deb.sury.org~trusty+1                      i386         Secure Sockets Layer toolkit - cryptographic utility
    ii  php5-curl                                             5.6.19+dfsg-1+deb.sury.org~trusty+1                 i386         CURL module for php5
    ii  python-openssl                                        0.13-2ubuntu6                                       i386         Python 2 wrapper around the OpenSSL library
    ii  python3-pycurl                                        7.19.3-0ubuntu3                                     i386         Python 3 bindings to libcurl
    root@FogWest:~/svn/trunk/bin# 
    

  • Developer

    @reflexxion Which version of curl and openssl? dpkg -l | grep -e " curl" -e " openssl"



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# curl -vvko "checksums" https://fogproject.org/inits/index.php
    * Hostname was NOT found in DNS cache
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 162.213.199.177...
    * Connected to fogproject.org (162.213.199.177) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Server hello (2):
    { [data not shown]
    * SSLv3, TLS handshake, CERT (11):
    { [data not shown]
    * SSLv3, TLS handshake, Server key exchange (12):
    { [data not shown]
    * SSLv3, TLS handshake, Server finished (14):
    { [data not shown]
    * SSLv3, TLS handshake, Client key exchange (16):
    } [data not shown]
    * SSLv3, TLS change cipher, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Finished (20):
    } [data not shown]
    * Unknown SSL protocol error in connection to fogproject.org:443 
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
    * Closing connection 0
    curl: (35) Unknown SSL protocol error in connection to fogproject.org:443 
    root@FogWest:~/svn/trunk/bin# 
    

  • Developer

    @reflexxion Ok, and what about verbose curl output: curl -vvko "checksums" https://fogproject.org/inits/index.php

