Comments (11)
same issue for me, can we have a workaround way? like disable the ssl cert?
-----> Apt Buildpack version 0.2.7
**WARNING** buildpack version changed from 0.2.6 to 0.2.7
-----> Adding apt keys
Warning: apt-key output should not be parsed (stdout is not a terminal)
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver internal error
gpg: WARNING: unable to fetch URI https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xEB9B1D8886F44E2A: keyserver error
**ERROR** Error running supply: could not add apt key https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xEB9B1D8886F44E2A
Executing: /tmp/apt-key-gpghome.12SwVlVXe5/gpg.1.sh --fetch-keys https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xEB9B1D8886F44E2A
gpgkeys: https fetch error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
exit status 2
**ERROR** Unable to run all buildpacks: Failed to run all supply scripts: exit status 14
from apt-buildpack.
root cause: Let's Encrypt R3 Intermediate Certificate Expiration (30 September 2021)
Do you run websites that are signed via Let's Encrypt certificates? Then there could possibly be problems on September 30, 2021. This is because the root certificate used by Let's Encrypt to sign client certificates will lose its validity on this day (expiry of Intermediate R3 on 2021/09/29 at 19:21:40 GMT – the DST Root CA X3 expires on 2021/09/30 14:01:15 GMT). Clients that only know the old root certificates will not be able to verify Let's Encrypt server certificates after that.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
from apt-buildpack.
fixed. change the https to http
apt.yaml
---
packages:
- openjdk-8-jre
repos:
- deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main
keys:
- http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xEB9B1D8886F44E2A
from apt-buildpack.
That a workaround but not a solution. When you request the certificate via http that request could be intercepted and you could get a spoofed certificate. It also might be that the site is only reachable via https.
Is there something like a base image for this buildpack? Would that the right place to add the new Let's Encrypt Root certificate?
from apt-buildpack.
Hi @gregorwolf and @mstiunicon. If I understand correctly, as of Sept. 30th, the specific dependency that you are trying to install via the apt-buildpack can no longer install it due to a need for different certificates?
from apt-buildpack.
Correct.
from apt-buildpack.
It seems like you need a way to update the certs during staging for the buildpack to access possibly. This seems beyond the apt-buildpack scope. Have you tried following something like https://docs.cloudfoundry.org/running/trusted-system-certificates.html to add the Let's Encrypt Root cert?
from apt-buildpack.
What is the base for apt-buildpack? Might it be worth filing an incident there?
from apt-buildpack.
OK, I think I've got it now reading the documentation Trusted System Certificates. This documentaiton states:
admin configures these certificates
So I think I have to reach out to SAP as the provider of the Cloud Foundry environment where I face this issue and ask them to add the updated Let's Encrypt Root cert?
from apt-buildpack.
@gregorwolf I think so. I don't think it's something you'd configure with the buildpack or it's base image. The buildpack runs on the cflinuxfs3 stack
from apt-buildpack.
Seems that the issue was solved by SAP now.
from apt-buildpack.
Related Issues (20)
- Release: apt-buildpack (Apr) HOT 2
- Unable to deploy NodeJS app with cflinuxfs4 HOT 4
- Release: apt-buildpack (May) HOT 1
- failed apt-get install Reading package lists... HOT 2
- Fix buildpack integration tests failing on cflinuxfs4 HOT 1
- Release: apt-buildpack (Jun) HOT 1
- Release: apt-buildpack (Jul)
- **ERROR** Apt buildpack requires apt.yml
- Release: apt-buildpack (Aug)
- Release: apt-buildpack (Sep) HOT 1
- Migrate away from using apt-key
- Release: apt-buildpack (Oct) HOT 1
- Only first key is imported from given URL HOT 1
- Release: apt-buildpack (Nov) HOT 1
- Release: apt-buildpack (Dec) HOT 1
- Release: apt-buildpack (Jan) HOT 1
- Unable to get the offline apt-buildpack to work
- Release: apt-buildpack (Feb) HOT 1
- Release: apt-buildpack (02-29) HOT 1
- Release: apt-buildpack (Mar)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apt-buildpack.