I am having an issue with a lab server I am running using CentOS 9, when I'm trying to install Grafana, the GPG check fails. This is the output I get:
Importing GPG key 0x24098CB6:
Userid : "Grafana <info#grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
Key import failed (code 2). Failing package is: grafana-8.5.5-1.x86_64
GPG Keys are configured as: https://packages.grafana.com/gpg.key
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
When I try the same on my local Fedora 35 machine, I get this:
Importing GPG key 0x24098CB6:
Userid : "Grafana <info#grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
Key imported successfully
Running transaction check
The packages being downloaded are the same grafana-8.5.5-1.x86_64.rpm, I am using dnf for both installations, and the grafana.repo files are both the same:
[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
I know I could just turn off the gpg checking, but I am not comfortable with a solution like that.
Any help resolving this would be greatly appreciated! Let me know if I should supply any more information.
I've quite recently swapped over to CentOS and Fedora, so I apologize if this has been resolved before, but I was unable to find it.
There has been some change with the default crypto policies in CentOS streams 9.
update-crypto-policies --set DEFAULT:SHA1
The packages need to be re-signed with a SHA256 or SHA521 key instead of SHA1.
Ref: https://access.redhat.com/articles/6846411
Related
We installed Kubeflow 1.0 on Kubernetes 1.15.16 (with Azure) and we have an issue with SSL certificate when trying to install pip package in Jupiter Notebook. The same issue also appear when trying to install directly the package from the docker container used for the Notebook Server:
In order to provide more context about the mentioned issues, here are attached some outputs that contain the errores mentioned within.
Issues found during installation of ‘nose’ package
If we try:
pip install --index-url=https://pypi.python.org/simple/ nose
Output is:
WARNING: Certificate did not match expected hostname: pypi.python.org.
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError
Could not fetch URL https://pypi.python.org/simple/nose/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/nose/
ERROR: Could not find a version that satisfies the requirement nose (from versions: none)
ERROR: No matching distribution found for nose
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/pip/
Similar issue also happen using curl:
! curl https://pypi.org
Output:
curl: (51) SSL: no alternative certificate subject name matches target host name 'pypi.org'
We tried to ignore the SSL verification using
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org
But is also raise an error:
ERROR: Could not find a version that satisfies the requirement nose (from versions: none)
ERROR: No matching distribution found for nose
We dont know where to start to solve this...
Any help would be welcome!
Thanks a lot in advance!
I got a same exception in kubeflow with Azure.
This command work for me:
pip install xgboost -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
pypi.douban.com is a chinese mirror url.
But when I go to the next step, I got the same ssl ca error when use kubeflow sdk in python. I'm still finding solution.
On Centos, I ran into the following error:
sudo snmptrap -v 2c -c read localhost '' UPS-MIB::upsTraps
MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs
Cannot find module (UPS-MIB): At line 0 in (none)
UPS-MIB::upsTraps: Unknown Object Identifier
The above error happened after
Copied UPS-MIB.txt to /usr/share/snmp/mibs
I started snmptrapd:
snmptrapd -f -Lo -Dread-config -m ALL
The version of the Net-SNMP is 5.2.x.
The same procedures work fine with Ubuntu 18.04/Net-SNMP 5.3.7.
I wonder how to debug and fix the problem?
Besides the Net-SNMP version difference, on Ubuntu, I found an instruction to install mib-download-tool, and execute it after the installation of Net-SNMP, and comment out the lines beginning with min: in snmp.conf in order to fix the error of missing MIB's.
However, for the Centos, I had no need and found no such instruction, thus I have not done it yet, as there is no error message of missing MIB's.
The MIB file is downloaded from https://tools.ietf.org/rfc/rfc1628.txt
renamed to UPS-MIB.txt (It seems to me that the name of the MIB file does not matter, as long as it's unique? I tried to use a different names, upsMIB.txt, rfc1628.txt, but it does not help to improve.)
I solved the problem as follows:
manually copied /usr/share/snmp/mibs/ietf/UPS-MIB on an Ubuntu with Net-SNMP 5.7.3 installed to the Centos /usr/share/snmp/mibs/UPS-MIB
then restart the snmpd
by the command:
service snmpd restart
then the OID of UPS-MIB becomes visible and accessible.
Maybe, the version that I downloaded from https://tools.ietf.org/rfc/rfc1628.txt is not suitable??
