[gentoo-user] realplayer download security problem

[gentoo-user] realplayer download security problem

[James]

Hello

I've been trying to emerge (install):
media-video/realplayer

I get this error message:
<snip>
Connecting to helixcommunity.org|207.188.25.135|:443... connected.
ERROR: Certificate verification error for helixcommunity.org: unable to get
local issuer certificate
To connect to helixcommunity.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
<snip>

I've tried the "--no-check-certificate" as both an emerge option
and as a USE flag, to no avail.

So what am I missing to get the 'emerge realplayer' to work?

James



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] realplayer download security problem

[Lucien D.]

I had the same problem recently, I solved it by manually downloading it
with wget, just do wget --no-check-certificate URL, then copy over to
/usr/portage/distfiles and rerun emerge command.

Lucien


On 17:29 Tue 15 Nov     , James wrote:
> Hello
> 
> I've been trying to emerge (install):
> media-video/realplayer
> 
> I get this error message:
> <snip>
> Connecting to helixcommunity.org|207.188.25.135|:443... connected.
> ERROR: Certificate verification error for helixcommunity.org: unable to get
> local issuer certificate
> To connect to helixcommunity.org insecurely, use `--no-check-certificate'.
> Unable to establish SSL connection.
> <snip>
> 
> I've tried the "--no-check-certificate" as both an emerge option
> and as a USE flag, to no avail.
> 
> So what am I missing to get the 'emerge realplayer' to work?
> 
> James
> 
> 
> 
> -- 
> gentoo-user@gentoo.org mailing list
> 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] realplayer download security problem

[Catalin Trifu]

[-- Attachment #1: Type: text/plain, Size: 699 bytes --]

        Hi,

    Download it manually and drop the file into /usr/portage/distfiles

Catalin

   
James wrote:

>Hello
>
>I've been trying to emerge (install):
>media-video/realplayer
>
>I get this error message:
><snip>
>Connecting to helixcommunity.org|207.188.25.135|:443... connected.
>ERROR: Certificate verification error for helixcommunity.org: unable to get
>local issuer certificate
>To connect to helixcommunity.org insecurely, use `--no-check-certificate'.
>Unable to establish SSL connection.
><snip>
>
>I've tried the "--no-check-certificate" as both an emerge option
>and as a USE flag, to no avail.
>
>So what am I missing to get the 'emerge realplayer' to work?
>
>James
>
>
>
>  
>

[-- Attachment #2: Type: text/html, Size: 1169 bytes --]

Re: [gentoo-user] realplayer download security problem

[Rumen Yotov]

[-- Attachment #1: Type: text/plain, Size: 1025 bytes --]

On Tue, 2005-11-15 at 17:29 +0000, James wrote:
> Hello
> 
> I've been trying to emerge (install):
> media-video/realplayer
> 
> I get this error message:
> <snip>
> Connecting to helixcommunity.org|207.188.25.135|:443... connected.
> ERROR: Certificate verification error for helixcommunity.org: unable to get
> local issuer certificate
> To connect to helixcommunity.org insecurely, use `--no-check-certificate'.
> Unable to establish SSL connection.
> <snip>
> 
> I've tried the "--no-check-certificate" as both an emerge option
> and as a USE flag, to no avail.
> 
> So what am I missing to get the 'emerge realplayer' to work?
> 
> James
> 
> 
> 
Hi,
Some days ago there was such question IIRC.
The problem was: wget isn't compiled with ssl USE-flag, therefore can't
connect to SSL-enabled sites. Compile wget (or other BTW) with "+ssl".
Or pass it some parameter "--no-check-certificate" to connect. man wget.
Or just download it with a browser and copy to distfiles directory.
HTH.Rumen

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[gentoo-user] Re: realplayer download security problem

[James]

Rumen Yotov <rumen_yotov <at> dir.bg> writes:


> > media-video/realplayer

> > I get this error message:
> > <snip>
> > Connecting to helixcommunity.org|207.188.25.135|:443... connected.
> > ERROR: Certificate verification error for helixcommunity.org: unable to get
> > local issuer certificate
> > To connect to helixcommunity.org insecurely, use `--no-check-certificate'.
> > Unable to establish SSL connection.
> > <snip>

> Some days ago there was such question IIRC.
> The problem was: wget isn't compiled with ssl USE-flag, therefore can't
> connect to SSL-enabled sites. Compile wget (or other BTW) with "+ssl".

ssl is in my make.conf file, furthermore, checking wget:
Calculating dependencies ...done!
[ebuild   R   ] net-misc/wget-1.10.2  -build -debug +ipv6 +nls 
-socks5 +ssl -static 

> Or pass it some parameter "--no-check-certificate" to connect. man wget.

I already tried everything I could think of... syntax suggestion?

> Or just download it with a browser and copy to distfiles directory.

OK so I put RealPlayer-10.0.6.776-20050915.i586.rpm into /usr/portage/distfiles
and it's installed with 'emerge realplayer'.

This is a new trick for me! 
Can I download any rpm, stick it in this directory
and it will install with emerge? 
Details or a wiki on this subject?

