Since some days, every server gets an error when i try to update by yum or install a package:
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. $releasever is not a valid release or hasnt been released yet/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/$releasever/base/mirrorlist.txt
Fehler: Cannot find a valid baseurl for repo: base
I tried to clean up yum (yum clean all), deleted the rpm db, deleted the cache from yum, disabled the base repo, nothing is working. I read in an other thread the error is fixable by reinstalling some packages, as rpm says they aren't installed (but they are):
yum --disablerepo=* --enablerepo=c6-media install centos-release yum rpm python python-elementtree rpm-python yum-metadata-parser
Then i get the error:
Error: File from "glob" not found: centos-release*.rpm
If i try to install a package by rpm, eg. centos-release i get the message:
rpm -Uhv http://mirror.centos.org/centos-6/6/os/x86_64/Packages/centos-release-6-6.el6.centos.12.2.x86_64.rpm
Empfange http://mirror.centos.org/centos-6/6/os/x86_64/Packages/centos-release-6-6.el6.centos.12.2.x86_64.rpm
Error: /var/tmp/rpm-tmp.ZX78Mz: Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
I'm really getting frustrated, as i didn't made anything on the system before. And now one by another server is getting the same error. Can someone help me?
For my thinking, there have to be an issue with an update from CentOs.
Since this error, Firefox is also not opening any page. Ping to external hosts is working normal.
Example system info:
Linux xxx 2.6.32-504.3.3.el6.centos.plus.x86_64 #1 SMP Wed Dec 17 01:21:03 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
KVM based virtual machine, but also a host running centos 6.5 is affected.
rpm -qa
gpg-pubkey-11f63c51-3c7dc11d
gpg-pubkey-c105b9de-4e0fd3a3
gpg-pubkey-0608b895-4bd22942
gpg-pubkey-ba684223-53a1643c
On the other servers:
rpm -qa
Fehler: rpmdbNextIterator: Überspringe h# 3777 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 3267 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 4038 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 1480 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 970 Header V3 RSA/SHA256 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 460 Header V3 RSA/SHA256 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 4046 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 207 Header V3 RSA/SHA256 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 1488 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
Fehler: rpmdbNextIterator: Überspringe h# 3793 Header V3 RSA/SHA1 Signature, Schlüssel-ID c105b9de: BAD
...
I tried to find a solution by Google, but nothing is working.
Please remove all repo for your system /etc/yum.repos.d/ and add this repo.
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# sudo rpm -Uvh epel-release-6*.rpm
Related
anyone understand the error in this ??, I'm trying to install SSL pinning (previously asked), about this why?
the PEM certificate already exists ... but an error message like this appears
tlsexception (tlsexception: failure trusting builtin roots (os error: bad_pkcs12_data(pkcs8_x509.c:614), errno = 0))
I am kind of new to perl world but my script fails when loaded via SFTP with below error ,
IN SUBROUTINE: CSRF TOKEN DECODED CONTENT:
error while setting up ssl connection (SSL connect attempt failed with unknown error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) at /home/rcc/perl5/lib/perl5/LWP/Protocol/https/connect/Socket.pm line 23.
Looping through csrf response array, param = [error while setting up ssl connection (SSL connect attempt failed with unknown error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) at /home/rcc/perl5/lib/perl5/LWP/Protocol/https/connect/Socket.pm line 23.
]
Under the assumption its because of TLS depreciation , we upgraded SSL version but still doesn't work, can someone help us understand how to fix the issue ?
Or is there a latest version of perl LWP which by upgrade can fix the issue ? repacking the current package seems to be complex.
Thanks in advance.
The SSL handling is not done directly by LWP::Protocol::connect. Instead it uses IO::Socket::SSL which then uses Net::SSLeay which then uses the linked in OpenSSL library which is not necessarily the one used by the openssl binary. The general capability to use TLS 1.2 depends on the version of OpenSSL which should be at least 1.0.1.
