Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timestamp flag (-t) doesn't work by default #1

Open
willf opened this issue Dec 16, 2024 · 1 comment
Open

Timestamp flag (-t) doesn't work by default #1

willf opened this issue Dec 16, 2024 · 1 comment

Comments

@willf
Copy link

willf commented Dec 16, 2024

Neither -t digicert nor -t sectigo work; they don't find the local certs in src/nabit/certs

Logs:

❯ nabit archive example_bag -u https://example.com/ -i "Title:Example Dataset" -t digicert
Creating package at example_bag ...
Validating package at example_bag ...
SUCCESS: headers.warc found
SUCCESS: bag format is valid
OpenSSL error: openssl ts -verify -data example_bag/tagmanifest-sha256.txt -in example_bag/signatures/tagmanifest-sha256.txt.tsr -CAfile example_bag/signatures/tagmanifest-sha256.txt.tsr.crt
b'Using configuration from /usr/local/etc/openssl@1.1/openssl.cnf\n8643691008:error:2F06D064:time stamp routines:ts_verify_cert:certificate verify error:crypto/ts/ts_rsp_verify.c:184:Verify error:unable to get local issuer certificate\n'
ERROR: Signature verification failed: Command '['openssl', 'ts', '-verify', '-data', PosixPath('example_bag/tagmanifest-sha256.txt'), '-in', PosixPath('example_bag/signatures/tagmanifest-sha256.txt.tsr'), '-CAfile', PosixPath('example_bag/signatures/tagmanifest-sha256.txt.tsr.crt')]' returned non-zero exit status 1.
WARNING: Unknown signature file: example_bag/signatures/tagmanifest-sha256.txt.tsr.crt
WARNING: No signatures found
WARNING: No timestamps found
Error: Errors found in package

❯ nabit archive example_bag -u https://example.com/ -i "Title:Example Dataset" -t digicert
Creating package at example_bag ...
Validating package at example_bag ...
SUCCESS: headers.warc found
SUCCESS: bag format is valid
OpenSSL error: openssl ts -verify -data example_bag/tagmanifest-sha256.txt -in example_bag/signatures/tagmanifest-sha256.txt.tsr -CAfile example_bag/signatures/tagmanifest-sha256.txt.tsr.crt
b'Using configuration from /usr/local/etc/openssl@1.1/openssl.cnf\n8639119872:error:2F06D064:time stamp routines:ts_verify_cert:certificate verify error:crypto/ts/ts_rsp_verify.c:184:Verify error:unable to get local issuer certificate\n'
ERROR: Signature verification failed: Command '['openssl', 'ts', '-verify', '-data', PosixPath('example_bag/tagmanifest-sha256.txt'), '-in', PosixPath('example_bag/signatures/tagmanifest-sha256.txt.tsr'), '-CAfile', PosixPath('example_bag/signatures/tagmanifest-sha256.txt.tsr.crt')]' returned non-zero exit status 1.
WARNING: Unknown signature file: example_bag/signatures/tagmanifest-sha256.txt.tsr.crt
WARNING: No signatures found
WARNING: No timestamps found
Error: Errors found in package
@jcushman
Copy link
Contributor

This turned out to be because of OpenSSL 1.1 being installed; it worked with OpenSSL 3.

Probably nabit should warn if openssl version is less than 3.

Also possibly this could be made to work with v.1, but it's end-of-life anyway, so I'm not messing with that for now. Would happily look at a PR if someone wants to debug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willf @jcushman