What do I do about updates? Just grab the latest rpm and repeat the process?

Any permanent fixes so it just emerges like the other packages?


James



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: realplayer download security problem

[Nick Rout]

On Tue, 15 Nov 2005 19:26:04 +0000 (UTC)
James wrote:

> Rumen Yotov <rumen_yotov <at> dir.bg> writes:
> 
> 
> > > media-video/realplayer
> 
> > > I get this error message:
> > > <snip>
> > > Connecting to helixcommunity.org|207.188.25.135|:443... connected.
> > > ERROR: Certificate verification error for helixcommunity.org: unable to get
> > > local issuer certificate
> > > To connect to helixcommunity.org insecurely, use `--no-check-certificate'.
> > > Unable to establish SSL connection.
> > > <snip>
> 
> > Some days ago there was such question IIRC.
> > The problem was: wget isn't compiled with ssl USE-flag, therefore can't
> > connect to SSL-enabled sites. Compile wget (or other BTW) with "+ssl".
> 
> ssl is in my make.conf file, furthermore, checking wget:
> Calculating dependencies ...done!
> [ebuild   R   ] net-misc/wget-1.10.2  -build -debug +ipv6 +nls 
> -socks5 +ssl -static 
> 
> > Or pass it some parameter "--no-check-certificate" to connect. man wget.
> 
> I already tried everything I could think of... syntax suggestion?
> 
> > Or just download it with a browser and copy to distfiles directory.
> 
> OK so I put RealPlayer-10.0.6.776-20050915.i586.rpm into /usr/portage/distfiles
> and it's installed with 'emerge realplayer'.
> 
> This is a new trick for me! 
> Can I download any rpm, stick it in this directory
> and it will install with emerge? 
> Details or a wiki on this subject?

No it just means that you are downloading it manually instead of emerge
downloading it. This is because emerge fails at the download.

If emerge finds the file in /usr/portage/distfiles it doesn't try to
download it again, and it doesn't care how it got there.

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Solved: realplayer download security problem

[James]

Lucien D. <ldunning <at> gmail.com> writes:


> I had the same problem recently, I solved it by manually downloading it
> with wget, just do wget --no-check-certificate URL, then copy over to
> /usr/portage/distfiles and rerun emerge command.


OK, I ended up using the browser.

Thanks to all for the help.

James



-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: realplayer download security problem

[James]

Nick Rout <nick <at> rout.co.nz> writes:


> > Can I download any rpm, stick it in this directory
> > and it will install with emerge? 


> No it just means that you are downloading it manually instead of emerge
> downloading it. This is because emerge fails at the download.

OK

> If emerge finds the file in /usr/portage/distfiles it doesn't try to
> download it again, and it doesn't care how it got there.

How does a gentoo system know the difference between an rpm file 
that it can install  and a rpm file that it cannot or 
should not install on a gentoo system?



James




-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: realplayer download security problem

[Holly Bostick]

James schreef:
> How does a gentoo system know the difference between an rpm file that
> it can install  and a rpm file that it cannot or should not install
> on a gentoo system?
> 

It's not like RPMs (or DEBs for that matter) just *appear* on the system
and are installed by mental telepathy.... if you emerge an ebuild for
which the package file is an RPM (RealPlayer and the ATI proprietary
drivers are two which come to mind), then that is what will be installed.

The Portage system knows what files are available to it, because that's
what the Portage tree is for. For example, the Cedega binary package is
available as an RPM, a DEB amd a TGZ-- but if you attempt to install it
(it's a fetch-restricted package, which requires subscription to
download, so you have to download it and put it in
/usr/portage/distfiles yourself by default) it's not like Portage wants
any of the three. It wants specifically the -small.tgz, and you could
put the RPM in distfiles if you wanted, but Portage wouldn't install it.
Because that's not the package that the ebuild specifies.

Of course, you could install rpm and install any rpm you wanted with
it-- but since you don't have an RPM database, and even if you did, all
the dependent libraries and system files wouldn't be in it (because they
were not installed from RPM), it would be likely to end in tears (which
would be no less than one deserved, since if one wanted to use RPMs so
bad, one should have installed a binary distro that depends on them and
not a source-based distro like this one :-) ).

In any case, the relatively few RPMs in the Portage tree are generally
there (afaik), because we don't get a choice about it-- the binaries
provided (usually by some proprietary source) are only packaged *as*
RPMs, so if we want or need them, that's what we have to use. Certainly
that is the case for the ATI drivers, and likely for the RealPlayer
package as well.

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: realplayer download security problem

[Nick Rout]

On Tue, 15 Nov 2005 21:11:09 +0000 (UTC)
James wrote:

> Nick Rout <nick <at> rout.co.nz> writes:
> 
> 
> > > Can I download any rpm, stick it in this directory
> > > and it will install with emerge? 
> 
> 
> > No it just means that you are downloading it manually instead of emerge
> > downloading it. This is because emerge fails at the download.
> 
> OK
> 
> > If emerge finds the file in /usr/portage/distfiles it doesn't try to
> > download it again, and it doesn't care how it got there.
> 
> How does a gentoo system know the difference between an rpm file 
> that it can install  and a rpm file that it cannot or 
> should not install on a gentoo system?

portage gives the recipe for what files to install and how to install
them. Installing from an rpm is not a lot different to installing from
any other binary packaging method. An rpm is simply a conmpressed
collection of files and some metadata (such as dependency information
etc) and (optionally) some install and removal scripts.

