Shore
10 May 2023 00:29
1
Hi I’m trying to update AUR but failed due to unacceptable TLS certificate, the error message as follow
[shore@shore-82b6 manjaro_note]$ sudo pamac update
警告: 以动态用户身份构建软件包
警告: 将构建目录设置为 /var/cache/pamac
正在准备...
正在同步软件包数据库...
https://aur.manjaro.org/packages-meta-ext-v1.json.gz: 无法接受的 TLS 证书
AUR 数据库同步失败
The OS is Chinese and it says “Failed to synchronize AUR database due to Unacceptable TLS certificate”
I googled some of the post in community said to process as follow, but still not work:
[shore@shore-82b6 manjaro_note]$ sudo pacman-mirrors --fasttrack=5 && sudo pacman -Syyu
[sudo] shore 的密码:
::INFO Downloading mirrors from Manjaro
::INFO => Mirror pool: https://repo.manjaro.org/mirrors.json
::INFO => Mirror status: https://repo.manjaro.org/status.json
::INFO Using custom mirror file
::INFO Querying mirrors - This may take some time
0.307 China : https://mirrors.pku.edu.cn/manjaro/
::INFO Writing mirror list
::China : https://mirrors.pku.edu.cn/manjaro/stable/$repo/$arch
::INFO Mirror list generated and saved to: /etc/pacman.d/mirrorlist
:: 正在同步软件包数据库...
core 141.1 KiB 595 KiB/s 00:00 [########################################################################################] 100%
extra 1640.5 KiB 7.52 MiB/s 00:00 [########################################################################################] 100%
community 6.8 MiB 1853 KiB/s 00:04 [########################################################################################] 100%
multilib 145.2 KiB 1320 KiB/s 00:00 [########################################################################################] 100%
archlinuxcn 2.2 MiB 1710 KiB/s 00:01 [########################################################################################] 100%
:: 正在进行全面系统更新...
警告:manjaro-hello:本地 (0.7.0-6) 比 extra 的版本更新 (0.7.0-5)
今日无事可做
[shore@shore-82b6 manjaro_note]$ sudo pamac update --force-refresh
警告: 以动态用户身份构建软件包
警告: 将构建目录设置为 /var/cache/pamac
正在准备...
正在同步软件包数据库...
正在更新 core.db...
正在更新 extra.db...
正在更新 community.db...
正在更新 multilib.db...
正在更新 archlinuxcn.db...
警告: archlinuxcn.db: 缺失锁文件 /var/tmp/pamac/dbs/db.lck
正在更新 core.files...
正在更新 extra.files...
正在更新 community.files...
正在更新 multilib.files...
正在更新 archlinuxcn.files...
https://aur.manjaro.org/packages-meta-ext-v1.json.gz: 无法接受的 TLS 证书
AUR 数据库同步失败
I also tried to delete file /var/tmp/pamac-build-<my name> but still not work
I’m in China and tried multiple network with and without VPN, it seems all the same.
Thus I’m here to ask how I sould update AUR database
Shore:
sudo pamac update
Dont use sudo with pamac
Shore:
archlinuxcn.files
Extra repo of course
Very old problem.
Also please use search next time.
2 Likes
Shore
10 May 2023 01:12
3
Hi I did search and tried the following:
using pamac update --force-refresh
delete /var/tmp/pamac-build-<my name> and re-try
Unfortunately, neither method works for me.
My system info as follow:
System:
Kernel: 6.2.13-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 12.2.1
parameters: BOOT_IMAGE=/boot/vmlinuz-6.2-x86_64
root=UUID=96b34307-f692-4f94-9794-44000419d5a7 rw quiet
udev.log_priority=3
Desktop: Xfce v: 4.18.1 tk: Gtk v: 3.24.36 info: xfce4-panel wm: xfwm
v: 4.18.0 vt: 7 dm: LightDM v: 1.32.0 Distro: Manjaro Linux base: Arch Linux
Machine:
Type: Laptop System: LENOVO product: 82B6 v: Lenovo Legion R7000 2020
serial: <superuser required> Chassis: type: 10 v: Lenovo Legion R7000 2020
serial: <superuser required>
Mobo: LENOVO model: LNVNB161216 v: SDK0L77769 WIN
serial: <superuser required> UEFI: LENOVO v: EUCN31WW date: 01/01/2021
Battery:
ID-1: BAT0 charge: 53.7 Wh (100.0%) condition: 53.7/60.0 Wh (89.5%)
volts: 16.9 min: 15.4 model: Celxpert L19C4PC0 type: Li-poly serial: <filter>
status: full cycles: 44
ID-2: hidpp_battery_0 charge: 55% condition: N/A volts: 3.8 min: N/A
model: Logitech G903 LIGHTSPEED Wireless Gaming Mouse w/ HERO type: N/A
serial: <filter> status: discharging
Memory:
System RAM: available: 30.73 GiB used: 10.54 GiB (34.3%)
RAM Report: permissions: Unable to run dmidecode. Root privileges required.
