Pipelight

Cannot Verify bitbucket.org's Certificate

Bug #1371201 reported by jean-christophe manciot
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Pipelight
New
Undecided
Unassigned
pipelight-multi (Ubuntu)
New
Undecided
Unassigned

Bug Description

Environment: Ubuntu 14.04 - pipelight-multi 0.2.7.1 with all dependencies
------------------
System Check: System-Check.txt - Libraries fail on libXxf86vm.so.1, but it is present.
-------------------
Installed Plugins: pipelight-plugin --list-enabled-all: silverlight5.1
-----------------------
console output: pipelight.log
---------------------

Running 'pipelight-plugin --update' leads to the following error:

"root@MSI-GE60-Ubuntu-14:/home/actionmystique# pipelight-plugin --update
--2014-09-18 18:20:59-- https://bitbucket.org/mmueller2012/pipelight/raw/master/share/install-dependency.sig
Resolving bitbucket.org (bitbucket.org)... 131.103.20.168, 131.103.20.167
Connecting to bitbucket.org (bitbucket.org)|131.103.20.168|:443... connected.
ERROR: cannot verify bitbucket.org's certificate, issued by ‘/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV CA-1’:
  Unable to locally verify the issuer's authority.
To connect to bitbucket.org insecurely, use `--no-check-certificate'.

ERROR: Failed to download latest dependency-installer script"

The "--no-check-certificate" is not allowed.

Downoading "https://bitbucket.org/mmueller2012/pipelight/raw/master/share/install-dependency.sig" through a browser is possible, but then what?

Revision history for this message
jean-christophe manciot (manciot-jeanchristophe) wrote :
Revision history for this message
jean-christophe manciot (manciot-jeanchristophe) wrote :
Revision history for this message
jean-christophe manciot (manciot-jeanchristophe) wrote :

export SSL_CERT_DIR=/etc/ssl/certs has been helpful.

Now, "pipelight-plugin --update" leads to:

--2014-09-20 09:24:52-- https://bitbucket.org/mmueller2012/pipelight/raw/master/share/install-dependency.sig
Resolving bitbucket.org (bitbucket.org)... 131.103.20.168, 131.103.20.167
Connecting to bitbucket.org (bitbucket.org)|131.103.20.168|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9609 (9.4K) [application/pgp-signature]
Saving to: ‘/tmp/tmp.WeljfL54h5’

100%[============================================================================================================>] 9,609 --.-K/s in 0s

2014-09-20 09:24:52 (280 MB/s) - ‘/tmp/tmp.WeljfL54h5’ saved [9609/9609]

gpg: Signature made Thu 11 Sep 2014 10:19:57 PM CEST using RSA key ID 1C3B0533
gpg: Good signature from "Pipelight Dev Team <email address hidden>"
**************************************************************************
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3978 8ABB 0402 FC31 D4FB 22AA 0B6B 817C 1C3B 0533
**************************************************************************

Revision history for this message
Michael Müller (mqchael) wrote :

Hi,

your last output looks okay. The warning is only caused by the fact that you did not define our key as trusted signature (which is not necessary). However the line:

gpg: Good signature from "Pipelight Dev Team <email address hidden>"

indicates that the signature check was successful.

Michael

Revision history for this message
Ron Widell (r-widell) wrote :

I have the same issue as jean-christophe manciot wrt bitbucket.org certificate, with a couple of minor differences:

Environment:
Kubuntu 14.04, pipelight-multi 0.2.8~ubuntu14.04.1 with all dependencies

system-check fails on Libraries saying libnetapi.so is missing (but it's in the same directories as the other libs).

--
export SSL_CERT_DIR=/etc/ssl/certs was no help to me, I got the same error.
So I edited the pipelight-plugin file to add the --no-check-certificate option to the invocation of wget (diff file attached). I figured that was safe since the gpg signature of the downloaded file was also checked (and passed).

Thanks,
ron

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.