[pca] FW: Pardon my question

Jones, Eric CIV SRF 1236 Eric.Jones at srf.navy.mil
Wed Dec 8 01:40:32 CET 2010 

I'm up to date with pca 200909, wget 1.12, openssl-1.0.0.b, libgcc and gcc.
So the --no-check-certificate should go in the wgetrc file or and in line
addition to the pca call?




 Eric R. Jones
SRF JRMC
C1236
DSN 315-243-4196

STICK \'stik\ n. 1: A boomerang that doesn't work.
-----Original Message-----
From: pca-bounces at lists.univie.ac.at [mailto:pca-bounces at lists.univie.ac.at]
On Behalf Of Nishimura, Scott L (IT Solutions)
Sent: Wednesday, December 08, 2010 9:17 AM
To: PCA (Patch Check Advanced) Discussion
Subject: Re: [pca] FW: Pardon my question

I'm not sure what the minimum version of wget is; I had to upgrade from 1.10
to 1.12 over the summer because the https stuff wasn't working anymore.  If
you add the "--debug" string to your command, it will tell you which wget
it's using and what version it is.

Anyhoo, with v1.12, "--no-check-certificate" is an option:

# /usr/sfw/bin/wget -help | grep certi
       --no-check-certificate   don't validate the server's certificate.
       --certificate=FILE       client certificate file.
       --certificate-type=TYPE  client certificate type, PEM or DER.
       --ca-certificate=FILE    file with the bundle of CA's.

In order to upgrade, I went to www.sunfreeware.com and also had to first
upgrade/install other stuff:

openssl-1.0.0
libiconv
libidn
libintl
/usr/local/lib/libgcc_s.so.1 and /usr/local/lib/libstdc++.so.6 need to exist
by installing libgcc-3.4.6 or gcc-3.4.6. 

I chose gcc.

-----Original Message-----
From: pca-bounces at lists.univie.ac.at
[mailto:pca-bounces at lists.univie.ac.at] On Behalf Of Nishimura, Scott L (IT
Solutions)
Sent: Tuesday, December 07, 2010 4:11 PM
To: PCA (Patch Check Advanced) Discussion
Subject: EXTERNAL:Re: [pca] FW: Pardon my question

I have the line

check-certificate=off

in my $HOME/.wgetrc

-----Original Message-----
From: pca-bounces at lists.univie.ac.at
[mailto:pca-bounces at lists.univie.ac.at] On Behalf Of Jones, Eric CIV SRF
1236
Sent: Tuesday, December 07, 2010 4:08 PM
To: PCA (Patch Check Advanced) Discussion
Subject: EXTERNAL:Re: [pca] FW: Pardon my question

I put --sshost and debug after the call to wget but before the external file
reference.
At the start of the output I get the same information that appears in my
pcapatchlog file until the end where I get this:

"Patchadd is terminating.
/usr/local/bin/wget --progress=dot:binary
"https://getupdates.oracle.com/pdownload.do?target=144560-02&method=h"
-O //./144560-02.tmp
--2010-12-08 08:31:06--
https://getupdates.oracle.com/pdownload.do?target=144560-02&method=h
Resolving getupdates.oracle.com (getupdates.oracle.com)... 192.18.110.9
Connecting to getupdates.oracle.com
(getupdates.oracle.com)|192.18.110.9|:443... connected.
ERROR: cannot verify getupdates.oracle.com's certificate, issued by
`/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 VeriSign':
  Unable to locally verify the issuer's authority.
To connect to getupdates.oracle.com insecurely, use
`--no-check-certificate'.
patchxdir: /tmp/pca.334655" 

At first look in my log file it appears that the 2 files in question relate
to an application that is already installed and patched so that's why it
gets rejected. Simple enough to test on other servers; However, the pasted
part above leads me to believe there is some type of connection error due to
certificates. I placed the --no-check-certificate line but all I get is an
error related to "-n".
I checked pca -V and no such option of --no-check-certificate exists and
it's not in wget -help either.

I tried this on two other servers, one X86 based and the returns were the
same for both but different from the first. I'm not getting the certificate
error but it's not still erroring out.

"Downloading xref file to /var/tmp/patchdiag.xref Trying
https://getupdates.oracle.com/ (1/1) Failed (Unknown Error) Failed
(patchdiag.xref not found) Using /var/tmp/patchdiag.xref from Dec/03/10
Host: yuni21 (SunOS 5.10/Generic_144488-04/sparc/sun4u)
List: missing (0/0)"



Here is my modified script.

