- This topic has 15 replies, 4 voices, and was last updated Oct 19-1:40 pm by anticapitalista.
-
Posts
-
Sod Almighty
I am getting certificate errors when I try to connect to online servers. Errors like “x509: certificate signed by unknown authority”.
I believe this is due to the root certificate expiry issue that is causing so many issues this month.
Is this something I can fix; or do we need to wait for a new AntiX release? And if the latter, then when might this happen?
Attachments:
anticapitalista
antiX doesn’t use docker.
You will have to ask there for help.Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
This is not a docker question. This is an operating system question.
Docker was simply a convenient example.
The IdenTrust DST Root CA X3 expired on the 30th of September (see https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry), and anyone using a legacy operating system (such as MacOS El Capitan or Windows XP) is unable to view most websites anymore. This problem is clearly bleeding over into AntiX.
So I ask again: can I do something to fix this, or must I wait for another release?
- This reply was modified 1 year, 6 months ago by Sod Almighty. Reason: Why don't you support markdown?
anticapitalista
If that is the case, then upstream Debian will certainly provide a fix, if it hasn’t done so already.
You haven’t told us which version of antiX you are using.Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
What version of Debian is the current release of AntiX based on? If it isn’t the most recent, then Debian may not provide a fix at all.
Will such fixes automatically be applied when doing “apt upgrade” or will I need to wait for a new release of AntiX? I don’t know what part of the operating system is responsible for this functionality, and if it’s even possible to upgrade that part without installing a whole new distro.
anticapitalista
Why are you refusing to tell us what antiX version you are using, as requested?
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Because I didn’t see your request. I am using AntiX version 19.4 64-bit.
rokytnji
sudo apt-get updatesudo apt-get dist-upgradeWhen asked. answer yes when asked. Always works for me unless this is a live run thread.
Post this output
inxi -Fxz -rSo members can see what you are dealing with with more detail given.
Sometimes I drive a crooked road to get my mind straight.
Not all who Wander are Lost.
I'm not outa place. I'm from outer space.Linux Registered User # 475019
How to Search for AntiX solutions to your problemsI had already tried dist-upgrade; but sure, I’ll try it again.
As you can see, the error is not limited to docker. It happens with curl and wget also. It’s a real issue. I know it’s a real issue, because it’s affecting me on my Mac (running a pretty old operating system) as well.
- This reply was modified 1 year, 6 months ago by Sod Almighty. Reason: Non-intuitive handling of backticks
Attachments:
Xecure
Any terminal output for?
apt install ca-certificates update-ca-certificatesantiX Live system enthusiast.
General Live Boot Parameters for antiX.Thank you. That seems to have fixed it.
So…was it “broken” before? I mean, I would expect to be able to run curl or wget from a fresh installation of pretty much any Linux, right? Sure, I might have to install wget or curl using apt, but if said installation didn’t pull in the required certificates – and if they weren’t present on the system already – then how is the user (i.e. me) supposed to know?
I’ve used Linux for almost a decade; I’m a programmer and computer enthusiast – and yet, I didn’t know that I had to install ca-certificates. So either (a) apt should have pulled them in when I installed wget and curl; or (b) the operating system should come with them preinstalled. Yes?
Attachments:
anticapitalista
I didn’t know that I had to install ca-certificates. So either (a) apt should have pulled them in when I installed wget and curl; or (b) the operating system should come with them preinstalled. Yes?
All versions of antiX (except net – which is for experts) come with ca-certificates installed.
antix&pkglist=true&version=19.4#pkglist
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Xecure
As the antiX net edition doesn’t include a lot of packages by default (to remain as small as possible), it probably brings old certificates (or maybe non at all) and requires the user to install the needed packages for certificates.
I didn’t know what packages the net version brings (as I prefer the core install to the net), so I checked and recommended to install this ca-certificates package (I didn’t know either if you had already installed it, so I added the extra command to update the certificates).
So either (a) apt should have pulled them in when I installed wget and curl; or (b) the operating system should come with them preinstalled.
It will not install as a hard dependency, in case you use a different method to manage certificates. It is recommended by a few packages (like wget), but as I said before, it isn’t a hard dependency.
antiX Net edition is meant to be used for building a system from the ground up, with the minimum needed for it to function in an offline environment. Any extra things are up to the user. I would even say that it requires even more experience and expertise to build from antiX net than from Debian net, as Debian has recommends enabled by default.
antiX Live system enthusiast.
General Live Boot Parameters for antiX.I see. So, if I had used the core installer, these would have been installed automatically? And presumably – given that update-ca-certificates did nothing – would not have needed fixing? Hmm.
Indeed, it does seem that ca-certificates is “recommended” by apt when installing wget and curl. I guess I just didn’t notice at the time.
antiX Net edition is meant to be used for building a system from the ground up, with the minimum needed for it to function in an offline environment
Ironic, don’t you think, for something called “net”? Especially when you consider that it has to be connected to the internet to install (doesn’t it?) Surely a system intended to “function in an offline environment” would lack an internet connection and require the use of a full installer disc?
It was not obvious to me that the net installer would install a more minimal system than the core installer. Is that mentioned anywhere? I figured that the net installer was just a smaller up-front download. Maybe you should make this more clear on the download page.
Thank you Xecure, for your help.
- This reply was modified 1 year, 6 months ago by Sod Almighty.
- This reply was modified 1 year, 6 months ago by Sod Almighty.
- This reply was modified 1 year, 6 months ago by Sod Almighty.
anticapitalista
I
It was not obvious to me that the net installer would install a more minimal system than the core installer. Is that mentioned anywhere? I figured that the net installer was just a smaller up-front download. Maybe you should make this more clear on the download page.
Thank you Xecure, for your help.
Yes. In the release notes. Link is on the front page of this forum in Announcements.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
- You must be logged in to reply to this topic.
