Security Update Failing on Cert Update

Kernel, Main, Utilities & Applications, Miscellaneous Devices.
abbub
Posts: 36
Joined: Mon May 25, 2020 3:52 pm
Location: Fort Collins, CO
Has thanked: 2 times
Been thanked: 7 times
Contact:

Security Update Failing on Cert Update

Unread post by abbub »

When I run the 'update security' script, I get an error message saying:

mv: cannot move '/etc/ssl/certs/cert.pem' to '/etc/ssl/certs/<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">.pem': no such file or directory.

obviously, I could create that directory, but I have a nagging suspicion that's not the actual name of the directory it's supposed to be copying stuff into.

After that failure, it says, 'CA certificates have been successfully fixed.', but if I run the security update script again, it again tells me my certs need to be fixed and just goes through the same process with the error message.

Any thoughts?
User avatar
aberu
Core Developer
Posts: 1192
Joined: Tue Jun 09, 2020 8:34 pm
Location: Longmont, CO
Has thanked: 247 times
Been thanked: 411 times
Contact:

Re: Security Update Failing on Cert Update

Unread post by aberu »

The problem is because whatever variable is plugging in `<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">` must be messed up. It looks like the parts that are supposed to echo sections into the cert itself or another file are just being passed into the filename.
birdybro~
abbub
Posts: 36
Joined: Mon May 25, 2020 3:52 pm
Location: Fort Collins, CO
Has thanked: 2 times
Been thanked: 7 times
Contact:

Re: Security Update Failing on Cert Update

Unread post by abbub »

Gotcha. I'll try to find the script on the file system and dissect it to see where it's falling apart.
abbub
Posts: 36
Joined: Mon May 25, 2020 3:52 pm
Location: Fort Collins, CO
Has thanked: 2 times
Been thanked: 7 times
Contact:

Re: Security Update Failing on Cert Update

Unread post by abbub »

Found it. The url to grab the certs has changed from https://curl.haxx.se/ca/cacert.pem to https://curl.se/ca/cacert.pem
Fixed the url and the certs updated without any issues.
User avatar
aberu
Core Developer
Posts: 1192
Joined: Tue Jun 09, 2020 8:34 pm
Location: Longmont, CO
Has thanked: 247 times
Been thanked: 411 times
Contact:

Re: Security Update Failing on Cert Update

Unread post by aberu »

Ah, great job! You should submit a pull request on github for the script with the fix you included. :)

https://github.com/MiSTer-devel/Scripts ... y_fixes.sh
birdybro~
Locutus73
Core Developer
Posts: 51
Joined: Mon May 25, 2020 9:55 am
Has thanked: 1 time
Been thanked: 8 times

Re: Security Update Failing on Cert Update

Unread post by Locutus73 »

I just tested https://curl.haxx.se/ca/cacert.pem and it seems to work?
Maybe a temporary issue?

Regards.
Locutus73
User avatar
kfreiberg
Posts: 52
Joined: Thu Sep 03, 2020 4:34 pm
Location: Hoth (AKA Wisconsin)
Has thanked: 7 times
Been thanked: 7 times

Re: Security Update Failing on Cert Update

Unread post by kfreiberg »

Locutus73 wrote: Tue Feb 02, 2021 11:09 am I just tested https://curl.haxx.se/ca/cacert.pem and it seems to work?
Maybe a temporary issue?

Regards.
Locutus73
That sounds like a borg plot to me! ;)
User avatar
salamantecas
Posts: 108
Joined: Sat Feb 26, 2022 8:31 pm
Has thanked: 110 times
Been thanked: 14 times

Re: Security Update Failing on Cert Update

Unread post by salamantecas »

hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
User avatar
aberu
Core Developer
Posts: 1192
Joined: Tue Jun 09, 2020 8:34 pm
Location: Longmont, CO
Has thanked: 247 times
Been thanked: 411 times
Contact:

Re: Security Update Failing on Cert Update

Unread post by aberu »

salamantecas wrote: Mon Jul 11, 2022 2:59 pm hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
Login to the mister over ssh, and then run rm -rf /media/fat/scripts/.config

Rerun the script, see if that fixes it for ya.
birdybro~
User avatar
salamantecas
Posts: 108
Joined: Sat Feb 26, 2022 8:31 pm
Has thanked: 110 times
Been thanked: 14 times

Re: Security Update Failing on Cert Update

Unread post by salamantecas »

aberu wrote: Mon Jul 11, 2022 4:03 pm
salamantecas wrote: Mon Jul 11, 2022 2:59 pm hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
Login to the mister over ssh, and then run rm -rf /media/fat/scripts/.config

Rerun the script, see if that fixes it for ya.
Thanks for the help and response, in my case it has not worked, it just keeps thinking and seems to delete the hidden folder /.config
I think the sd card must have been corrupted, which could already be. I will do a fresh install. Thank you very much for answering
Malor
Top Contributor
Posts: 860
Joined: Wed Feb 09, 2022 11:50 pm
Has thanked: 64 times
Been thanked: 195 times

Re: Security Update Failing on Cert Update

Unread post by Malor »

Check to be sure your date and time in the Mister are correct. We had another person with a similar-sounding problem that wasn't getting the clock set by the NTP daemon. You can just look at the main menu header; where it says MiSTer and shows a network and RAM icon, to the right should be the date and time. If it's blank up there, your time is probably not being set correctly.
Post Reply