I have a conflict between a number of install files.
I am getting the below error:
Transaction Summary
================================================================================
Install 612 Packages
Total size: 110 M Installed size: 403 M Downloading Packages: Running
transaction check Transaction check succeeded. Running transaction
test Error: Transaction check error: file /etc/iproute2/rt_protos
conflicts between attempted installs of
base-files-3.0.14-r89.nexbox_a95x_s905x and iproute2-4.14.1-r0.aarch64
file /etc/iproute2/rt_tables conflicts between attempted installs of
base-files-3.0.14-r89.nexbox_a95x_s905x and iproute2-4.14.1-r0.aarch64
file /etc/sysctl.conf conflicts between attempted installs of
base-files-3.0.14-r89.nexbox_a95x_s905x and procps-3.3.12-r0.aarch64
Error Summary
-------------
ERROR: amlogic-image-headless-sd-1.0-r0 do_rootfs: Function failed:
do_rootfs ERROR: Logfile of failure stored in:
/home/user/amlogic-bsp/build/tmp/work/nexbox_a95x_s905x-poky-linux/amlogic-image-headless-sd/1.0-r0/temp/log.do_rootfs.29264
ERROR: Task
(/home/user/amlogic-bsp/meta-meson/recipes-core/images/amlogic-image-headless-sd.bb:do_rootfs)
failed with exit code '1' NOTE: Tasks Summary: Attempted 3131 tasks of
which 3130 didn't need to be rerun and 1 failed.
I have seen somewhere that I should pin a file, but how do I do this? I can't find a tutorial or any reference to what that means.
I am also getting the below warning. Is this related?
WARNING: Layer meson should set LAYERSERIES_COMPAT_meson in its
conf/layer.conf file to list the core layer names it is compatible
with.
I'm new to OE coming over from OpenWRT.
For bitbake, I've added the layers for the packages below:
meta-openwrt:- OE/Yocto metadata layer for OpenWRT
superna9999/meta-meson:- Upstream Linux Amlogic Meson Yocto/OpenEmbedded Layer
And tried compiling the nexbox-a95x-s905x image
I think the problem is that /etc/iproute2/rt_protos is provided by base-files which is coming from meta-openwrt as well as from iproute2 package which is coming from other OE layers. its not clear for the image builder which one to use and hence the conflict
You can solve it via defining a iproute2_%.bbappend file in meta-openwrt where this file gets deleted from iproute2 package and preference is given to the one openwrt provides
do_install_append() {
rm -rf ${D}${sysconfdir}/iproute2/rt_protos
}
should help.
I try install gitlab-ce on CentOS 6.7(Final). but, failed.
My Environment
use proxy (set proxy in /etc/yum.conf)
my gitlab_gitlab-ce.repo file
(https://packages.gitlab.com/gitlab/gitlab-ce/install manual configuration)
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/6/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
[gitlab_gitlab-ce-source]
name=gitlab_gitlab-ce-source
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/6/SRPMS
repo_gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
when excute install command, occur error
yum -q makecache -y --disablerepo='*' --enablerepo='gitlab_gitlab-ce'
https://packages.gitlab.com/gitlab/gitlab-ce/el/6/x86_64/repodata/repomd.xml: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: gitlab_gitlab-ce. Please verify its path and try again
What should I do ? Help me please.
You first check Proxy setting of your system.
Fire below command:
yum update
if it wont work then set proxy in File: /etc/yum.conf
And then check.
I am trying to install solaris studio 12.3 on a Solaris 11 x86 machine.
I have downloaded oracle cert and key from mentioned link, but while publishing am getting following error.
pkg set-publisher -k Oracle_Solaris_Studio.key.pem -c Oracle_Solaris_Studio.certificate.pem -g **PORTAL** solarisstudio
pkg set-publisher: The origin URIs for 'solarisstudio' do not appear to point to a valid pkg repository.
Please verify the repository's location and the client's network configuration.
Additional details:
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
1: Framework error: code: 7 reason: Failed connect to pkg.oracle.com:443; Connection refused
URL: '**PORTAL**' (happened 4 times)
2: Framework error: code: 28 reason: Connection timed out after 60000 milliseconds
URL: '**PORTAL**' (happened 4 times)
Please let me know if further information is required.
NOTE PORTAL - https://pkg.oracle.com/solarisstudio/release
Configuring correct proxy settings as pointed out by alanc, resolved the issue.