Problem uploading key to depot


#1

Hi, new problem with following Learn Chef (https://learn.chef.io/modules/hab-build-web-app#/) , this time with uploading a public key to the depot

The output here:

Kimballs-MBP:~ kimball$ RUST_LOG=debug hab origin key upload --pubfile ~/.hab/cache/keys/drrk-20180111214103.pub
DEBUG 2018-07-19T14:49:58Z: habitat_common::ui: UI { shell: Shell { input: InputStream { isatty: true }, out: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true }, err: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true } } }
DEBUG 2018-07-19T14:49:58Z: hab: clap cli args: ["hab", "origin", "key", "upload", "--pubfile", "/Users/kimball/.hab/cache/keys/drrk-20180111214103.pub"]
DEBUG 2018-07-19T14:49:58Z: hab: remaining cli args: []
DEBUG 2018-07-19T14:49:58Z: habitat_http_client::api_client: Client socket timeout: 120 secs
DEBUG 2018-07-19T14:49:58Z: habitat_http_client::api_client: User-Agent: hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)
» Uploading public origin key /Users/kimball/.hab/cache/keys/drrk-20180111214103.pub
↑ Uploading /Users/kimball/.hab/cache/keys/drrk-20180111214103.pub
DEBUG 2018-07-19T14:49:58Z: habitat_http_client::api_client: POST https://bldr.habitat.sh/v1/depot/origins/drrk/keys/20180111214103 with ApiClient { endpoint: "https://bldr.habitat.sh/v1", inner: Client { redirect_policy: FollowAll, read_timeout: Some(Duration { secs: 120, nanos: 0 }), write_timeout: Some(Duration { secs: 120, nanos: 0 }), proxy: None }, proxy: None, target_scheme: "https", user_agent_header: UserAgent("hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)") }
DEBUG 2018-07-19T14:49:58Z: hyper::net: http scheme
DEBUG 2018-07-19T14:49:58Z: hyper::net: https scheme
↑ Uploading /Users/kimball/.hab/cache/keys/drrk-20180111214103.pub
DEBUG 2018-07-19T14:50:01Z: habitat_http_client::api_client: POST https://bldr.habitat.sh/v1/depot/origins/drrk/keys/20180111214103 with ApiClient { endpoint: "https://bldr.habitat.sh/v1", inner: Client { redirect_policy: FollowAll, read_timeout: Some(Duration { secs: 120, nanos: 0 }), write_timeout: Some(Duration { secs: 120, nanos: 0 }), proxy: None }, proxy: None, target_scheme: "https", user_agent_header: UserAgent("hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)") }
DEBUG 2018-07-19T14:50:01Z: hyper::net: http scheme
DEBUG 2018-07-19T14:50:01Z: hyper::net: https scheme
↑ Uploading /Users/kimball/.hab/cache/keys/drrk-20180111214103.pub
DEBUG 2018-07-19T14:50:04Z: habitat_http_client::api_client: POST https://bldr.habitat.sh/v1/depot/origins/drrk/keys/20180111214103 with ApiClient { endpoint: "https://bldr.habitat.sh/v1", inner: Client { redirect_policy: FollowAll, read_timeout: Some(Duration { secs: 120, nanos: 0 }), write_timeout: Some(Duration { secs: 120, nanos: 0 }), proxy: None }, proxy: None, target_scheme: "https", user_agent_header: UserAgent("hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)") }
DEBUG 2018-07-19T14:50:04Z: hyper::net: http scheme
DEBUG 2018-07-19T14:50:04Z: hyper::net: https scheme
↑ Uploading /Users/kimball/.hab/cache/keys/drrk-20180111214103.pub
DEBUG 2018-07-19T14:50:07Z: habitat_http_client::api_client: POST https://bldr.habitat.sh/v1/depot/origins/drrk/keys/20180111214103 with ApiClient { endpoint: "https://bldr.habitat.sh/v1", inner: Client { redirect_policy: FollowAll, read_timeout: Some(Duration { secs: 120, nanos: 0 }), write_timeout: Some(Duration { secs: 120, nanos: 0 }), proxy: None }, proxy: None, target_scheme: "https", user_agent_header: UserAgent("hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)") }
DEBUG 2018-07-19T14:50:07Z: hyper::net: http scheme
DEBUG 2018-07-19T14:50:07Z: hyper::net: https scheme
↑ Uploading /Users/kimball/.hab/cache/keys/drrk-20180111214103.pub
DEBUG 2018-07-19T14:50:10Z: habitat_http_client::api_client: POST https://bldr.habitat.sh/v1/depot/origins/drrk/keys/20180111214103 with ApiClient { endpoint: "https://bldr.habitat.sh/v1", inner: Client { redirect_policy: FollowAll, read_timeout: Some(Duration { secs: 120, nanos: 0 }), write_timeout: Some(Duration { secs: 120, nanos: 0 }), proxy: None }, proxy: None, target_scheme: "https", user_agent_header: UserAgent("hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)") }
DEBUG 2018-07-19T14:50:10Z: hyper::net: http scheme
DEBUG 2018-07-19T14:50:10Z: hyper::net: https scheme
✗✗✗
✗✗✗ Upload failed: We tried 5 times but could not upload drrk/20180111214103 public origin key. Giving up.
✗✗✗