CPU:
Info: model: AMD Ryzen 7 4800H with Radeon Graphics bits: 64 type: MT MCP
arch: Zen 2 gen: 3 level: v3 note: check built: 2020-22
process: TSMC n7 (7nm) family: 0x17 (23) model-id: 0x60 (96) stepping: 1
microcode: 0x8600106
Topology: cpus: 1x cores: 8 tpc: 2 threads: 16 smt: enabled cache:
L1: 512 KiB desc: d-8x32 KiB; i-8x32 KiB L2: 4 MiB desc: 8x512 KiB L3: 8 MiB
desc: 2x4 MiB
Speed (MHz): avg: 1399 high: 1400 min/max: 1400/2900 boost: enabled
scaling: driver: acpi-cpufreq governor: schedutil cores: 1: 1400 2: 1397
3: 1400 4: 1400 5: 1400 6: 1397 7: 1400 8: 1400 9: 1400 10: 1400 11: 1400
12: 1400 13: 1397 14: 1400 15: 1400 16: 1400 bogomips: 92656
Flags: 3dnowprefetch abm adx aes aperfmperf apic arat avic avx avx2 bmi1
bmi2 bpext cat_l3 cdp_l3 clflush clflushopt clwb clzero cmov cmp_legacy
constant_tsc cpb cppc cpuid cqm cqm_llc cqm_mbm_local cqm_mbm_total
cqm_occup_llc cr8_legacy cx16 cx8 de decodeassists extapic extd_apicid
f16c flushbyasid fma fpu fsgsbase fxsr fxsr_opt ht hw_pstate ibpb ibrs ibs
irperf lahf_lm lbrv lm mba mca mce misalignsse mmx mmxext monitor movbe
msr mtrr mwaitx nonstop_tsc nopl npt nrip_save nx osvw overflow_recov pae
pat pausefilter pclmulqdq pdpe1gb perfctr_core perfctr_llc perfctr_nb
pfthreshold pge pni popcnt pse pse36 rapl rdpid rdpru rdrand rdseed rdt_a
rdtscp rep_good sep sha_ni skinit smap smca smep ssbd sse sse2 sse4_1
sse4_2 sse4a ssse3 stibp succor svm svm_lock syscall tce topoext tsc
tsc_scale umip v_spec_ctrl v_vmsave_vmload vgif vmcb_clean vme vmmcall
wbnoinvd wdt xgetbv1 xsave xsavec xsaveerptr xsaveopt
Vulnerabilities:
Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: mmio_stale_data status: Not affected
Type: retbleed mitigation: untrained return thunk; SMT enabled with STIBP
protection
Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
sanitization
Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, STIBP:
always-on, RSB filling, PBRSB-eIBRS: Not affected
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: NVIDIA TU117M vendor: Lenovo driver: nvidia v: 530.41.03
alternate: nouveau,nvidia_drm non-free: 530.xx+
status: current (as of 2023-05) arch: Turing code: TUxxx
process: TSMC 12nm FF built: 2018-22 pcie: gen: 2 speed: 5 GT/s lanes: 8
link-max: gen: 3 speed: 8 GT/s lanes: 16 bus-ID: 01:00.0 chip-ID: 10de:1f99
class-ID: 0300
Device-2: IMC Networks Integrated Camera driver: uvcvideo type: USB
rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 1-3:3 chip-ID: 13d3:56ff
class-ID: 0e02
Display: x11 server: X.Org v: 21.1.8 compositor: xfwm v: 4.18.0 driver: X:
loaded: nvidia gpu: nvidia display-ID: :0.0 screens: 1
Screen-1: 0 s-res: 4480x1440 s-dpi: 96 s-size: 1185x381mm (46.65x15.00")
s-diag: 1245mm (49.01")
Monitor-1: DP-2 pos: primary,left res: 1920x1080 hz: 60 dpi: 142
size: 344x194mm (13.54x7.64") diag: 395mm (15.55") modes: N/A
Monitor-2: HDMI-0 pos: right res: 2560x1440 hz: 60 dpi: 109
size: 597x336mm (23.5x13.23") diag: 685mm (26.97") modes: N/A
API: OpenGL Message: Unable to show GL data. Required tool glxinfo missing.
