[SOLVED] Have internet connection, but pacman and other soft can’t use

Wateir · 2024-12-28 22:32:32

So today want to make my weekly update of my arch config. I have a bunch of error « error failed retrieving file ‘core.db’ from mirror blahblahblah »
So i make something logic went to google the error to find the solution, but is weird. Firefox tell me that the archlinux forum is not secure
« Did not connect: Potential Security Issue » ( same on other site like github or reddit, for youtube i can go on it like normaly but i youtube the subcribe part tell no internet, but i can see what channel is on live or other part of youtube like i have internet)
Weird, so i test other app, thunderbird don’t seems connect to the internet. Ping work but with 30ms more than what i have normaly.

What a think can be it’s like my pc send weird request to server with unsigned requet so the server block this. But not sure about that.
I can just do offline work and command who is not really convinent.

Btw vesktop work like a charm and steam try to login for ever, if i can add context.

Last edited by Wateir (2024-12-29 20:52:41)

flatmoll · 2024-12-29 01:44:23

It might be helpful if you click "Advanced" next time Firefox gives "Potential Security Issue", and send the error code here. And messages from other apps too if you can.

ewaller · 2024-12-29 03:45:04

It sounds like a man in the middle attack. Something is breaking SSL sessions by doing packet inspection. Are you at work? A school? Hotel WiFi? A snooping government?

Wateir · 2024-12-29 12:23:37

ewaller wrote:

It sounds like a man in the middle attack. Something is breaking SSL sessions by doing packet inspection. Are you at work? A school? Hotel WiFi? A snooping government?

I’ m on my main laptop. I tried 3 different wifi. Change nothing. The wifi is always some wifi from my family. I never connect to some public wifi or big entreprise or organisation wifi.

❯ thunderbird
[ImapModuleLoader] Using nsImapService.cpp
console.error: (new TypeError("NetworkError: Network request failed", "resource://services-settings/Utils.sys.mjs", 236))

Firefox error code
Error code: SEC_ERROR_UNKNOWN_ISSUER

error: failed retrieving file 'core.db' from repo.jing.rocks : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
error: failed to synchronize all databases (failed to retrieve some files)
For pacman, i cut all other error on top of it, it’s the same just different mirror url.

Hope it can help

Lone_Wolf · 2024-12-29 14:13:28

Is your computer/laptop clock set correctly ?

$ pacman -F /etc/ssl/certs/ca-certificates.crt
etc/ssl/certs/ca-certificates.crt is owned by core/ca-certificates-utils 20240618-1

What is the output of pacman -Qikk ca-certificates-utils ?

Wateir · 2024-12-29 14:48:59

❯ pacman -Qikk ca-certificates-utils
Name : ca-certificates-utils
Version : 20240618-1
Description : Common CA certificates (utilities)
Architecture : any
URL : https://src.fedoraproject.org/rpms/ca-certificates
Licenses : GPL-2.0-or-later
Groups : None
Provides : ca-certificates ca-certificates-java
Depends On : bash coreutils findutils p11-kit
Optional Deps : None
Required By : aria2 curl jdk11-openjdk jdk17-openjdk jdk21-openjdk mono
Optional For : lib32-openssl openssl
Conflicts With : ca-certificates-java
Replaces : ca-certificates-java
Installed Size : 13.63 KiB
Packager : Jan Alexander Steffens (heftig) <heftig@archlinux.org>
Build Date : Tue Jun 18 20:36:40 2024
Install Date : Sun Oct 20 23:27:02 2024
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : Signature

And missing the line that tell 33 files for certificats and 0 altered

flatmoll · 2024-12-29 15:24:55

Do you have any programs from this list? (only "Network connection" section)
https://wiki.archlinux.org/title/List_o … connection

Last edited by flatmoll (2024-12-29 15:25:28)

Wateir · 2024-12-29 15:38:46

flatmoll wrote:

Do you have any programs from this list? (only "Network connection" section)
https://wiki.archlinux.org/title/List_o … connection

I have not install anything from this list.
But i use SSH and networkmanger who come with arch when install i think.

seth · 2024-12-29 16:16:56

Please use [code][/code] tags. Edit your post in this regard.

And missing the line that tell 33 files for certificats and 0 altered

Please don't paraphrase, https://bbs.archlinux.org/viewtopic.php?id=57855 - this is the most critical line of the output and instead of seeing it, we get a self-report.

Lone_Wolf wrote:

Is your computer/laptop clock set correctly ?

date

and look at a clock on your wall.

curl -vL archlinux.org > /dev/null

But i use SSH and networkmanger who come with arch when install i think.

