This site is now 100% read-only, and retired.

XML Logo

Posted by Alucard on Wed 25 Jul 2007 at 20:13
Tags: none.
Is there a way to fix/remove/ignore these errors? To trust Comcast's certificate, ideally? I get these errors every time I send a message through my mail server (which then forwards to Comcast's), and logwatch picks them up and forwards the complaints in my daily e-mails. Fortunatly the mails go through, but I'd still like to fix this if possible.

Jul 25 15:03:41 organa postfix/smtp [1859] : setting up TLS connection to smtp.comcast.net
Jul 25 15:03:41 organa postfix/smtp [1859] : certificate verification failed for smtp.comcast.net: num=20:unable to get local issuer certificate
Jul 25 15:03:41 organa postfix/smtp [1859] : certificate verification failed for smtp.comcast.net: num=27:certificate not trusted
Jul 25 15:03:41 organa postfix/smtp [1859] : Unverified: subject_CN=smtp.comcast.net, issuer=VeriSign Class 3 Secure Server CA
Jul 25 15:03:41 organa postfix/smtp [1859] : TLS connection established to smtp.comcast.net: TLSv1 with cipher AES256-SHA (256/256 bits)
Jul 25 15:03:41 organa postfix/smtp [1859] : 7F874402AB: to=<removed@gmail.com>, relay=smtp.comcast.net [204.127.200.17] :25, delay=1.3, delays=0.08/0.09/0.88/0.28, dsn=2.0.0, status=sent (250 ok ; id=2007072519034101100rpf9fe)


Running Etch and postfix (as you can see).

 

Posted by Alucard on Wed 13 Jun 2007 at 20:20
Tags: none.

When I was learning Debian, I was told to use apt-get, and I never used anything else, until now. I'd read that aptitude was better than apt-get at resolving dependencies, but I'd never seen proof before, nor had want or need to use it over apt-get.

For context, I run a (personal) Debian Etch server that has the ability to install some packages from Lenny, using apt-preferences. I keep almost everything on Etch's version, but some packages, such as my web and e-mail server, I like to keep more up to date. I know a little about Linux and Debian after a year of running it on the server and a few months on a laptop, but I don't claim to be a guru.

So about two weeks ago, an update to lighttpd (1.4.15) made it to Lenny. This new version required a new libc6, which.. well, see for yourself:

alucard@organa:~$ sudo apt-get install -t testing lighttpd
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  libc6 libc6-dev locales tzdata
Suggested packages:
  glibc-doc apache2-utils
The following packages will be REMOVED:
  alien binutils debhelper dpkg-dev g++ g++-3.3 g++-4.1 gcc gcc-3.3 gcc-4.1 libapr0-dev
  libstdc++5-3.3-dev libstdc++6-4.1-dev libtool php4-dev
The following packages will be upgraded:
  libc6 libc6-dev lighttpd locales tzdata
5 upgraded, 0 newly installed, 15 to remove and 276 not upgraded.
Need to get 12.6MB of archives.
After unpacking 41.1MB disk space will be freed.
Do you want to continue [Y/n]?

This gave me pause.. why do I need to remove gcc and its friends, among others, in order to upgrade my Web server? In addition, when I tried to install the latest version of gcc from Lenny, I was told I already had the newest version, so I was afraid to run this and then be left without a gcc (which may be a silly fear, but I don't know for sure). I futzed around and asked around, but didn't take any action. Until yesterday, when I had the idea of seeing if aptitude was as good as I had heard. So, after an aptitude keep-all:

alucard@organa:~$ sudo aptitude install -t testing lighttpd
Reading package lists... Done
Building dependency tree... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
Building tag database... Done
The following packages are BROKEN:
  libc6-dev locales
The following packages have been kept back:
  [snip 330 packages]
The following packages will be upgraded:
  libc6 lighttpd
2 packages upgraded, 0 newly installed, 0 to remove and 330 not upgraded.
Need to get 4842kB of archives. After unpacking 295kB will be freed.
The following packages have unmet dependencies:
  locales: Depends: glibc-2.3.6.ds1-1 which is a virtual package.
  libc6-dev: Depends: libc6 (= 2.3.6.ds1-13) but 2.5-9+b1 is to be installed.
Resolving dependencies...
The following actions will resolve these dependencies:
 
Upgrade the following packages:
binutils [2.17-3 (stable, now) -> 2.17cvs20070426-8 (testing)]
libc6-dev [2.3.6.ds1-13 (stable, now) -> 2.5-9+b1 (testing)]
locales [2.3.6.ds1-13 (stable, now) -> 2.5-9 (testing)]
 
Score is -100
 
Accept this solution? [Y/n/q/?]

No needing to remove gcc and friends, no need to remove anything, in fact. After inspecting this output, I gladly accepted, and it went without a hitch (well, other than lighttpd suddenly not liking server.stat-cache-engine = fam, which has nothing to do with apt-get vs aptitude).

From now on I am going to try to use aptitude, though typing apt-get is so ingrained into my memory (brain and muscle), it will probably be hard. I recommend others use for anything more than a simple one-package install, too, if you aren't already.