You are not logged in.
I'm getting these 2 errors after upgrading 'ca-certificates', 'ca-certificates-utils', and 'ca-certificates-mozilla':
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
curl error: Peer certificate cannot be authenticated with given CA certificates
Here's what I did.
I tried updating my packages:
$ yaourt -Syua;
Some of the packages to be upgraded were 'ca-certificates', 'ca-certificates-utils', and 'ca-certificates-mozilla'. I received this error:
:: Proceed with installation? [Y/n] y
(174/174) checking keys in keyring [######################] 100%
(174/174) checking package integrity [######################] 100%
(174/174) loading package files [######################] 100%
(174/174) checking for file conflicts [######################] 100%
error: failed to commit transaction (conflicting files)
ca-certificates-utils: /etc/ssl/certs/ca-certificates.crt exists in filesystem
Errors occurred, no packages were upgraded.
So I tried removing them:
$ sudo pacman -Rns ca-certificates ca-certificates-utils ca-certificates-mozilla
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: curl: removing ca-certificates breaks dependency 'ca-certificates'
:: glib-networking: removing ca-certificates breaks dependency 'ca-certificates'
:: jre7-openjdk-headless: removing ca-certificates-utils breaks dependency 'ca-certificates-utils'
:: jre8-openjdk-headless: removing ca-certificates-utils breaks dependency 'ca-certificates-utils'
:: mono: removing ca-certificates breaks dependency 'ca-certificates'
:: neon: removing ca-certificates breaks dependency 'ca-certificates'
:: perl-lwp-protocol-https: removing ca-certificates breaks dependency 'ca-certificates'
:: qca-qt5: removing ca-certificates breaks dependency 'ca-certificates'
:: qt4: removing ca-certificates breaks dependency 'ca-certificates'
Removing those would be rabbit hole nightmare of removing almost all installed packages, so I decided to try to remove the conflicting file manually and then update the ca-certificates packages separately:
$ sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak;
$ yaourt -Sa ca-certificates ca-certificates-utils;
...
:: Running post-transaction hooks...
(1/2) Arming ConditionNeedsUpdate...
(2/2) Rebuilding certificate stores...
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
Yikes that doesn't look right. Now when I try to update, it says this:
$ yaourt -Syua;
:: Synchronizing package databases...
core is up to date
extra 1680.2 KiB 1333K/s 00:01 [######################] 100%
community 3.8 MiB 3.58M/s 00:01 [######################] 100%
multilib 176.2 KiB 5.74M/s 00:00 [######################] 100%
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
That looks concerning. I'm afraid to update anything now before I fix this problem, since these packages are fundamental for so many other ones.
I've tried some solutions suggested elsewhere online without success. I'll list them below.
$ c_rehash;
$ sudo trust extract-compat;
$ sudo update-ca-trust enable;
Is there something wrong with these packages or am I doing something wrong? I'm finding hardly any help online, which leads me to believe the packages are fine.
Last edited by GreenRaccoon23 (2017-04-09 02:50:38)
Offline
Boot from an Arch liveCD and reinstall the certificate packages using the live environment's pacman and the --root switch.
And next time, follow the news.
EDIT: I read too fast, you didn't actually remove the packages in the end. You just need to move the file you moved back. Then follow the linked instructions.
Last edited by WorMzy (2017-04-07 23:01:14)
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Online
Thanks! Since I had already upgraded 'ca-certificates', 'ca-certificates-utils', and 'ca-certificates-mozilla', I ran into another problem. I fixed it, but I'll just write it here in case someone else has the problem.
After doing this:
$ sudo pacman -Syuw;
$ sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak2;
$ sudo mv /etc/ssl/certs/ca-certificates.crt.bak /etc/ssl/certs/ca-certificates.crt;
$ sudo pacman -Su;
I got this error:
$ yaourt -Syua
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
Foreign packages: / 205 / 205
The fix for this was to reinstall the 'ca-certificates' packages the same way I did before:
$ sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak;
$ yaourt -Syua ca-certificates ca-certificates-utils ca-certificates-mozilla;
Last edited by GreenRaccoon23 (2017-04-07 23:20:30)
Offline
Stop using yaourt like it is your package manager, it is not.
Offline