No.
Please also post the output of

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

And

ip a; ip r

Wateir · 2024-12-29 17:27:55

❯ pacman -Qikk ca-certificates-utils
Name            : ca-certificates-utils
Version         : 20240618-1
Description     : Common CA certificates (utilities)
Architecture    : any
URL             : https://src.fedoraproject.org/rpms/ca-certificates
Licenses        : GPL-2.0-or-later
Groups          : None
Provides        : ca-certificates  ca-certificates-java
Depends On      : bash  coreutils  findutils  p11-kit
Optional Deps   : None
Required By     : aria2  curl  jdk11-openjdk  jdk17-openjdk  jdk21-openjdk  mono
Optional For    : lib32-openssl  openssl
Conflicts With  : ca-certificates-java
Replaces        : ca-certificates-java
Installed Size  : 13.63 KiB
Packager        : Jan Alexander Steffens (heftig) <heftig@archlinux.org>
Build Date      : Tue Jun 18 20:36:40 2024
Install Date    : Sun Oct 20 23:27:02 2024
Install Reason  : Installed as a dependency for another package
Install Script  : Yes
Validated By    : Signature

ca-certificates-utils: 33 total files, 0 altered files

Is your computer/laptop clock set correctly ?

❯ timedatectl
Local time: Sun 2024-12-29 18:15:50 CET
Universal time: Sun 2024-12-29 17:15:50 UTC
RTC time: Sun 2024-12-29 17:15:50
Time zone: Europe/Paris (CET, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

and look at a clock on your wall.
curl -vL archlinux.org > /dev/null

❯ curl -vL archlinux.org > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host archlinux.org:80 was resolved.
* IPv6: 2a01:4f9:c010:6b1f::1
* IPv4: 95.217.163.246
*   Trying [2a01:4f9:c010:6b1f::1]:80...
* Connected to archlinux.org (2a01:4f9:c010:6b1f::1) port 80
* using HTTP/1.x
> GET / HTTP/1.1
> Host: archlinux.org
> User-Agent: curl/8.11.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Sun, 29 Dec 2024 17:17:18 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
< Location: https://archlinux.org/
* Ignoring the response-body
* setting size while ignoring
< 
100   162  100   162    0     0    822      0 --:--:-- --:--:-- --:--:--   822
* Connection #0 to host archlinux.org left intact
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://archlinux.org/'
* Host archlinux.org:443 was resolved.
* IPv6: 2a01:4f9:c010:6b1f::1
* IPv4: 95.217.163.246
*   Trying [2a01:4f9:c010:6b1f::1]:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* error setting certificate file: /etc/ssl/certs/ca-certificates.crt
* error setting certificate file: /etc/ssl/certs/ca-certificates.crt
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* closing connection #1
curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crt

Please also post the output of
find /etc/systemd -type l -exec test -f {} ; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

❯ find /etc/systemd -type l -exec test -f {} ; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
find: missing argument to `-exec'
zsh: command not found: -print

And
ip a; ip r

❯ ip a; ip r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 8c:8c:aa:17:ac:f3 brd ff:ff:ff:ff:ff:ff
    altname enx8c8caa17acf3
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:42:38:01:66:d4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.21/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
       valid_lft 76964sec preferred_lft 76964sec
    inet6 2a01:cb0d:XXX:6600:XX:b8b3:XXXX:XXXX/64 scope global dynamic noprefixroute 
       valid_lft 86347sec preferred_lft 547sec
    inet6 fe80::70a3:be1:29f3:df46/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.21 metric 600 
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.21 metric 600

Sorry, but copy paste my terminal ooutput is really hard for me, i can acces the arch forum from my pc, need to rewrite everything

Last edited by Wateir (2024-12-29 20:48:41)

Wateir · 2024-12-29 18:02:52

I think i found the problem

❯ curl -vL archlinux.org > /dev/null
[...]
curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crt

❯ sudo pacman -S bc
[...]
error: failed retrieving file 'bc-1.07.1-5-x86_64.pkg.tar.zst' from repo.jing.rocks : error setting certificate file: /etc/ssl/certs/ca-certificates.crt

all error turn for the file

/etc/ssl/certs/ca-certificates.crt

so gonna read some docs on what is it

dakota · 2024-12-29 18:20:44

Also, the following two commands are not equivalent

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
find /etc/systemd -type l -exec test -f {} ; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

Cheers,

Wateir · 2024-12-29 18:45:05

dakota wrote:

Also, the following two commands are not equivalent

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
find /etc/systemd -type l -exec test -f {} ; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

Cheers,

I make a little mistake copy it

❯ find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
dbus-org.freedesktop.nm-dispatcher.service | system
dbus-org.freedesktop.timesync1.service   | system
display-manager.service                  | system
getty@tty1.service                       | getty.target.wants
iwd.service                              | multi-user.target.wants
NetworkManager-wait-online.service       | network-online.target.wants
NetworkManager.service                   | multi-user.target.wants
nvidia-hibernate.service                 | systemd-hibernate.service.wants
nvidia-resume.service                    | systemd-hibernate.service.wants
nvidia-resume.service                    | systemd-suspend.service.wants
nvidia-suspend.service                   | systemd-suspend.service.wants
p11-kit-server.socket                    | sockets.target.wants
pipewire-pulse.socket                    | sockets.target.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
remote-fs.target                         | multi-user.target.wants
systemd-timesyncd.service                | sysinit.target.wants
systemd-userdbd.socket                   | sockets.target.wants
wireplumber.service                      | pipewire.service.wants
xdg-user-dirs-update.service             | default.target.wants

seth · 2024-12-29 20:10:46

Sorry, but copy paste my terminal ooutput is really hard for me, i can acces the arch forum from my pc, need to rewrite everything

