Re: [lmi] debian chroot in redhat

[Vadim Zeitlin]

On Thu, 3 Oct 2019 00:16:59 +0000 Greg Chicares <address@hidden> wrote:

GC> /home/greg[0]#schroot --chroot=centos7 --user=root --directory=/tmp 
GC> [root@ugolyok]/tmp# curl -v 
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
>|/dev/null
GC>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
GC>                                  Dload  Upload   Total   Spent    Left  
Speed
GC>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    
 0* About to connect() to dl.fedoraproject.org port 443 (#0)
GC> *   Trying 209.132.181.25...
GC> * Connected to dl.fedoraproject.org (209.132.181.25) port 443 (#0)
GC> * Initializing NSS with certpath: sql:/etc/pki/nssdb
GC> * WARNING: failed to load NSS PEM library libnsspem.so. Using OpenSSL PEM 
certificates will not work.

 OK, this seems clear enough: you must not have this library installed
somehow (this is surprising because I have it even in my very minimal
installation). It is provided by this package:

        % rpm -qf /usr/lib64/libnsspem.so
        nss-pem-1.0.3-7.el7.x86_64

so I'd expect "yum install nss-pem" to solve the problem. Does it?

GC> >  Well, you could use "curl --insecure" to download the package and then
GC> > "rpm -i" to install it (I don't know how to pass extra curl options
GC> > directly via rpm, or even if it's possible at all). But this shouldn't be
GC> > necessary, of course...
GC> 
GC> Let me try 'wget' because I'm more familiar with it than with 'curl'.

 FWIW I used to prefer wget to curl too, but I've converted to curl with
time, it's simpler and less surprising.

GC> [root@ugolyok]/tmp# rpm -ivh epel-release-latest-7.noarch.rpm               
                      
GC> warning: epel-release-latest-7.noarch.rpm: Header V3 RSA/SHA256 Signature, 
key ID 352c64e5: NOKEY
GC> Preparing...                          ################################# 
[100%]
GC> Updating / installing...
GC>    1:epel-release-7-12                ################################# 
[100%]
GC> 
GC> That seems really encouraging. However, when I move on to the next step,
GC> it fails as posted at the end of this message. Options 3, 4, and 5 seem
GC> to suggest suppressing this EPEL repository, but AFAICS that can't help.
GC> Option 1 doesn't look like a winner, either: I've followed many links on
GC> the web, and found no evidence that this is fedora's problem. Is option 2
GC> worth trying, and if so, how, specifically?
GC> 
GC> [root@ugolyok]/tmp# yum install -y debootstrap.noarch
GC> Loaded plugins: fastestmirror, keys, protectbase
GC> Loading mirror speeds from cached hostfile
GC> 
GC> 
GC>  One of the configured repositories failed (Unknown),
[...]
GC> Cannot retrieve metalink for repository: epel/x86_64. Please verify its 
path and try again

 I hope it could be also due to the missing nss-pem library, as metalink
(in /etc/yum.repos.d/epel.repo) also uses HTTPS URL, of course. Could you
please retry this after installing the package mentioned above?

 Good luck!
VZ

pgp6hUg0lOmUE.pgp
Description: PGP signature