www.delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2022/02/11/10:09:11

X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C8414385840E
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
header.from=dronecode.org.uk
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk
Authentication-Results: btinternet.com;
auth=pass (PLAIN) smtp.auth=jonturney AT btinternet DOT com;
bimi=skipped
X-SNCR-Rigid: 613A8DE81430F8DC
X-Originating-IP: [86.139.167.74]
X-OWM-Source-IP: 86.139.167.74 (GB)
X-OWM-Env-Sender: jonturney AT btinternet DOT com
X-VadeSecure-score: verdict=clean score=0/300, class=clean
X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvvddrieefgdejudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfuffvfhfhjggtgfesthekredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnheptdeijeeijeehtdeftdehteeggfegfeeifeeufedthfdtudfgfeffjedtudfgueehnecuffhomhgrihhnpegthihgfihinhdrtghomhdpmhhirhhrohhrihhfihhtphhrvghsvghnthhsrggtrhhlughovghsnhhtmhgrkhgvrghlohhtohhfshgvnhhsvgdrihhmpdhhthhtphhsthhotgihghifihhnrdgtohhmpdhhthhtphhnohhpvghfohhrthhhvghrvggrshhonhhsrghlrhgvrgguhihgihhvvghnsgihrggurghmrdhiugenucfkphepkeeirddufeelrdduieejrdejgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedruddruddtfegnpdhinhgvthepkeeirddufeelrdduieejrdejgedpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtoheptgihghifihhnsegthihgfihi
nhdrtghomhdprhgtphhtthhopehvrghnuggrrdhvohgukhgrmhhilhhkvghvihgthhesghhmrghilhdrtghomh
X-RazorGate-Vade-Verdict: clean 0
X-RazorGate-Vade-Classification: clean
Message-ID: <7bec0294-c042-0e42-dca7-352fd108534e@dronecode.org.uk>
Date: Fri, 11 Feb 2022 15:08:14 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Subject: Re: Setup 2.917 fails to load mirror list
To: Vanda Vodkamilkevich <vanda DOT vodkamilkevich AT gmail DOT com>,
The Cygwin Mailing List <cygwin AT cygwin DOT com>
References: <CA+GYywBGDf7wiFWtYaqFTyBaQjVjTBYynqg11EtJiv87XCXCmw AT mail DOT gmail DOT com>
<904e9b5c-bd3e-9afc-1512-c5e659156dec AT dronecode DOT org DOT uk>
<CA+GYywDYS8f54E_B1zkcsn1otgNGJJyqBy+RiEq4unxS3ter+A AT mail DOT gmail DOT com>
<6188769f-6250-384e-cfac-be2b460c872e AT dronecode DOT org DOT uk>
<CA+GYywBfXptowQ-2oAOyvUfxXxoG_gE+q774qg1MSHigr0Mbqg AT mail DOT gmail DOT com>
From: Jon Turney <jon DOT turney AT dronecode DOT org DOT uk>
In-Reply-To: <CA+GYywBfXptowQ-2oAOyvUfxXxoG_gE+q774qg1MSHigr0Mbqg@mail.gmail.com>
X-Spam-Status: No, score=-3570.7 required=5.0 tests=BAYES_00, FORGED_SPF_HELO,
KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE,
SPF_HELO_PASS, SPF_NONE, TXREP,
T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 21BF9AN5032184 

On 10/02/2022 14:49, Vanda Vodkamilkevich wrote:
> Le jeu. 10 févr. 2022 à 14:54, Jon Turney a écrit :
>> On 09/02/2022 15:35, Vanda Vodkamilkevich wrote:
>>> If it helps, the output log when I saw the issues with setup
>> 
>>> ########### Try to download with proxy set
>> [...]
>>> Cached mirror list unavailable
>> [...]
>>> HTTP status 403 fetching https://cygwin.com/mirrors.lst
>> 
>>> ########### Using 2.908 version: it works
>> [...]
>>> Cached mirror list unavailable
>> [...]
>>> Fetched URL: http://cygwin.com/mirrors.lst
>> 
>>> ########### Rerun with new version
>> [...]
>>> Loaded cached mirror list
>> [...]> connection error: 12057 fetching
>> https://cygwin.com/mirrors.lst
>>> Using cached mirror list
>> 
>> The significant change seems to be we now fetch the mirror list
>> using https (since 2.892, but since you are using a self-built
>> setup with local changes, you don't seem to have picked that up
>> until now)
>> 
>> 12057 is ERROR_INTERNET_SEC_CERT_REV_FAILED, which leads down quite
>> a rabbit hole, but apparently this means something like
>> 'certificate validity isn't checked in the process using wininet,
>> but in a service, which doesn't have access to the proxy
>> credentials we are using, so fails trying to fetch any CRL'.
>> 
>> You don't mention that your proxy actually needs any credentials.
>> 
>> Why we get a different error code the second time is mysterious.
>> 
>> How we can then go on to successfully fetch from a https:// mirror
>> if it presents a CRL doesn't make a lot of sense.
>> 
>> I'm baffled.
> 
> You nailed it... My corporate proxy blocks the https to the mirror
> list. And my old version of setup was using http.

This could mean:
- https is blocked by the proxy (due to policy or misconfiguration)
- https to cygwin.com is blocked by the proxy (ditto)
- the setup code is doing something wrong so that the proxy is blocking 
it's attempt to use http here

> Maybe if https failed you should retry with http?

Nope, for the reasons already given by Adam.

I'd *maybe* consider a patch adding an '--no-https' option which causes 
plain http:// to be used (and probably turns off [1] as well) to allow 
setup to run in environments which are hostile to https.

[1] 
https://cygwin.com/git/?p=cygwin-apps/setup.git;a=commitdiff;h=b4947fb6db0cbd8b0c673dc49a18224c44da8116;hp=57ddb743c06996e93567a98c6de6694ddcc5d616

> Btw where is this mirror list file saved? I could cheat by fetching
> it with http before using setup?

The 'cached mirror list' referred to here is stored in the mirrors-lst 
key in /etc/setup/setup.rc

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019