Thank you all for your attention to this. I really appreciate the diagnosis. Unfortunately, even if they fix it in Jessie, it will likely be a while before it will roll in to Raspbian Jessie.
I was getting ready to do a series of videos on how to build your own EAH Boinc Clusters using the Pi 2 and Pi Zero. I had started to do this in October, back when I was following claggy's instructions for building boinc on Wheezy. When Jessie came out, I thought that would be awesome because it was so much easier to apt-get install boinc-client than compiling software, thus making it more accessible to people. It looks like I could still do that if people use stock jessie, but now I have to teach them to not upgrade ca-certificates or openssl! Maybe I can try to do an image on stretch, but I have to figureo ut how to get a working stretch system myself first (I know more than most at Linux, but still have a lot to learn, especially when it comes to troubleshooting).
The Pi Zero is very interesting because while it takes twice as long / core, the total cost of ownership is significantly less than the Pi 2. The micro sd card and a usb cable are a wash, as they are needed for each platform. A USB hub and some way for your master Zero to get to the internet is all that's needed to build a cluster that scales rather handily thanks to the USB Ethernet Gadget mode (http://pi.gbaman.info/?p=699. My ultimate goal is to get as many Pi Zeros online as possible while also adding a Pi 2 node to my Pi 2 cluster as often as I can. You can see the original Pi Zero prototype cluster here: https://twitter.com/KF7IJZ/status/689206463970041857
So thanks again for the work. Is there anything I can track on another website to see the status of these fixes? Should I try to inform the Raspbian people? Is there anything else I can do to help?
Thank you all for your attention to this. I really appreciate the diagnosis. Unfortunately, even if they fix it in Jessie, it will likely be a while before it will roll in to Raspbian Jessie.
I don't know how the Raspbian and Debian repositories are interconnected. If you know of a way to speed this up please let me know. The ca-certificates package was migrated rather quickly so I hope that a new version that is maybe flagged urgent is quicker.
Quote:
I was getting ready to do a series of videos on how to build your own EAH Boinc Clusters using the Pi 2 and Pi Zero. I had started to do this in October, back when I was following claggy's instructions for building boinc on Wheezy. When Jessie came out, I thought that would be awesome because it was so much easier to apt-get install boinc-client than compiling software, thus making it more accessible to people. It looks like I could still do that if people use stock jessie, but now I have to teach them to not upgrade ca-certificates or openssl! Maybe I can try to do an image on stretch, but I have to figureo ut how to get a working stretch system myself first (I know more than most at Linux, but still have a lot to learn, especially when it comes to troubleshooting).
I added a rebuild of BRP for Stretch on armhf to my todolist. I don't have an ETA, but I'm working on getting this libc problem solved that was mentioned earlier.
Quote:
So thanks again for the work. Is there anything I can track on another website to see the status of these fixes? Should I try to inform the Raspbian people? Is there anything else I can do to help?
The most relevant Debian bugs are these two: 812708 and 812488. I think Raspbian just takes the package from Debian so we have to make them aware when there is a new version (hopefully).
Hi Brian,
i had written your three lines as bash script to get back to the old certificate.
But because I run unattended-upgrades I have to run it every second day.
Is there an option to keep the right certificate?
And how do I get notice when the new certificate which work correct is published?
I will probably announce the resolution in the same technical news item. So far it seems there is no consensus on what to do among the Debian maintainers involved.
Raspbian updated the Jessie image to 20160209 last week, so the image now comes with the bad ca-certificates package. New users attempting to run boinc must now downgrade as course of business or use an archive of Jessie 20151121.
I will update the technical News Item as soon as the Debian maintainers fixed it. There is nothing we can do about the issue apart from nagging them about it.
For the record: I tracked
)
For the record: I tracked this down to at least two bug reports for OpenSSL, which confirm that a fix is available as of v1.0.2:
https://rt.openssl.org/Ticket/Display.html?id=3637
https://rt.openssl.org/Ticket/Display.html?id=3621
(login explained here)
We're also pursuing to get this fixed in Debian Jessie itself...