/usr/local/bin/pca -i -V --sshost=getupdates.oracle.com
--user=eric.jones at srf.navy.mil --passwd=4004brl275
--wget=/usr/local/bin/wget  >> /var/sadm/patch/pcapatchlog


 Eric R. Jones
SRF JRMC
C1236
DSN 315-243-4196

STICK \'stik\ n. 1: A boomerang that doesn't work.
-----Original Message-----
From: pca-bounces at lists.univie.ac.at
[mailto:pca-bounces at lists.univie.ac.at] On Behalf Of Nishimura, Scott L (IT
Solutions)
Sent: Wednesday, December 08, 2010 8:07 AM
To: PCA (Patch Check Advanced) Discussion
Subject: Re: [pca] FW: Pardon my question

Eric,

   It took me a while to get my setup working.  I kept running into

Resolving proxy_name... proxy_IP
Connecting to proxy_name|proxy_IP|:80... connected.
Proxy request sent, awaiting response... 503 Service Unavailable
2010-11-29 16:33:09 ERROR 503: Service Unavailable.

I finally figured out that if I added --sshost=getupdates.oracle.com to my
command string, it worked.  "sshost" means "Sunsolve Host"; nothing to do
with "ssh" as I first thought.

I also include --wgetproxy in my command string although I guess I'm being
redundant since I have it in $HOME/.wgetrc as well.

What kind of output do you get if you include "--debug"?


Scott



-----Original Message-----
From: pca-bounces at lists.univie.ac.at
[mailto:pca-bounces at lists.univie.ac.at] On Behalf Of Jones, Eric CIV SRF
1236
Sent: Tuesday, December 07, 2010 2:55 PM
To: PCA (Patch Check Advanced) Discussion
Subject: EXTERNAL:Re: [pca] FW: Pardon my question

Yes, I have had a My Oracle Support account for some time so that wasn't an
issue.
I have switched my login in pca to my oracle account username and password.
I made script to call pca and pass the relevant information to it and wget.
"
#!/bin/sh
#
# Script to run the patch tool
#

/usr/local/bin/pca -i --user=fname.lname@^$^$$.#$# --passwd=@#$@$@$@#$@#
--wget =/usr/local/bin/wget >> /var/sadm/patch/pcapatchlog "


 Eric R. Jones
SRF JRMC
C1236
DSN 315-243-4196

STICK \'stik\ n. 1: A boomerang that doesn't work.
-----Original Message-----
From: pca-bounces at lists.univie.ac.at
[mailto:pca-bounces at lists.univie.ac.at]
On Behalf Of Nishimura, Scott L (IT Solutions)
Sent: Wednesday, December 08, 2010 7:47 AM
To: PCA (Patch Check Advanced) Discussion
Subject: Re: [pca] FW: Pardon my question

Eric,

  Did you sign up for the new MOS [My Oracle Support] account and are you
using those credentials in your pca execution?  Sunsolve credentials won't
work with the new getupdates.oracle.com, AFAIK.


Scott

-----Original Message-----
From: pca-bounces at lists.univie.ac.at
[mailto:pca-bounces at lists.univie.ac.at] On Behalf Of Jones, Eric CIV SRF
1236
Sent: Tuesday, December 07, 2010 2:43 PM
To: pca at lists.univie.ac.at
Subject: EXTERNAL:[pca] FW: Pardon my question

Hello, I have been following the posts on the new process to get patches
from Oracle.
I'm still able to get downloads, as of yesterday Japan time, from the
sunsolve.sun.com url in the PCA application.
Do I need to modify the url's in the script to read getupdates.oracle.com
manually or is a new pca script forth coming?
I have already done a find and replace, it attempts to get the
patchdiag.xref but it fails stating:

"Trying https://getupdates.oracle.com/ (1/1) Failed (Unknown Error) Failed
(patch not found)"

Installing 144560-02 (2/2)
Failed - missing patch file (07:36:46/00:00:00/00:01:30, 2/2, 0/0/2)

And then lists the summary of total, successful, skipped and failed.


 Eric R. Jones
SRF JRMC
C1236
DSN 315-243-4196

STICK \'stik\ n. 1: A boomerang that doesn't work.







-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5285 bytes
Desc: not available
Url : https://lists.univie.ac.at/mailman/private/pca/attachments/20101208/a44a2a33/attachment.bin

More information about the pca mailing list