Categories
Debian

Debian 6.0 to 7.0 upgrade issues…

I upgraded from Debian 6.0 (Squeeze) to Debian 7.0 (Wheezy) today. In general the upgrade was relatively painless, but as always some things went worse than they could… 🙁

My local Subversion repository is using a Berkeley DB, and the underlying BDB version went up from 4.8 to 5.1. In consequence I got an error when I wanted to check in a changed config file:

svn: DB_VERSION_MISMATCH: Database environment version mismatch
svn: bdb: Program version 5.1 doesn't match environment version 4.8

I remember that this has already been an issue with the last major Debian upgrade… Did I miss something in the release notes or package doc, or did the Debian folks miss this one?!

Anyway, here’s how to repair the above (based on instructions found here). Install packages db4.8-util and db5.1-util and execute the following commands:

# cd /path/to/repo
# db4.8_checkpoint -1
# db4.8_recover
# db4.8_archive
log.0000000024
# svnlook youngest ..
746
# db5.1_archive -d

Afterwards you can remove the two packages again.

Next thing I noticed

Categories
Computers Mac

Mac OS X “svn” client doesn’t know about common CA certs

I recently stumbled across a problem with Mac OS X Leopard’s “svn” (Subversion) client which doesn’t know about common root CAs (such as Thawte in my case,) even tho they are in the system keychain (which you can view using “Keychain Access.”)

It turned out that it only uses the certificates it find in /System/Library/OpenSSL/certs.

The strange thing is that the Thawte certificate in fact is already present on Mac OS, but it’s inside /usr/share/curl/curl-ca-bundle.crt, which svn doesn’t know about. So what I did to make it work is the following:

I extracted the certificate from /usr/share/curl/curl-ca-bundle.crt and copied it to /tmp/thawte.pem. I then determined the hash of the certificate as follows and created a link to the original certificate bundle (as superuser!):

#openssl x509 -in /tmp/thawte.pem -noout -hash
ddc328ff
#ln -s /usr/share/curl/curl-ca-bundle.crt /System/Library/OpenSSL/certs/ddc328ff.0

VoilĂ ! Now I could connect to our Subversion repository without receiving a warning like the following:

Error validating server certificate for 'https://our.repos.de:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!