After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 797078 - Website certificate error: gstreamer.freedesktop.org
Website certificate error: gstreamer.freedesktop.org
Status: RESOLVED OBSOLETE
Product: GStreamer
Classification: Platform
Component: cerbero
1.14.x
Other Linux
: Normal normal
: git master
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2018-09-04 22:54 UTC by David Ing
Modified: 2018-11-03 10:24 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description David Ing 2018-09-04 22:54:15 UTC
I am using Cerbero with the command `./cerbero-uninstalled package gstreamer-1.0`

I get an error:

[(65/80) spandsp -> fetch ]
-----> Fetching tarball http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz to /home/ding/github/gstreamer/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz
Downloading http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz
Running command 'wget http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz -O /home/ding/github/gstreamer/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz '
--2018-09-04 15:46:28--  http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz
Resolving www.soft-switch.org (www.soft-switch.org)... 209.105.235.30
Connecting to www.soft-switch.org (www.soft-switch.org)|209.105.235.30|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz [following]
--2018-09-04 15:46:28--  https://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz
Connecting to www.soft-switch.org (www.soft-switch.org)|209.105.235.30|:443... connected.
ERROR: cannot verify www.soft-switch.org's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:
  Unable to locally verify the issuer's authority.
To connect to www.soft-switch.org insecurely, use `--no-check-certificate'.
Downloading https://gstreamer.freedesktop.org/src/mirror/spandsp-0.0.6.tar.gz
Running command 'wget https://gstreamer.freedesktop.org/src/mirror/spandsp-0.0.6.tar.gz -O /home/ding/github/gstreamer/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz '
--2018-09-04 15:46:29--  https://gstreamer.freedesktop.org/src/mirror/spandsp-0.0.6.tar.gz
Resolving gstreamer.freedesktop.org (gstreamer.freedesktop.org)... 131.252.210.176, 2610:10:20:722:a800:ff:feda:470f
Connecting to gstreamer.freedesktop.org (gstreamer.freedesktop.org)|131.252.210.176|:443... connected.
ERROR: cannot verify gstreamer.freedesktop.org's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:
  Unable to locally verify the issuer's authority.
To connect to gstreamer.freedesktop.org insecurely, use `--no-check-certificate'.

Recipe 'spandsp' failed at the build step 'fetch'
Select an action to proceed:
[0] Enter the shell
[1] Rebuild the recipe from scratch
[2] Rebuild starting from the failed step
[3] Skip recipe
[4] Abort
Comment 1 Olivier Crête 2018-09-05 01:18:37 UTC
You probably need to update your distribution. It seems it's lacking a recent copy of the certificate roots.
Comment 2 Nicolas Dufresne (ndufresne) 2018-09-05 12:33:21 UTC
Both soft-switch and gstreamer.fdo have valid certificates. That being said, did we backport the fix to prevent using the locally built gnutls/openssl to the 1.14 branch ?
Comment 3 Ilie Halip 2018-10-28 10:16:06 UTC
I ran into the same issue. When called through cerbero, wget fails to download the spandsp tarball.

But, when running wget in the terminal directly, it succeeds:
$ wget https://gstreamer.freedesktop.org/src/mirror/spandsp-0.0.6.tar.gz -O /home/ihalip/Projects/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz
--2018-10-28 12:12:21--  https://gstreamer.freedesktop.org/src/mirror/spandsp-0.0.6.tar.gz
Resolving gstreamer.freedesktop.org (gstreamer.freedesktop.org)... 131.252.210.176, 2610:10:20:722:a800:ff:feda:470f
Connecting to gstreamer.freedesktop.org (gstreamer.freedesktop.org)|131.252.210.176|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3309837 (3,2M) [application/x-gzip]
Saving to: ‘/home/ihalip/Projects/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz’
[....]
Comment 4 Ilie Halip 2018-10-28 12:16:13 UTC
This is happening because the system wget is using the openssl libraries in $CERBERO/build/dist/$SYSTEM/lib, which have the value for OPENSSLDIR derived from --prefix=... . In my case, OPENSSLDIR as seen here is not even created:
ihalip@ihalip-pc:~/Projects/cerbero/build/dist/linux_x86_64/bin$ LD_LIBRARY_PATH=../lib ./openssl version -a
OpenSSL 1.1.1  11 Sep 2018
built on: Sun Oct 28 09:37:19 2018 UTC
platform: linux-x86_64
options:  bn(64,64) md2(char) rc4(8x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc  -Wall -g -O2 -m64  -Wall -g -O2 -m64  -fPIC -pthread -m64 -Wa,--noexecstack -Wall -g -O2 -m64  -Wall -g -O2 -m64 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/home/ihalip/Projects/cerbero/build/dist/linux_x86_64/ssl"
ENGINESDIR: "/home/ihalip/Projects/cerbero/build/dist/linux_x86_64/lib/engines-1.1"
Seeding source: os-specific

It's possible to reuse the system's openssl directory in multiple ways (passing it to openssl's Configure, or symlinking $CERBERO_PREFIX/ssl to it, or passing it to wget directly) but this requires the openssl binary to be installed on the build machine - to tun `openssl version -d`.
Comment 5 GStreamer system administrator 2018-11-03 10:24:43 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/cerbero/issues/74.