Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic:  Problem upgrading ca-certificates (Solved)  (Read 5035 times)

Offline GoinEasy9

  • User
  • Posts: 559
Problem upgrading ca-certificates (Solved)
« on: 2011/11/01, 19:49:13 »
Edit by holgerw: moved into english section

While trying to apt-get upgrade, after the process reads tha changelogs, it's stopping, I assume, during the update of ca-certificates.  The only way to exit is with a ctrl-C.  Now I could put ca-certificates on hold, but, I'd like to see if there is some way I can get past this.
This stop happened once before, but it dealt with fonts, and I was able to remove the offending fonts and move on.  I can't remove ca-certificates, it would require removing close to 400 packages.
This is what I see before the upgrade process stops:

Reading changelogs... Done


ca-certificates (20111025) unstable; urgency=low

  * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
    Certificates added (+) and removed (-):
    + "AffirmTrust Commercial"
    + "AffirmTrust Networking"
    + "AffirmTrust Premium"
    + "AffirmTrust Premium ECC"
    + "A-Trust-nQual-03"
    + "Bogus Global Trustee"
    + "Bogus GMail"
    + "Bogus Google"
    + "Bogus kuix.de"
    + "Bogus live.com"
    + "Bogus Mozilla Addons"
    + "Bogus Skype"
    + "Bogus Yahoo 1"
    + "Bogus Yahoo 2"
    + "Bogus Yahoo 3"
    + "Certinomis - Autorité Racine"
    + "Certum Trusted Network CA"
    + "Explicitly Distrust DigiNotar Cyber CA"
    + "Explicitly Distrust DigiNotar Cyber CA 2nd"
    + "Explicitly Distrust DigiNotar Root CA"
    + "Explicitly Distrust DigiNotar Services 1024 CA"
    + "Explicitly Distrusted DigiNotar PKIoverheid"
    + "Explicitly Distrusted DigiNotar PKIoverheid G2"
    + "Go Daddy Root Certificate Authority - G2"
    + "Root CA Generalitat Valenciana"
    + "Starfield Root Certificate Authority - G2"
    + "Starfield Services Root Certificate Authority - G2"
    + "TWCA Root Certification Authority"
    - "AOL Time Warner Root Certification Authority 1"
    - "AOL Time Warner Root Certification Authority 2"
    - "DigiNotar Root CA"
    - "Entrust.net Global Secure Personal CA"
    - "Entrust.net Global Secure Server CA"
    - "Entrust.net Secure Personal CA"
    - "IPS Chained CAs root"
    - "IPS CLASE1 root"
    - "IPS CLASE3 root"
    - "IPS CLASEA1 root"
    - "IPS CLASEA3 root"
    - "IPS Timestamping root"
    - "Thawte Personal Freemail CA"
    - "Thawte Time Stamping CA"
  * "Bogus *" CAs above address Comodo MITM 03/11  Closes: #619587
  * Update CAcert-Class 3-Subroot-certificate  Closes: #630232

 -- Michael Shuler <michael>  Sun, 23 Oct 2011 23:16:57 -0500

~
~
~
~
~
~
~
~
~
(END)  <-- At this point the upgrade is stopped.

Does anyone have an idea what is going on?  I'm running vanilla Sid on one laptop and one desktop and it's happening on both machines.

Thanks in advance
Linux Counter number 348347

Offline devil

  • Administrator
  • User
  • *****
  • Posts: 4.838
Problem upgrading ca-certificates
« Reply #1 on: 2011/11/01, 20:26:53 »
Hm, strange. I have:
Code: [Select]
ca-certificates:
  Installiert: 20111025
  Kandidat:    20111025
  Versionstabelle:
 *** 20111025 0
        500 http://ftp.de.debian.org/debian/ sid/main amd64 Packages

and its been updated flawlessly some days ago.

greetz
devil

Offline Geier0815

  • User
  • Posts: 586
Problem upgrading ca-certificates
« Reply #2 on: 2011/11/01, 20:35:55 »
It seems to me that it's not the ca-cert-package that's course the problem but the mozilla certs. Could this be because mozilla revoke some certs after the break-in to some ca?

Quote
* Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
Wenn Windows die Lösung ist...
kann ich dann bitte das Problem zurück haben?

Offline devil

  • Administrator
  • User
  • *****
  • Posts: 4.838
Problem upgrading ca-certificates
« Reply #3 on: 2011/11/01, 21:12:03 »
That didnt prevent the upgrade for me.

greetz
devil

Offline GoinEasy9

  • User
  • Posts: 559
RE: Problem upgrading ca-certificates
« Reply #4 on: 2011/11/01, 21:40:28 »
I was watching the forum to see if anyone else had this problem, and, today, after no one else complained I decided to ask.  Vanilla sid on the desktop was installed when I first heard that siduction was to become a new distro.  Sid on the laptop was only installed a couple of weeks ago.  Both were business card installs direct from the Debian repos, the laptop still doesn't even have codecs installed, so, I don't think any malicious certs are in my mozilla file.  Back when I was using sidux, I never had a upgrade stop like this, and, like I said in the origional post, this same error came up once when there was a group of fonts that needed to be upgraded.  
Could there be something in apt.conf or one of the other config files that causes an upgrade to stop when an error like this occurs?  What it seems to be doing is printing out the changelog for ca-certificates before dying.  Geez, I was hoping someone had encountered this problem before.  I may experiment by deleting the mozilla certs and then run the upgrade again, if I can't think of anything else.
Linux Counter number 348347

Offline Geier0815

  • User
  • Posts: 586
Problem upgrading ca-certificates
« Reply #5 on: 2011/11/01, 21:41:48 »
Didn't prevent for me too, but that could be because
Code: [Select]
find / -name "certdata.txt" didn't find anything...
also
Code: [Select]
apt-file search certdata.txt find nothing. So it seems to me that there is a file in the system that shouldn't be there. Maybe by an firefox or thunderbird installed by hand?
Wenn Windows die Lösung ist...
kann ich dann bitte das Problem zurück haben?

Offline GoinEasy9

  • User
  • Posts: 559
RE: Problem upgrading ca-certificates
« Reply #6 on: 2011/11/01, 22:43:48 »
First I ran apt-get --reinstall install ca-certificates and it blew up again, I then X'd out of the terminal, brought the terminal up again, reran the command, and got an error message, which contained the answer.

root@siduction32kde:/home/goineasy9# apt-get --reinstall install ca-certificates
E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
root@siduction32kde:/home/goineasy9# dpkg --configure -a
Processing triggers for man-db ...
Setting up ca-certificates (20111025) ...
Clearing symlinks in /etc/ssl/certs...done.
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate cert_igca_rsa.pem
WARNING: Skipping duplicate certificate cert_igca_rsa.pem
164 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
Replacing debian:brasil.gov.br.pem
Replacing debian:cacert.org.pem
etc, etc, till it finished correctly.  

I still don't understand why it happened on the first run through of a dist-upgrade on both machines, but, it is fixed.  BTW - Thanks Geier0815, I didn't know about apt-file, I got to install the Debian utilities.  Also, certdata.txt wasn't present, nice guess though.  

Thanks to both of you for your input and help.
Linux Counter number 348347