Category Archives: Ubuntu 8.04 LTS (Hardy Heron)

APT Package Resource List for Old Ubuntu Releases

Package repositories for old Ubuntu releases are dropped from Ubuntu’s upstream package repository and are removed from Ubuntu package mirrors. However, Ubuntu still makes them available here: http://old-releases.ubuntu.com/ubuntu/. Here is an example /etc/apt/sources.list file for Ubuntu Dapper:

#
# /etc/apt/sources.list
# Ubuntu Dapper 6.06
#
 
#
# main and restricted:
#
#   These are the primary package archives.
#
deb     http://old-releases.ubuntu.com/ubuntu dapper main restricted
deb-src http://old-releases.ubuntu.com/ubuntu dapper main restricted
deb     http://old-releases.ubuntu.com/ubuntu dapper-updates main restricted
deb-src http://old-releases.ubuntu.com/ubuntu dapper-updates main restricted
deb     http://old-releases.ubuntu.com/ubuntu dapper-security main restricted
deb-src http://old-releases.ubuntu.com/ubuntu dapper-security main restricted
 
#
# universe:
#
#   Additional software from the larger pool of debian packages.  Gobs and
#   gobs of useful software lives here, however, software from this 
#   repository is ENTIRELY UNSUPPORTED by the Ubuntu team. 
#
#   Note: Some of the software in this repository may not be under a free 
#         licence. Please satisfy yourself as to your rights to use the 
#         software. 
#
#   Note: Software in this repository WILL NOT receive any review or 
#         updates from the Ubuntu security team.
#
deb     http://old-releases.ubuntu.com/ubuntu dapper universe
deb-src http://old-releases.ubuntu.com/ubuntu dapper universe
deb     http://old-releases.ubuntu.com/ubuntu dapper-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu dapper-updates universe
deb     http://old-releases.ubuntu.com/ubuntu dapper-security universe
deb-src http://old-releases.ubuntu.com/ubuntu dapper-security universe
 
#
# multiverse:
#
#  Additional software that is "not free", which means the licensing 
#  requirements of this software do not meet the Ubuntu "main" Component 
#  Licence Policy.
#
#  Note: This software is not supported and usually cannot be fixed or 
#  updated. Use it at your own risk.
deb     http://old-releases.ubuntu.com/ubuntu dapper multiverse
deb-src http://old-releases.ubuntu.com/ubuntu dapper multiverse
deb     http://old-releases.ubuntu.com/ubuntu dapper-updates multiverse
deb-src http://old-releases.ubuntu.com/ubuntu dapper-updates multiverse
deb     http://old-releases.ubuntu.com/ubuntu dapper-security multiverse
deb-src http://old-releases.ubuntu.com/ubuntu dapper-security multiverse
 
#
# backports:
#
#   Software from a newer release of the distribution, or even from the 
#   development branch of the distribution, but built against this release.
#   It may provide newer features, but should be considered untested.
#
#   Note: Software in this repository WILL NOT receive any review or 
#         updates from the Ubuntu security team.
#
#deb     http://old-releases.ubuntu.com/ubuntu dapper-backports main restricted
#deb-src http://old-releases.ubuntu.com/ubuntu dapper-backports main restricted
#deb     http://old-releases.ubuntu.com/ubuntu dapper-backports universe
#deb-src http://old-releases.ubuntu.com/ubuntu dapper-backports universe
#deb     http://old-releases.ubuntu.com/ubuntu dapper-backports multiverse
#deb-src http://old-releases.ubuntu.com/ubuntu dapper-backports multiverse

Here is an example /etc/apt/sources.list file for Ubuntu Hardy:

#
# /etc/apt/sources.list
# Ubuntu Hardy 8.04
#
 
#
# main and restricted:
#
#   These are the primary package archives.
#
deb     http://old-releases.ubuntu.com/ubuntu hardy main restricted
deb-src http://old-releases.ubuntu.com/ubuntu hardy main restricted
deb     http://old-releases.ubuntu.com/ubuntu hardy-updates main restricted
deb-src http://old-releases.ubuntu.com/ubuntu hardy-updates main restricted
deb     http://old-releases.ubuntu.com/ubuntu hardy-security main restricted
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security main restricted
 
