[yocto] Working behind a Palo Alto firewall/proxy

Greg Wilson-Lindberg GWilson at sakuraus.com
Thu Sep 7 09:28:19 PDT 2017 

Hi Andre,


Here is the complete error output:

ERROR: qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch: Fetcher failure: Fetch command export DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-9ReQWXYEk1"; export SSH_AUTH_SOCK="/run/user/1000/keyring-4PGABB/ssh"; export PATH="/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/poky/scripts:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/bin/arm-poky-linux-gnueabi:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/raspberrypi3/usr/bin/crossscripts:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/sbin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/usr/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/sbin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/sysroots/x86_64-linux/bin:/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/poky/scripts:/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/poky/bitbake/bin:/home/gwilson/TEE:/home/gwilson/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/microchip/xc32/v1.34/bin:/home/gwilson/RPi3/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin"; export HOME="/home/gwilson"; LANG=C git -c core.fsyncobjectfiles=0 clone --bare --mirror http://codereview.qt-project.org/qt/qtdeviceutilities /home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/../downloads/git2/codereview.qt-project.org.qt.qtdeviceutilities --progress failed with exit code 128, output:
Cloning into bare repository '/home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/../downloads/git2/codereview.qt-project.org.qt.qtdeviceutilities'...
fatal: unable to access 'https://codereview.qt-project.org/qt/qtdeviceutilities/': server certificate verification failed. CAfile: /usr/share/ca-certificates/cert_Decryption-Certificate.pem CRLfile: none

ERROR: qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch: Fetcher failure for URL: 'git://codereview.qt-project.org/qt/qtdeviceutilities;nobranch=1;protocol=http'. Unable to fetch URL from any source.
ERROR: qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch: Function failed: base_do_fetch
ERROR: Logfile of failure stored in: /home/gwilson/Qt-5.9/Yocto-build-RPi3/build-raspberrypi3/tmp/work/cortexa7hf-neon-vfpv4-poky-linux-gnueabi/qtdeviceutilities/5.9.1+gitAUTOINC+48fb704e64-r0/temp/log.do_fetch.8128
ERROR: Task (/home/gwilson/Qt-5.9/Yocto-build-RPi3/sources/meta-boot2qt/recipes-qt/qt5/qtdeviceutilities.bb:do_fetch) failed with exit code '1'

So it looks like:

qtdeviceutilities-5.9.1+gitAUTOINC+48fb704e64-r0 do_fetch

is what's running.



________________________________
From: Andre McCurdy <armccurdy at gmail.com>
Sent: Wednesday, September 6, 2017 6:34:07 PM
To: Greg Wilson-Lindberg
Cc: yocto at yoctoproject.org
Subject: Re: [yocto] Working behind a Palo Alto firewall/proxy

On Wed, Sep 6, 2017 at 2:42 PM, Greg Wilson-Lindberg
<GWilson at sakuraus.com> wrote:
> Hi List,
>
> Does anybody have any experience trying to run Yocto behind a Palo Alto
> firewall. The Palo Alto firewall basically works as a Man in the Middle
> system, it hands out its own certificate to boxes behind it and then
> decrypts and re-encrypts traffic going through it. The Palo Alto box is
> supposed to act as a transparent Proxy.
>
> I'm getting an error that the 'server certificate verification failed' about
> an hour into a yocto build. The certificate that the Palo Alto box is
> sending to my system is self-signed so will fail if checked for a valid root
> CA, and also is not from whatever site is being downloaded from.

Which site is being downloaded from and at which point in the build
(ie which recipe and task) ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20170907/fc8c77e2/attachment.html>

More information about the yocto mailing list