Redirect the outputs into files and usb-walk them to the other system.
Transcribing stuff manually is not only tedious but also error prone.
Be more lazy

iwd.service                              | multi-user.target.wants
NetworkManager-wait-online.service       | network-online.target.wants
NetworkManager.service                   | multi-user.target.wants

Disable the iwd.service, if you want to use it as NM backend, see https://wiki.archlinux.org/title/Networ … Fi_backend

/etc/ssl/certs/ca-certificates.crt

is provided by ca-certificates-utils

What happens when you run

sudo update-ca-certificates

Sidebar: edit post #10 and xx out the IPv6 that starts with 2a01 - it's a globally routable IP (at Orange, my condolences)

Also

pacman -Qikk curl

Wateir · 2024-12-29 20:51:54

Thanks for help, find a solution

use a http mirror, install ca-certificates and ca-certificates-mozilla who missing.

delete the http mirro, make a full system upgrade.

Sidebar: edit post #10 and xx out the IPv6 that starts with 2a01 - it's a globally routable IP (at Orange, my condolences)

It's okay, not my wifi, I am on some of my familly home.
And i edit and XX some part, thanks, not good to know who is a publick ip or a local one

Wateir · 2024-12-29 21:01:36

Redirect the outputs into files and usb-walk them to the other system.
Transcribing stuff manually is not only tedious but also error prone.
Be more lazy

At the time have just one pc who have the problem and my phone, so can't make that, but of course i tried to be the more lazy i can

Disable the iwd.service, if you want to use it as NM backend, see https://wiki.archlinux.org/title/Networ … Fi_backenk

I use IWD to connect to wiki, no better to use NM as backup ?

What happens when you run
sudo update-ca-certificates

I think the arch iso don't come with this since 2014, but i have trust who is the new service to use (if i understand well)

❯ sudo update-ca-certificates
sudo: update-ca-certificates: command not found

seth · 2024-12-29 21:05:54

https://deepl.com/

You can use either the iwd service or the networkmanager service, but not both.
NetworkManager can use iwd as backend, see the linked wiki, but that does NOT require to enable the iwd service and the latter would rather cause problems.

I think the arch iso don't come with this since 2014

So today want to make my weekly update of my arch config.

In what context are you running into these problems? Are you somehow updating the system from an (old) install iso??

Wateir · 2024-12-29 21:44:35

In what context are you running into these problems? Are you somehow updating the system from an (old) install iso??

I use the latest iso when install arch linux, but i make one or more update for each week. I tried to keep it to date, but not to do a pacman -Syu every second.
so no, i not have this problem after use a old iso.

Have some issue on PGB but no more issue on firefox and other

:: File /var/cache/pacman/pkg/filesystem-2024.11.25-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

But i gonna solve it, i'm not afraid to this kind of error.

seth · 2024-12-29 22:57:43

The command would btw. have been "update-ca-trust", sorry, my bad.
But the question isn't for the most part whether you're using an *old* iso to update the system but whether you're somehow using an installation iso in the update process *at all*.
Notably since you were apparently somehow missing ca-certificates and ca-certificates-mozilla which are hard dependencied for curl and therefore basically everything.

Wateir · 2024-12-29 23:21:05

not using iso since if finish my arch install.
I don't know why the problem come from.
But always nice after because resolve problem are a great way to learn how my os work. So today discovert what is ca-certificates and how important it is

Arch Linux

#1 2024-12-28 22:32:32

[SOLVED] Have internet connection, but pacman and other soft can’t use

#2 2024-12-29 01:44:23

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#3 2024-12-29 03:45:04

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#4 2024-12-29 12:23:37

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#5 2024-12-29 14:13:28

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#6 2024-12-29 14:48:59

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#7 2024-12-29 15:24:55

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#8 2024-12-29 15:38:46

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#9 2024-12-29 16:16:56

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#10 2024-12-29 17:27:55

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#11 2024-12-29 18:02:52

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#12 2024-12-29 18:20:44

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#13 2024-12-29 18:45:05

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#14 2024-12-29 20:10:46

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#15 2024-12-29 20:51:54

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#16 2024-12-29 21:01:36

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#17 2024-12-29 21:05:54

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#18 2024-12-29 21:44:35

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#19 2024-12-29 22:57:43

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

#20 2024-12-29 23:21:05

Re: [SOLVED] Have internet connection, but pacman and other soft can’t use

Board footer