Audio:
Device-1: NVIDIA driver: snd_hda_intel v: kernel pcie: gen: 2 speed: 5 GT/s
lanes: 8 link-max: gen: 3 speed: 8 GT/s lanes: 16 bus-ID: 01:00.1
chip-ID: 10de:10fa class-ID: 0403
Device-2: AMD ACP/ACP3X/ACP6x Audio Coprocessor vendor: Lenovo driver: N/A
alternate: snd_pci_acp3x, snd_rn_pci_acp3x, snd_pci_acp5x, snd_pci_acp6x,
snd_acp_pci, snd_rpl_pci_acp6x, snd_pci_ps, snd_sof_amd_renoir,
snd_sof_amd_rembrandt pcie: gen: 4 speed: 16 GT/s lanes: 16 bus-ID: 06:00.5
chip-ID: 1022:15e2 class-ID: 0480
Device-3: AMD Family 17h/19h HD Audio vendor: Lenovo driver: snd_hda_intel
v: kernel pcie: gen: 4 speed: 16 GT/s lanes: 16 bus-ID: 06:00.6
chip-ID: 1022:15e3 class-ID: 0403
API: ALSA v: k6.2.13-1-MANJARO status: kernel-api with: aoss
type: oss-emulator tools: alsactl,alsamixer,amixer
Server-1: JACK v: 1.9.22 status: off tools: N/A
Server-2: PipeWire v: 0.3.70 status: off tools: pw-cli
Server-3: PulseAudio v: 16.1 status: active with: pulseaudio-alsa
type: plugin tools: pacat,pactl,pavucontrol
Network:
Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
vendor: Lenovo driver: r8169 v: kernel pcie: gen: 1 speed: 2.5 GT/s lanes: 1
port: 1000 bus-ID: 03:00.0 chip-ID: 10ec:8168 class-ID: 0200
IF: eno1 state: down mac: <filter>
Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel pcie: gen: 2
speed: 5 GT/s lanes: 1 bus-ID: 04:00.0 chip-ID: 8086:2723 class-ID: 0280
IF: wlp4s0 state: up mac: <filter>
IP v4: <filter> type: dynamic noprefixroute scope: global
broadcast: <filter>
IP v6: <filter> type: noprefixroute scope: link
IF-ID-1: docker0 state: down mac: <filter>
IP v4: <filter> scope: global broadcast: <filter>
IF-ID-2: tun0 state: unknown speed: 10000 Mbps duplex: full mac: N/A
IP v4: <filter> scope: global
Message: Output throttled. IPs: 2; Limit: 10; Override: --limit [1-x;-1
all]
WAN IP: <filter>
Bluetooth:
Device-1: Intel AX200 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 3-3:4 chip-ID: 8087:0029
class-ID: e001
Report: rfkill ID: hci0 rfk-id: 3 state: up address: see --recommends
Logical:
Message: No logical block device data found.
RAID:
Message: No RAID data found.
Drives:
Local Storage: total: 2.29 TiB used: 169.13 GiB (7.2%)
SMART Message: Required tool smartctl not installed. Check --recommends
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Western Digital
model: WDS200T2B0C-00PXH0 size: 1.82 TiB block-size: physical: 512 B
logical: 512 B speed: 31.6 Gb/s lanes: 4 tech: SSD serial: <filter>
fw-rev: 21705000 temp: 32.9 C scheme: GPT
ID-2: /dev/nvme1n1 maj-min: 259:3 vendor: Samsung model: MZVLB512HBJQ-000L2
size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
lanes: 4 tech: SSD serial: <filter> fw-rev: 3L1QEXF7 temp: 36.9 C
scheme: GPT
Message: No optical or floppy data found.
Partition:
ID-1: / raw-size: 1.82 TiB size: 1.79 TiB (98.37%) used: 169.13 GiB (9.2%)
fs: ext4 dev: /dev/nvme0n1p2 maj-min: 259:2 label: N/A
uuid: 96b34307-f692-4f94-9794-44000419d5a7
ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
used: 292 KiB (0.1%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
label: NO_LABEL uuid: 3A77-FDA7
Swap:
Alert: No swap data was found.