#
# universe:
#
#   Additional software from the larger pool of debian packages.  Gobs and
#   gobs of useful software lives here, however, software from this 
#   repository is ENTIRELY UNSUPPORTED by the Ubuntu team. 
#
#   Note: Some of the software in this repository may not be under a free 
#         licence. Please satisfy yourself as to your rights to use the 
#         software. 
#
#   Note: Software in this repository WILL NOT receive any review or 
#         updates from the Ubuntu security team.
#
deb     http://old-releases.ubuntu.com/ubuntu hardy universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy universe
deb     http://old-releases.ubuntu.com/ubuntu hardy-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy-updates universe
deb     http://old-releases.ubuntu.com/ubuntu hardy-security universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security universe
 
#
# multiverse:
#
#  Additional software that is "not free", which means the licensing 
#  requirements of this software do not meet the Ubuntu "main" Component 
#  Licence Policy.
#
#  Note: This software is not supported and usually cannot be fixed or 
#  updated. Use it at your own risk.
deb     http://old-releases.ubuntu.com/ubuntu hardy multiverse
deb-src http://old-releases.ubuntu.com/ubuntu hardy multiverse
deb     http://old-releases.ubuntu.com/ubuntu hardy-updates multiverse
deb-src http://old-releases.ubuntu.com/ubuntu hardy-updates multiverse
deb     http://old-releases.ubuntu.com/ubuntu hardy-security multiverse
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security multiverse
 
#
# backports:
#
#   Software from a newer release of the distribution, or even from the 
#   development branch of the distribution, but built against this release.
#   It may provide newer features, but should be considered untested.
#
#   Note: Software in this repository WILL NOT receive any review or 
#         updates from the Ubuntu security team.
#
#deb     http://old-releases.ubuntu.com/ubuntu hardy-backports main restricted
#deb-src http://old-releases.ubuntu.com/ubuntu hardy-backports main restricted
#deb     http://old-releases.ubuntu.com/ubuntu hardy-backports universe
#deb-src http://old-releases.ubuntu.com/ubuntu hardy-backports universe
#deb     http://old-releases.ubuntu.com/ubuntu hardy-backports multiverse
#deb-src http://old-releases.ubuntu.com/ubuntu hardy-backports multiverse

References

curl: (60) SSL certificate problem, verify that the CA cert is OK

When using curl, you may receive the following error message if you are missing the CA certificate in the directory tree /usr/local/share/ca-certificates/ for the site you are trying to connect to:

user@hardy:/tmp$ curl https://example.com
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
 
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).

The easiest way around this is to turn off curl’s verification of the certificate, using the -k (or –insecure) option. However, the best way is to add the associated CA certificate to your system by following these directions: Adding Additional SSL CA certificates.

On Ubuntu Hardy, curl is compiled to use the file /etc/ssl/certs/ca-certificates.crt. You will see the following when executing curl against a site using HTTPS:

* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none

On Ubuntu Lucid, curl is compiled to use the CA certificate directory /etc/ssl/certs/. You will see the following when executing curl against a site using HTTPS:

* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs

You can override this with the –ca-cert or –capath options.

Adding Additional SSL CA certificates

On Ubuntu, SSL CA certificates are stored in subdirectories of /usr/local/share/ca-certificates. In order to add additional CA certificates, first create a new subdirectory to store your CAs:

sudo mkdir /usr/local/share/ca-certificates/added

Then add your CA certificates to this directory. These files should have a .crt extension (e.g., my_ca.crt). Then append a line for each certificate you add to the configuration file /etc/ca-certificates.conf (e.g., “added/my_ca.crt“). Finally, run

sudo update-ca-certificates --fresh

This command reads the file /etc/ca-certificates.conf, updates the directory /etc/ssl/certs to hold SSL certificates and generates the file /etc/ssl/certs/certificates.crt. The script update-ca-certificates will use the command c_rehash take a hash value of each .crt file. It then creates symbolic links in the directory /etc/ssl/certs for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. /etc/ssl/certs/certificates.crt is a concatenated single-file version of CA certificates. It contains all CA certificates that were activated in /etc/ca-certificates.conf.

Use the file command to verify that the .crt files you add use Unix newline characters, otherwise the /etc/ssl/certs/certificates.crt file may not be generated properly.

References