MiSTer FPGA Forum

Posted: **Mon Feb 01, 2021 5:18 pm**

When I run the 'update security' script, I get an error message saying:

mv: cannot move '/etc/ssl/certs/cert.pem' to '/etc/ssl/certs/<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">.pem': no such file or directory.

obviously, I could create that directory, but I have a nagging suspicion that's not the actual name of the directory it's supposed to be copying stuff into.

After that failure, it says, 'CA certificates have been successfully fixed.', but if I run the security update script again, it again tells me my certs need to be fixed and just goes through the same process with the error message.

Any thoughts?

Posted: **Mon Feb 01, 2021 7:01 pm**

The problem is because whatever variable is plugging in `<!DOCTYPE HTML PUBLIC" -//IETC/DTD HTML 2.0//EN">` must be messed up. It looks like the parts that are supposed to echo sections into the cert itself or another file are just being passed into the filename.

Posted: **Mon Feb 01, 2021 8:32 pm**

Gotcha. I'll try to find the script on the file system and dissect it to see where it's falling apart.

Posted: **Mon Feb 01, 2021 8:52 pm**

Found it. The url to grab the certs has changed from https://curl.haxx.se/ca/cacert.pem to https://curl.se/ca/cacert.pem
Fixed the url and the certs updated without any issues.

Posted: **Mon Feb 01, 2021 9:44 pm**

Ah, great job! You should submit a pull request on github for the script with the fix you included.

https://github.com/MiSTer-devel/Scripts ... y_fixes.sh

Posted: **Tue Feb 02, 2021 11:09 am**

I just tested https://curl.haxx.se/ca/cacert.pem and it seems to work?
Maybe a temporary issue?

Regards.
Locutus73

Posted: **Tue Feb 02, 2021 3:25 pm**

Locutus73 wrote: ↑Tue Feb 02, 2021 11:09 am I just tested https://curl.haxx.se/ca/cacert.pem and it seems to work?
Maybe a temporary issue?

Regards.
Locutus73

That sounds like a borg plot to me!

Posted: **Mon Jul 11, 2022 2:59 pm**

hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly

Posted: **Mon Jul 11, 2022 4:03 pm**

salamantecas wrote: ↑Mon Jul 11, 2022 2:59 pm hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly

Login to the mister over ssh, and then run rm -rf /media/fat/scripts/.config

Rerun the script, see if that fixes it for ya.

Posted: **Tue Jul 12, 2022 5:41 am**

aberu wrote: ↑Mon Jul 11, 2022 4:03 pm
salamantecas wrote: ↑Mon Jul 11, 2022 2:59 pm hello, it gives me a strange error recently and it tells me that I do not have the cert.perm in the /etc/ssl/certs/cacert.perm folder
If I try to copy it, it tells me an error because the destination is read-only and there is no way to insert it, instead I have a folder full of files with a pem extension. I didn't do anything weird just run update all from time to time until one day it gave a certificate error, I've run security_fixes but it doesn't solve the problem either
Do you know any ssh command that can make me download the cacert.perm to the correct path directly from the mister. I'm not fluent in linux, thanks in advance and I hope I've explained myself since the translator sometimes doesn't execute the translation correctly
Login to the mister over ssh, and then run rm -rf /media/fat/scripts/.config

Rerun the script, see if that fixes it for ya.

Thanks for the help and response, in my case it has not worked, it just keeps thinking and seems to delete the hidden folder /.config
I think the sd card must have been corrupted, which could already be. I will do a fresh install. Thank you very much for answering

Posted: **Thu Jul 14, 2022 3:28 pm**

Check to be sure your date and time in the Mister are correct. We had another person with a similar-sounding problem that wasn't getting the clock set by the NTP daemon. You can just look at the main menu header; where it says MiSTer and shows a network and RAM icon, to the right should be the date and time. If it's blank up there, your time is probably not being set correctly.

MiSTer FPGA Forum

Security Update Failing on Cert Update

Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update

Re: Security Update Failing on Cert Update