    Maybe this is related: https://sourceforge.net/p/curl/bugs/1319/



  • @Sebastian-Roth

    root@FogWest:~/svn/trunk/bin# openssl s_client -connect fogproject.org:443
    CONNECTED(00000003)
    depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
    verify return:1
    depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Domain Validation CA - SHA256 - G2
    verify return:1
    depth=0 OU = Domain Control Validated, CN = www.fogproject.org
    verify return:1
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/CN=www.fogproject.org
       i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
     1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
       i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
     2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
       i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIGHzCCBQegAwIBAgISESEX9Cbj3NHROwUOEHFlfU6JMA0GCSqGSIb3DQEBCwUA
    MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD
    VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
    RzIwHhcNMTUwNTEyMjAzNzUyWhcNMTYwNTEyMjAzNzUyWjBAMSEwHwYDVQQLExhE
    b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMTEnd3dy5mb2dwcm9qZWN0
    Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMuzuXvvvV4q2W8
    AzmzpOFS0O4DIoI6CfPTORZBGKqqC8FGdo1y52wXM+UplDR11rd0QdVX8ejmGfwt
    8dX7X1saj+zS5saeddBnZB/YjLwNc0mU5KkcTaECLTFYtdvpk2TYDRBTHbAxjU6o
    IFyUCeFt4gzddBfytzVdGxmZ3PqQNEqXb7/Oq4V0T6aSECb5EXXgqLEgU+JJPDvl
    8qLgGC4Mavx6/4GYBS+mF4ByetsaBL1EcJmDCEggTXRK5nHmiqIsThfmJjGhqTY2
    +AP3tu7A0z4Zm0gXt4WwvT/MUGBR7l/tmNJR+BCRGsjdCUKXvZhFwnfqgP2D69iJ
    4E1dqsECAwEAAaOCAvEwggLtMA4GA1UdDwEB/wQEAwIFoDBJBgNVHSAEQjBAMD4G
    BmeBDAECATA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
    bS9yZXBvc2l0b3J5LzCCAUgGA1UdEQSCAT8wggE7ghJ3d3cuZm9ncHJvamVjdC5v
    cmeCE2Jsb2cuZm9ncHJvamVjdC5vcmeCE2RlbW8uZm9ncHJvamVjdC5vcmeCEmRl
    di5mb2dwcm9qZWN0Lm9yZ4IUZmlsZXMuZm9ncHJvamVjdC5vcmeCFWZvcnVtcy5m
    b2dwcm9qZWN0Lm9yZ4ISZ2l0LmZvZ3Byb2plY3Qub3JnghVtaXJyb3IuZm9ncHJv
    amVjdC5vcmeCE25ld3MuZm9ncHJvamVjdC5vcmeCFXBvcnRhbC5mb2dwcm9qZWN0
    Lm9yZ4IWcHJldmlldy5mb2dwcm9qZWN0Lm9yZ4ITdGVzdC5mb2dwcm9qZWN0Lm9y
    Z4IRdm0uZm9ncHJvamVjdC5vcmeCE3dpa2kuZm9ncHJvamVjdC5vcmeCDmZvZ3By
    b2plY3Qub3JnMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
    BwMCMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20v
    Z3MvZ3Nkb21haW52YWxzaGEyZzIuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDBHBggr
    BgEFBQcwAoY7aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nk
    b21haW52YWxzaGEyZzJyMS5jcnQwOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwMi5n
    bG9iYWxzaWduLmNvbS9nc2RvbWFpbnZhbHNoYTJnMjAdBgNVHQ4EFgQUcRo84Nto
    hT9tDrVEUVfsg74fgUUwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8w
    DQYJKoZIhvcNAQELBQADggEBAAa4CLixH0WBSV7S5pk0HPTklIK1IuKXseVlcGU7
    j3xXHnQKdXpmH/iBDUYgHrMxdxxGTP8B0ZyajB6UNX/Qie/2LOFjo8VCsFlQ/2G0
    8bRltd9kuf0GvaJByqTiGf3o2dNNbcmvWbl537ohd8Iry0O9GfiTel7+TShYx80j
    egBf/ob3BfTms1K0uFhenisfyOYPIvjFC41bDMhJpf1cc7K+S4RSjdqtL+cxTe1s
    9as//voRxtCjAB3zdi9sXEORTcON3pexRF4xNIcUBOYwf5J6ylJYfFDhGbx3V9SF
    V7Q+yRhKgjwR7QQTl9yZfdVikcHag14y6sndYKHLj0RuU68=
    -----END CERTIFICATE-----
    subject=/OU=Domain Control Validated/CN=www.fogproject.org
    issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 4268 bytes and written 431 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: 3D9E36636E42207F6A4725680FE0318953437B0C138AC009E40AC77D993A254E
        Session-ID-ctx: 
        Master-Key: 3D99DF9630DCE2E4B51EBA407AAA491F771EA67EDF61C1448756E64C38A09B8129B9C729EEE576420DA2227766A8F850
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - 0c 1b 69 ce e2 db 66 10-f5 a9 81 82 76 9a 7c 34   ..i...f.....v.|4
        0010 - 6f 03 24 99 72 2d c4 0f-0d 8b bb 5d 17 1b 1e 81   o.$.r-.....]....
        0020 - e0 3d c0 28 3d ea 7d b9-0d 3c e5 bb e8 70 08 63   .=.(=.}..<...p.c
        0030 - 20 3e 62 8f a2 ef 5f 8e-54 69 bf de 75 41 c4 e2    >b..._.Ti..uA..
        0040 - c5 72 7b 8d 38 3b 49 b5-d9 24 8f 88 22 a7 54 46   .r{.8;I..$..".TF
        0050 - 9e 77 73 cc 00 3a 34 39-03 88 61 2d 3c d9 36 14   .ws..:49..a-<.6.
        0060 - 75 45 ad 41 da ee 1a 7e-67 57 39 a0 bc d5 fe 69   uE.A...~gW9....i
        0070 - 71 b8 93 16 20 de 65 56-2c be 32 80 9c cf 4a 19   q... .eV,.2...J.
        0080 - 9c 28 35 67 96 f6 3d 2f-0d 6f bb 7a 55 18 ff e7   .(5g..=/.o.zU...
        0090 - 8e 68 58 af 41 9e dd 07-5e f7 f7 4b d9 f8 44 33   .hX.A...^..K..D3
        00a0 - ab 71 aa e6 4c ad cb f2-e1 6f ae e6 6e 2c 9b 71   .q..L....o..n,.q
    
        Start Time: 1458575172
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    

  • Developer

    @reflexxion Try openssl s_client -connect fogproject.org:443 (just hit Ctrl-c to get back to the shell) and post the fully output you see here…


  • Senior Developer

    @reflexxion It’s ssl related, but not from FOG’s perspective. Something on your system is blocking ssl requests (or transforming it on reception)



  • @Tom-Elliott hey Tom, I just re-ran that curl command again without the “https” and it returned data… does that mean it’s an ssl issue?


 

380
Online

41.5k
Users

11.9k
Topics

113.3k
Posts