Unmounted:
ID-1: /dev/nvme1n1p1 maj-min: 259:4 size: 260 MiB fs: vfat label: SYSTEM_DRV
uuid: C0E9-D57A
ID-2: /dev/nvme1n1p2 maj-min: 259:5 size: 16 MiB fs: <superuser required>
label: N/A uuid: N/A
ID-3: /dev/nvme1n1p3 maj-min: 259:6 size: 475.69 GiB fs: ntfs
label: Windows-SSD uuid: 0496EA4896EA39B6
ID-4: /dev/nvme1n1p4 maj-min: 259:7 size: 1000 MiB fs: ntfs
label: WINRE_DRV uuid: 5618EAF418EAD253
USB:
Hub-1: 1-0:1 info: hi-speed hub with single TT ports: 4 rev: 2.0
speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
class-ID: 0900
Device-1: 1-2:2 info: Logitech Lightspeed Receiver type: keyboard,mouse,HID
driver: logitech-djreceiver,usbhid interfaces: 3 rev: 2.0
speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1 power: 98mA
chip-ID: 046d:c539 class-ID: 0300
Device-2: 1-3:3 info: IMC Networks Integrated Camera type: video
driver: uvcvideo interfaces: 2 rev: 2.0 speed: 480 Mb/s (57.2 MiB/s) lanes: 1
mode: 2.0 power: 500mA chip-ID: 13d3:56ff class-ID: 0e02
Hub-2: 2-0:1 info: super-speed hub ports: 2 rev: 3.1
speed: 10 Gb/s (1.16 GiB/s) lanes: 1 mode: 3.2 gen-2x1 chip-ID: 1d6b:0003
class-ID: 0900
Hub-3: 3-0:1 info: hi-speed hub with single TT ports: 4 rev: 2.0
speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
class-ID: 0900
Hub-4: 3-1:2 info: Genesys Logic Hub ports: 2 rev: 2.1
speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 power: 100mA
chip-ID: 05e3:0610 class-ID: 0900
Device-1: 3-2:3 info: Dell KB216 Wired Keyboard type: keyboard,HID
driver: hid-generic,usbhid interfaces: 2 rev: 2.0 speed: 1.5 Mb/s (183 KiB/s)
lanes: 1 mode: 1.0 power: 100mA chip-ID: 413c:2113 class-ID: 0300
Device-2: 3-3:4 info: Intel AX200 Bluetooth type: bluetooth driver: btusb
interfaces: 2 rev: 2.0 speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1
power: 100mA chip-ID: 8087:0029 class-ID: e001
Device-3: 3-4:5 info: Integrated Express ITE Device(8910) type: keyboard
driver: hid-generic,usbhid interfaces: 1 rev: 2.0 speed: 12 Mb/s (1.4 MiB/s)
lanes: 1 mode: 1.1 power: 100mA chip-ID: 048d:c100 class-ID: 0301
Hub-5: 4-0:1 info: super-speed hub ports: 2 rev: 3.1
speed: 10 Gb/s (1.16 GiB/s) lanes: 1 mode: 3.2 gen-2x1 chip-ID: 1d6b:0003
class-ID: 0900
Hub-6: 4-1:2 info: Genesys Logic GL3523 Hub ports: 2 rev: 3.2
speed: 5 Gb/s (596.0 MiB/s) lanes: 1 mode: 3.2 gen-1x1 chip-ID: 05e3:0620
class-ID: 0900
Sensors:
System Temperatures: cpu: 59.4 C mobo: N/A
Fan Speeds (RPM): N/A
Info:
Processes: 416 Uptime: 35m wakeups: 7 Init: systemd v: 252 default: graphical
tool: systemctl Compilers: gcc: 12.2.1 clang: 15.0.7 Packages: pm: pacman
pkgs: 1713 libs: 363 tools: pamac Shell: Bash v: 5.1.16 running-in: code
inxi: 3.3.27
BTW, “How long have you waited on updates?” meaning the time between I typed the command and the error occur??
I mean when was the last time it was updated before now.
1 Like
Shore
10 May 2023 01:40
5
It was yesterday, not long ago
Huh.
pamac --version
PS. Of course in the meantime you can use another aur helper. I would suggest paru … but it is not in the repo’s and yay is … so that is an option. If you want to use it;
sudo pacman -Syu yay
yay -Sua $(pacman -Qmq)
(the yay command will have it update/reinstall all ‘foreign’ packages, to be double sure)
2 Likes
This happens very often - it is due to how cdn77 handles the certificate - if you search for it you will find plenty forum topics.
Something goes wrong with the certificate while in transfer.
The best you can do is to disable the AUR update check - it is default disabled - so revert to default.
There is other means to check for changes to AUR scripts.
Screenshot <a class="lightbox" href="https://forum.manjaro.org/uploads/defau…
1 Like
The certificates are valid. We even switched to the official LetsEncrypt CDN77 provides. The actual issue is OCSP signing with sha1sums, which is not recommended anymore:
Simon B, [27.02.23 15:33]
it is funny, wget throws the same error where as curl works fine
Simon B, [27.02.23 15:58]
❯ openssl s_client -connect aur.manjaro.org:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > acm.pem
❯ openssl s_client -connect aur.manjaro.org:443 -showcerts </dev/null 2>/dev/null > chain.pembundl…
Here is the dev-response to the current issue. (Which confirms what linux-aarhus mentioned, namely that it is a cdn77 issue.)
What worked for me was to run pamac update --force-refresh a few times until at some point it did resolve to downloading the databases.
1 Like
system
14 May 2023 00:11
9
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.