Oliver
Einstein@Home Project
Thank you all for your
)
Thank you all for your attention to this. I really appreciate the diagnosis. Unfortunately, even if they fix it in Jessie, it will likely be a while before it will roll in to Raspbian Jessie.
I was getting ready to do a series of videos on how to build your own EAH Boinc Clusters using the Pi 2 and Pi Zero. I had started to do this in October, back when I was following claggy's instructions for building boinc on Wheezy. When Jessie came out, I thought that would be awesome because it was so much easier to apt-get install boinc-client than compiling software, thus making it more accessible to people. It looks like I could still do that if people use stock jessie, but now I have to teach them to not upgrade ca-certificates or openssl! Maybe I can try to do an image on stretch, but I have to figureo ut how to get a working stretch system myself first (I know more than most at Linux, but still have a lot to learn, especially when it comes to troubleshooting).
The Pi Zero is very interesting because while it takes twice as long / core, the total cost of ownership is significantly less than the Pi 2. The micro sd card and a usb cable are a wash, as they are needed for each platform. A USB hub and some way for your master Zero to get to the internet is all that's needed to build a cluster that scales rather handily thanks to the USB Ethernet Gadget mode (http://pi.gbaman.info/?p=699. My ultimate goal is to get as many Pi Zeros online as possible while also adding a Pi 2 node to my Pi 2 cluster as often as I can. You can see the original Pi Zero prototype cluster here: https://twitter.com/KF7IJZ/status/689206463970041857
So thanks again for the work. Is there anything I can track on another website to see the status of these fixes? Should I try to inform the Raspbian people? Is there anything else I can do to help?
My YouTube Channel: https://www.youtube.com/user/KF7IJZ
Follow me on Twitter: https://twitter.com/KF7IJZ
RE: Thank you all for your
)
I don't know how the Raspbian and Debian repositories are interconnected. If you know of a way to speed this up please let me know. The ca-certificates package was migrated rather quickly so I hope that a new version that is maybe flagged urgent is quicker.
I added a rebuild of BRP for Stretch on armhf to my todolist. I don't have an ETA, but I'm working on getting this libc problem solved that was mentioned earlier.
The most relevant Debian bugs are these two: 812708 and 812488. I think Raspbian just takes the package from Debian so we have to make them aware when there is a new version (hopefully).
Raspbian Bug Here - Please go
)
Raspbian Bug Here - Please go up vote! https://bugs.launchpad.net/raspbian/+bug/1538821
My YouTube Channel: https://www.youtube.com/user/KF7IJZ
Follow me on Twitter: https://twitter.com/KF7IJZ
RE: Edit: Here is what I
)
This patch worked for me. (I was unable to attach the project)
Expanding the edge of Science.
Hi Brian, i had written your
)
Hi Brian,
i had written your three lines as bash script to get back to the old certificate.
But because I run unattended-upgrades I have to run it every second day.
Is there an option to keep the right certificate?
And how do I get notice when the new certificate which work correct is published?
regards
Veit
RE: Is there an option to
)
Yes there is: Attention when updating Debian stable (Jessie)
I will probably announce the resolution in the same technical news item. So far it seems there is no consensus on what to do among the Debian maintainers involved.
Raspbian updated the Jessie
)
Raspbian updated the Jessie image to 20160209 last week, so the image now comes with the bad ca-certificates package. New users attempting to run boinc must now downgrade as course of business or use an archive of Jessie 20151121.
My YouTube Channel: https://www.youtube.com/user/KF7IJZ
Follow me on Twitter: https://twitter.com/KF7IJZ
Hi, i have stopped
)
Hi,
i have stopped updating the certificates with
echo ca-certificates hold | dpkg --set-selections
Will we be noticed when the failure is fixed?
regards
Veit
I will update the technical
)
I will update the technical News Item as soon as the Debian maintainers fixed it. There is nothing we can do about the issue apart from nagging them about it.