If you want to know how portage deals with an rpm i suggest that you
READ the realplayer ebuild.

-- 
Nick Rout <nick@rout.co.nz>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: realplayer download security problem

[Nick Rout]

On Tue, 15 Nov 2005 23:15:02 +0100
Holly Bostick wrote:

> In any case, the relatively few RPMs in the Portage tree are generally
> there (afaik), because we don't get a choice about it-- the binaries
> provided (usually by some proprietary source) are only packaged *as*
> RPMs, so if we want or need them, that's what we have to use. Certainly
> that is the case for the ATI drivers, and likely for the RealPlayer
> package as well.

Thats right, and there are two ways of getting an rpm onto a gentoo
system. For example I installed main actor from an rpm because thats how it is packaged. There is no ebuild for it. I emerged rpm then looked at
the mainactor rpm [1] file to see what dependencies it had, and where it
wanted to install files. I manually emerged the dependencies and then
installed main actor by typing:

rpm --nodeps mainactor-5.5.7-suse_9.3.i686.rpm

and it installed.

What I was too lazy to do, but would have been better, was write an
ebuild that installs the rpm. That would have the advantages of 

1. being automated (after writing the ebuild)
2. making it easy to update or remove mainactor
3. fitting in better with the system package manager as a whole.

[1] The easiest way i have found to look inside an rpm is to use
midnight commander (mc) and hit <enter> with the rpm highlighted. You
get a "virtual" look inside the rpm, including all the metadata, the
install scripts, and the files to be installed. The rpm package must be
present on your system. mc can be used in this way to look inside zipped files, tar files, bzipped files etc etc.
-- 
Nick Rout <nick@rout.co.nz>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: realplayer download security problem

[Holly Bostick]

Nick Rout schreef:
> [1] The easiest way i have found to look inside an rpm is to use 
> midnight commander (mc) and hit <enter> with the rpm highlighted. You
>  get a "virtual" look inside the rpm, including all the metadata, the
>  install scripts, and the files to be installed. The rpm package must
>  be present on your system. mc can be used in this way to look inside
>  zipped files, tar files, bzipped files etc etc.

You can also do this (look inside an RPM) with:

-Krusader (KDE file manager)
-KFM (Konqueror; at least I could under SuSE, and while you of course
don't get the SuSE-added patch functionality of being able to "Install
(the RPM) with YAST" directly from Konq, I believe the ability to open
the archive is native to Konq)
- Any GUI archive program (file-roller, KArchiver, etc).

Simplistically speaking, an RPM is just another kind of archive, so most any
application that can look inside archives (transparently or dedicated)
can do this, for those of you who are not big terminal geeks. But even
if you're not a big term geek, mc has a lot to recommend it (especially
if you don't happen to have X available), and this is one of the
abilities that makes mc worth remembering and encourages one to use a
terminal every once in a while (or more often-- more cli applications
than one might imagine are extraordinarily functional, and that high
function makes them cooler than one might expect).

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: realplayer download security problem

[Nick Rout]

On Wed, 16 Nov 2005 00:14:20 +0100
Holly Bostick wrote:

> You can also do this (look inside an RPM) with:
> 
> -Krusader (KDE file manager)
> -KFM (Konqueror; at least I could under SuSE, and while you of course
> don't get the SuSE-added patch functionality of being able to "Install
> (the RPM) with YAST" directly from Konq, I believe the ability to open
> the archive is native to Konq)
> - Any GUI archive program (file-roller, KArchiver, etc).

Didn't know that, thanks (although its not a task I perform very often
now thanks to gentoo)

> 
> Simplistically speaking, an RPM is just another kind of archive, so most any
> application that can look inside archives (transparently or dedicated)
> can do this, for those of you who are not big terminal geeks. But even
> if you're not a big term geek, mc has a lot to recommend it (especially
> if you don't happen to have X available), and this is one of the
> abilities that makes mc worth remembering and encourages one to use a
> terminal every once in a while (or more often-- more cli applications
> than one might imagine are extraordinarily functional, and that high
> function makes them cooler than one might expect).

 IMHO mc is the killer command line app :-)

people may not know that it also has built in abilities to mount
filesystems over a network (smb, fish/ssh, ftp).

There is heaps of coolness in there. 

-- 
Nick Rout <nick@rout.co.nz>

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: realplayer download security problem

[James]

Holly Bostick <motub <at> planet.nl> writes:



> Simplistically speaking, an RPM is just another kind of archive, so most any
> application that can look inside archives (transparently or dedicated)
> can do this, for those of you who are not big terminal geeks. 

Thanks for all of the information from everyone.


James





-- 
gentoo-user@gentoo.org mailing list