(Migrated) Unable to install Zato on ubuntu

(This message has been automatically imported from the retired mailing list)

Hi all,

just joined the list! I’m Marc and am working in IT since the 90’s.
First purely on application building (ERP systems) and the last 8 years
purely integration. Untill now Sonic and just started sniffing at
Biztalk. Since 1995 a devoted Linux user (forced to work on a Windows
laptop at my employer but this might become handy when developing
Biztalk for a living… I started with Slackware after that worked with
Mandrake but when hey became to commercial switched to ubuntu and never
looked back.

I have set up a VPS to do some testing and wanted to have a go with
Zato. Just to see what else is out there. The VPS runs Ubuntu 14.04 LTS
and I tried to follow the installation instructions on the Zato website.
However it fails when adding the certificate:

root@littleone:~# curl -s https://zato.io/repo/zato-0CBD7F72.pgp.asc |
apt-key add -
gpg: no valid OpenPGP data found.

So I added the “-k” because it appears it was complaining about a
selfsigned certificate but as expected this was just moving the problem
a step further in the process when i did the apt-get update:

Ign https://zato.io trusty Release
Err https://zato.io trusty/main amd64 Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
Err https://zato.io trusty/main i386 Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
Ign https://zato.io trusty/main Translation-en
Fetched 3617 kB in 4s (793 kB/s)
W: Failed to fetch
https://zato.io/repo/stable/2.0/ubuntu/dists/trusty/main/binary-amd64/Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none

W: Failed to fetch
https://zato.io/repo/stable/2.0/ubuntu/dists/trusty/main/binary-i386/Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none

E: Some index files failed to download. They have been ignored, or old
ones used instead.

Anybody have an idea how to solve this?

With Kind Regards,

Marc Fellman

Found a workaround:

added /etc/apt/aptconf.d/99zato

with:

Acquire::https::zato.io {
Verify-Peer “false”;
Verify-Host “false”;
}

But this is a “slightly” insecure option of course.

Marc

On 26-5-2016 8:48, Marc Fellman wrote:

Hi all,

just joined the list! I’m Marc and am working in IT since the 90’s.
First purely on application building (ERP systems) and the last 8
years purely integration. Untill now Sonic and just started sniffing
at Biztalk. Since 1995 a devoted Linux user (forced to work on a
Windows laptop at my employer but this might become handy when
developing Biztalk for a living… I started with Slackware after that
worked with Mandrake but when hey became to commercial switched to
ubuntu and never looked back.

I have set up a VPS to do some testing and wanted to have a go with
Zato. Just to see what else is out there. The VPS runs Ubuntu 14.04
LTS and I tried to follow the installation instructions on the Zato
website. However it fails when adding the certificate:

root@littleone:~# curl -s https://zato.io/repo/zato-0CBD7F72.pgp.asc |
apt-key add -
gpg: no valid OpenPGP data found.

So I added the “-k” because it appears it was complaining about a
selfsigned certificate but as expected this was just moving the
problem a step further in the process when i did the apt-get update:

Ign https://zato.io trusty Release
Err https://zato.io trusty/main amd64 Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
Err https://zato.io trusty/main i386 Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
Ign https://zato.io trusty/main Translation-en
Fetched 3617 kB in 4s (793 kB/s)
W: Failed to fetch
https://zato.io/repo/stable/2.0/ubuntu/dists/trusty/main/binary-amd64/Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none

W: Failed to fetch
https://zato.io/repo/stable/2.0/ubuntu/dists/trusty/main/binary-i386/Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none

E: Some index files failed to download. They have been ignored, or old
ones used instead.

Anybody have an idea how to solve this?

With Kind Regards,

Marc Fellman

On 26/05/16 10:09, Marc Fellman wrote:

Found a workaround:

added /etc/apt/aptconf.d/99zato

with:

Acquire::https::zato.io {
Verify-Peer “false”;
Verify-Host “false”;
}

But this is a “slightly” insecure option of course.

Hi Marc,

what is the curl/apt-get version that you are using?

There is nothing wrong with the certificate - you can visit
https://zato.io from your browser and confirm that it is a valid one.

regards,

Hi Dariusz,

On 27-5-2016 12:10, Dariusz Suchojad wrote:

On 26/05/16 10:09, Marc Fellman wrote:

Found a workaround:

added /etc/apt/aptconf.d/99zato

with:

Acquire::https::zato.io {
Verify-Peer “false”;
Verify-Host “false”;
}

But this is a “slightly” insecure option of course.
Hi Marc,

what is the curl/apt-get version that you are using?

I’m testing on a VPS instance with Ubuntu 14.04 LTS installed.

marc@littleone:~$ curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f
zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL
libz TLS-SRP
marc@littleone:~$ apt-get --version
apt 1.0.1ubuntu2 for amd64 compiled on Aug 1 2015 19:20:48
Supported modules:
*Ver: Standard .deb
*Pkg: Debian dpkg interface (Priority 30)
Pkg: Debian APT solver interface (Priority -1000)
S.L: ‘deb’ Standard Debian binary tree
S.L: ‘deb-src’ Standard Debian source tree
Idx: Debian Source Index
Idx: Debian Package Index
Idx: Debian Translation Index
Idx: Debian dpkg status file
Idx: EDSP scenario file

There is nothing wrong with the certificate - you can visit
https://zato.io from your browser and confirm that it is a valid one.
I saw nothing strange on the website but if i disable the workaround I
get this:
Ign https://zato.io trusty/main Translation-en
Err https://zato.io trusty/main amd64 Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
Err https://zato.io trusty/main i386 Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
Fetched 4539 kB in 5s (839 kB/s)
W: Failed to fetch
https://zato.io/repo/stable/2.0/ubuntu/dists/trusty/main/binary-amd64/Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none

W: Failed to fetch
https://zato.io/repo/stable/2.0/ubuntu/dists/trusty/main/binary-i386/Packages
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none

E: Some index files failed to download. They have been ignored, or old
ones used instead.

So something is off. And the only way to be able to install was that
workaround.

regards,

On 27/05/16 13:32, Marc Fellman wrote:

So something is off. And the only way to be able to install was that
workaround.

Right - can you also please tell me what time it is on this server?

$ date

thanks,

On 27-5-2016 13:37, Dariusz Suchojad wrote:

On 27/05/16 13:32, Marc Fellman wrote:

So something is off. And the only way to be able to install was that
workaround.
Right - can you also please tell me what time it is on this server?

$ date
Fri May 27 15:11:08 MSK 2016

thanks,

Hi Rafał,

On 27-5-2016 15:06, Rafał Krysiak wrote:

On 26.05.2016 08:48, Marc Fellman wrote:

root@littleone:~# curl -s https://zato.io/repo/zato-0CBD7F72.pgp.asc |
apt-key add -
gpg: no valid OpenPGP data found.
Hello Marc,

I can’t reproduce it, either, so how about using separate commands
instead of a pipe:

root@littleone:~# curl -s https://zato.io/repo/zato-0CBD7F72.pgp.asc
root@littleone:~# apt-key add zato.io/repo/zato-0CBD7F72.pgp.asc

Does that work for you?

I tried that as well and where it previously didn’t return a certificate
at all (except when adding the -k in the curl) it now works as designed
and the apt-get update is fine now as well!

Marc