SSL Certificate issues, Organelle_OS 4.1, raspbian-stretch?


I’ve stumbled on what seems to be a certain type of problem with the ca-certificates package in the stretch repositories.
Connecting with SSL to github & …well quite a number of other sites… seem to rely on a certificate bundle that was removed in this package version. Try wget, curl, git client, for example, all have trouble trusting many https endpoints.
Later debian releases have this fixed, but stretch is now deemed EOL & is unlikely to see a fix.
I have a few questions about the underlying OS & how Organelle_OS interfaces with it…

A) is it normal to do a dist-upgrade, or is there a risk of wiping out organelle-imposed settings/customisations/configurations?
B) is it deemed normal to upgrade from stretch to buster and beyond, as long as a safe-enough process is followed?
C) is there any standard Organelle functionality that actually requires SSL connections, or is it just me tinkering around?

Thanks all,

1 Like

I haven’t run into this problem with ca-certificates package, but there is an issue with SSL and connections having to do with the clock. The Organelle doesn’t have a real time clock and it doesn’t seem to update the time correctly when connected to a network, so unless you set the time manually you might run into difficulty with HTTPS. Did you set the time? for example

sudo timedatectl set-time "2022-06-27 12:00" 

This is not recommended since it will probably pull down a new kernel and the Organelle requires a small fix the the kernel to have audio working. Other settings and changes might also be overwritten. The process for making an Organelle disk image starts with a base image and then configures and installs stuff from there. The steps are detailed here. We put some effort into using pi-gen for this, using this as a starting point:

It still might be possible, as long as you make sure all the configs and that change to the kernel are made… but might be easier to start from scratch from the base image which is what we usually do.

There is not.

Thank you very much for the detailed response, especially the rootfs steps.
Incidentally, is there a public branch anywhere with a candidate >4.1 release of Organelle_OS?

FTR: updating the clock with a more recent time did help, thank you.

1 Like

The only thing where the organelle bits me in the bum with it’s outdated ssl is I download from patchstorage with curl. So I have to do curl -k every time. I guess one day this will stop working.

hi _kd - this use of curl was fixed for me by setting the time & date as mentioned by owen.