To get the versions of the various parts use the following code
use strict;
use IO::Socket::SSL;
printf "IO::Socket::SSL %s\n", $IO::Socket::SSL::VERSION;
printf "Net::SSLeay %s\n", $Net::SSLeay::VERSION;
printf "OpenSSL compiled %x\n", Net::SSLeay::OPENSSL_VERSION_NUMBER();
printf "OpenSSL linked %x - %s\n", Net::SSLeay::SSLeay(),
Net::SSLeay::SSLeay_version(0);
... SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Note that a TLS handshake problem can have lots of different reasons and an unsupported TLS protocol version is just one of many. No shared ciphers is another common problem at this stage of the connection.
I am trying to get a CSV file from Redmine in a shell script. WGET is complaining about an unacceptable. Any ideas what the magical incantation is, or how to find it?
$ wget --no-check-certificate --accept csv https://username:password#company.com/redmine/issues.csv?utf8=%E2%9C%93&columns=all&description=1
Resolving company.com (company.com)... 192.168.1.45
Connecting to company.com (company.com)|192.168.1.45|:443... connected.
WARNING: The certificate of ‘company.com’ is not trusted.
WARNING: The certificate of ‘company.com’ hasn't got a known issuer.
HTTP request sent, awaiting response... 406 Not Acceptable
2017-04-04 10:14:20 ERROR 406: Not Acceptable.
You can try to replace --accept csv with --accept "*.csv". See the wget manual: https://www.gnu.org/software/wget/manual/wget.html#Recursive-Accept_002fReject-Options
Usually i try to resolve issue by my self, but in this case i am lost ;-)
I had install suiteCRM 7.8.2 on my server (managed with plesk onyx)
Everything work great except one thing :
When i am trying to save a pdf template or an email template, i get an 403 error (Fobidden acces)
Things i have already done :
trying chmod 777 for all files and folders of suiteCRM => Not working
Change permission in config.php => Not working
Quick Repair => Not working
Delete cache folder => Not working
hitting on my laptop => Not working ... grrr..
I have no access to more information, in browser console i can see that SuiteCRM trying to send POST request to index.php and index.php answer 403 error, nothing in log file in debug mode...
I don't have more ideas ....
Thank you.
Rémi.
Solved :
I have look "/var/www/vhosts/system/YOUR-DOMAIN.COM/logs"
[Sun Apr 02 21:34:58.173943 2017] [:error] [pid 29185] [client 82.227.112.246] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\+| )?(request)?(?:\\+| )?>+|<<(?:\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\+| )?>+)$|^< ?\\??(?: |\\+)?xml|^> ?$)" against "ARGS:sample" required. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "308"] [id "350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] [hostname "XXXXXXXX"] [uri "/SuiteCRM/index.php"] [unique_id "WOFSYtX2OSwAAHIBsoAAAAAF"]
It's modsecurity firewall !
So i have disabled the 350147 rules from modsecurity (https://docs.plesk.com/en-US/12.5/administrator-guide/73383/ + Switching off Rules)
It's work !
Thanks to UFHH01 , i love you ;-)
I am attempting to install the swift stack, but it fails because of an ssl verification error:
[root # localhost ~] # wget https://pypi.python.org/packages/source/s/setuptools/setuptools-0.9.8.tar.gz
- 2013-12-11 11:30:32 p.m. - https://pypi.python.org/packages/source/s/setuptools/setuptools-0.9.8.tar.gz
Resolution pypi.python.org ... 185.31.17.184, 185.31.17.185
Login to pypi.python.org | 185.31.17.184 |: 443 ... connected.
ERROR: The common name ". * A.ssl.fastly.net" certificate does not match the name of the host requested "pypi.python.org."
To connect to unsecured pypi.python.org, use `- no-check-certificate '.
Hi please follow SAIO guide it will be helpful http://docs.openstack.org/developer/swift/development_saio.html in installing OpenStack Swift.
Hope it helps.