Learn more about these different git repos.
Other Git URLs
I came across this today, after updating crypto-policies in Rawhide:
fedpkg -v build Creating repo object from /home/david/checkout/rpms/gnome-logs Could not read /home/david/.koji/config for config values Initiating a koji session to http://koji.fedoraproject.org/kojihub Could not execute build: [('SSL routines', 'SSL3_CLIENT_HELLO', 'no ciphers available')] Traceback (most recent call last): File "/usr/bin/fedpkg", line 16, in <module> main() File "/usr/lib/python2.7/site-packages/fedpkg/__main__.py", line 68, in main sys.exit(client.args.command()) File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 938, in build sets, nvr_check) File "/usr/lib/python2.7/site-packages/pyrpkg/__init__.py", line 1717, in build build_target = self.kojisession.getBuildTarget(self.target) File "/usr/lib/python2.7/site-packages/pyrpkg/__init__.py", line 396, in kojisession self.load_kojisession() File "/usr/lib/python2.7/site-packages/pyrpkg/__init__.py", line 248, in load_kojisession defaults['serverca']) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1729, in ssl_login sinfo = self.callMethod('sslLogin', proxyuser) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1778, in callMethod return self._callMethod(name, args, opts) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1898, in _callMethod return self._sendCall(handler, headers, request) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1809, in _sendCall return self._sendOneCall(handler, headers, request) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1827, in _sendOneCall cnx.endheaders() File "/usr/lib64/python2.7/httplib.py", line 991, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 844, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 820, in send self.sock.sendall(data) File "/usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py", line 108, in sendall sent = con.send(data, flags) OpenSSL.SSL.Error: [('SSL routines', 'SSL3_CLIENT_HELLO', 'no ciphers available')]
I was advised to file it as a releng ticket by pingou on #fedora-devel. It seems like this change is only on the master branch of crypto-policies, not f21:
http://pkgs.fedoraproject.org/cgit/crypto-policies.git/commit/?id=9e4e7ddc76b3f22db8fd4a15eba9ed4140a831fa
I'd suggest filing a bug (in bugzilla)
koji currently hard codes SSLv3 use.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1152823
So, short term:
There should be a way to override crypto-policys to allow this. If we find such a way we should document it, or at least notify rawhide users in devel list. ;)
We should push out the change to switch it to TLS.
I don't think there's anything releng can do here...
Metadata Update from @amigadave: - Issue set to the milestone: Fedora 21 Final
Login to comment on this ticket.