#2

@kimball, what do you see if you

cat $HOME/.hab/etc/cli.toml

? You can paste the output here but remove the secret auth_token first.


#3

Kimballs-MBP:~ kimball$ cat $HOME/.hab/etc/cli.toml
auth_token = “–redacted–”
origin = “drrk”


#4

Is that auth token in the ‘new’ format? There was a switch away from GitHub-style tokens some time ago, but some of us still have the old tokens lying around.

Also, are you able to do things like

hab pkg search core/grep

successfully?


#5

No, I get this error:

Kimballs-MBP:~ kimball$ RUST_LOG=debug hab pkg search core/grep
DEBUG 2018-07-19T15:58:06Z: habitat_common::ui: UI { shell: Shell { input: InputStream { isatty: true }, out: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true }, err: OutputStream { coloring: Auto, isatty: true, is_colored(): true, supports_color(): true } } }
DEBUG 2018-07-19T15:58:06Z: hab: clap cli args: ["hab", "pkg", "search", "core/grep"]
DEBUG 2018-07-19T15:58:06Z: hab: remaining cli args: []
DEBUG 2018-07-19T15:58:06Z: habitat_http_client::api_client: Client socket timeout: 120 secs
DEBUG 2018-07-19T15:58:06Z: habitat_http_client::api_client: User-Agent: hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)
DEBUG 2018-07-19T15:58:06Z: habitat_http_client::api_client: GET https://bldr.habitat.sh/v1/depot/pkgs/search/core%2Fgrep with ApiClient { endpoint: "https://bldr.habitat.sh/v1", inner: Client { redirect_policy: FollowAll, read_timeout: Some(Duration { secs: 120, nanos: 0 }), write_timeout: Some(Duration { secs: 120, nanos: 0 }), proxy: None }, proxy: None, target_scheme: "https", user_agent_header: UserAgent("hab/0.59.0/20180712162348 (x86_64-darwin; 17.6.0)") }
DEBUG 2018-07-19T15:58:06Z: hyper::net: http scheme
DEBUG 2018-07-19T15:58:06Z: hyper::net: https scheme
✗✗✗
✗✗✗ the handshake failed: The OpenSSL library reported an error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264:: unable to get local issuer certificate
✗✗✗

I regenerated the auth token quite recently as I had forgotten it, so I hope it’s in the new format.


#6

unable to get local issuer certificate seems like the core of the problem to me. Is your local time correct? Clock sync is a common cause of TLS/SSL errors IIRC.


#7

SHould be, the mac is setup to use ntp time.

Kimball


#8

Did you install Habitat through the curlbash script, or homebrew? There have been issues reported with the Apple provided TLS implementation, that our homebrew install will resolve.

Reference: SSL error on MacOS
https://github.com/habitat-sh/habitat/issues/4871


#9

I don’t use homebrew at all, I just copied the binary into /usr/local/bin

I will see if I can get it fixed looking at that issue.


#10

Okay so I downloaded a CA bundle from http://curl.haxx.se/ca/cacert.pem and placed it in /usr/local/share

I then ran export SSL_CERT_FILE=/usr/local/share/cacert.pem and all started to work.

Thanks!