XO's cannot use mirror repo's in YUM update or install

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

XO's cannot use mirror repo's in YUM update or install

Carrol Riddle
XO's attempting to run YUM update or install are unable to use fedora mirror sites (https://) but able to use primary fedora site (http://).

Is this a matter of https vs http / ca-certificates or changes in mirror structures ?  Ca-certificates update have not been done, but could be done.

 Running OLPC 13.2.10 with current date / time and hwclock -w to sync.  

Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out mirrorlist line and uncommenting baseurl line (and adding "archive" to url path after /pub/).

There are no entries in yum.log and error message is:
"Cannot retrieve metalink for repository: fedora/18/i386.  Please verify its path and try again."

My specific case is trying to install rpmfusion in preparing to install exfat-utils and fuse-exfat ,  but occurs with other installs that have been done in the past.

Carrol Riddle
[hidden email]
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: XO's cannot use mirror repo's in YUM update or install

Peter Robinson
On Sun, Nov 10, 2019 at 5:29 AM Carrol Riddle <[hidden email]> wrote:

>
> XO's attempting to run YUM update or install are unable to use fedora mirror sites (https://) but able to use primary fedora site (http://).
>
> Is this a matter of https vs http / ca-certificates or changes in mirror structures ?  Ca-certificates update have not been done, but could be done.
>
>  Running OLPC 13.2.10 with current date / time and hwclock -w to sync.
>
> Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out mirrorlist line and uncommenting baseurl line (and adding "archive" to url path after /pub/).
>
> There are no entries in yum.log and error message is:
> "Cannot retrieve metalink for repository: fedora/18/i386.  Please verify its path and try again."
>
> My specific case is trying to install rpmfusion in preparing to install exfat-utils and fuse-exfat ,  but occurs with other installs that have been done in the past.

I'm guessing you might need to update for content that has been
archived, I thought the mirror manager dealt with redirects
automatically there but I don't know exactly.
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
chm
Reply | Threaded
Open this post in threaded view
|

Re: XO's cannot use mirror repo's in YUM update or install

chm
I had the same problem last week.  I did determine that the Fedora packages had been archived but I could not figure out how to get yum to work.  Maybe it is a different type of repository?  At any rate, I was unable to get yum to work.

--Chris

On Sun, Nov 10, 2019 at 9:57 AM Peter Robinson <[hidden email]> wrote:
On Sun, Nov 10, 2019 at 5:29 AM Carrol Riddle <[hidden email]> wrote:
>
> XO's attempting to run YUM update or install are unable to use fedora mirror sites (https://) but able to use primary fedora site (http://).
>
> Is this a matter of https vs http / ca-certificates or changes in mirror structures ?  Ca-certificates update have not been done, but could be done.
>
>  Running OLPC 13.2.10 with current date / time and hwclock -w to sync.
>
> Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out mirrorlist line and uncommenting baseurl line (and adding "archive" to url path after /pub/).
>
> There are no entries in yum.log and error message is:
> "Cannot retrieve metalink for repository: fedora/18/i386.  Please verify its path and try again."
>
> My specific case is trying to install rpmfusion in preparing to install exfat-utils and fuse-exfat ,  but occurs with other installs that have been done in the past.

I'm guessing you might need to update for content that has been
archived, I thought the mirror manager dealt with redirects
automatically there but I don't know exactly.
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel

_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: XO's cannot use mirror repo's in YUM update or install

Carrol Riddle
In reply to this post by Peter Robinson
Have been able to Yum install exfat files on my XO-1, but everywhere had to block mirrorline and use baseurl.

Still do not know why mirrors do not work.

The baseurl for fedora.repo is http://dl.fedoraproject.org/pub/archive/fedora/linux/$releasever/Everything/$basearch/os/

The baseurl for rpmfusion is http://archive.rpmfusion.org/free-archive/fedora/releases/$releasever/Everything/$basearch/os/

dl, download and archive all seem to work as first term in fedora path.

Modified the *-update.repo files similarly (but not same).

I had been using http://wiki.laptop.org/go/Gstreamer  method of installing rpmfusion,
but simpler and newer is:
wget -c download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm
and rpm  -i rpmfusion-free-release-18.noarch.rpm

Removed extraneous rpmfusion  repos from /etc/yum.repos.d/

This effort was to allow installing Internet-in-a-Box on a larger SD for Raspberry Pi Zero W using only XO and the Zero.
Two external ports are needed and had previously used Pi 4 to prepare SD.
The single USB port on Zero is used for the connection to an XO using X11Forwarding for display, keyboard and shared WiFi (secondary to Zero W on-board WiFi or as primary for simple Zero).

Still looking for cause of YUM Mirrors failure.

Carrol Riddle


> On November 10, 2019 at 9:57 AM Peter Robinson <[hidden email]> wrote:
>
>
> On Sun, Nov 10, 2019 at 5:29 AM Carrol Riddle <[hidden email]> wrote:
> >
> > XO's attempting to run YUM update or install are unable to use fedora mirror sites (https://) but able to use primary fedora site (http://).
> >
> > Is this a matter of https vs http / ca-certificates or changes in mirror structures ?  Ca-certificates update have not been done, but could be done.
> >
> >  Running OLPC 13.2.10 with current date / time and hwclock -w to sync.
> >
> > Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out mirrorlist line and uncommenting baseurl line (and adding "archive" to url path after /pub/).
> >
> > There are no entries in yum.log and error message is:
> > "Cannot retrieve metalink for repository: fedora/18/i386.  Please verify its path and try again."
> >
> > My specific case is trying to install rpmfusion in preparing to install exfat-utils and fuse-exfat ,  but occurs with other installs that have been done in the past.
>
> I'm guessing you might need to update for content that has been
> archived, I thought the mirror manager dealt with redirects
> automatically there but I don't know exactly.
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: XO's cannot use mirror repo's in YUM update or install

James Cameron-2
Thanks for the problem report and workaround.

The cause is an SSLv3 Handshake Failure, apparently a result of
tightened security configuration at fedoraproject.org which is no
longer compatible with Fedora 18.

Unfortunately yum does not report the actual problem.

Here's how to catch proof;

1.  use tcpdump to capture network packets and then wireshark to
analyse,

2.  look for the "Alert (Level: Fatal, Description: Handshake
Failure)",

3.  look for the immediately preceeding SSLv3 Client Hello message,

4.  note the Cipher Suites list contains some that are no longer
acceptable.

Your workaround is fine.  It is similar to the one I used for XO-1.75
and XO-4 in 13.2.8;
https://github.com/quozl/olpc-os-builder/commit/f2cb3908aff0cc7bc3ba7937a93b0337140dd81e

Another workaround is to change from https to http in the mirrorlist
entries.

sudo sed -i 's/mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/*.repo

However, while this is faster, it also lowers the overall security
because it makes a man in the middle attack easier.

Best way to image a set of laptops with rpmfusion packages is to build
an image using olpc-os-builder.  I've got notes on how to do that.

On Sun, Nov 10, 2019 at 03:15:55PM -0500, Carrol Riddle wrote:

> Have been able to Yum install exfat files on my XO-1, but everywhere had to block mirrorline and use baseurl.
>
> Still do not know why mirrors do not work.
>
> The baseurl for fedora.repo is http://dl.fedoraproject.org/pub/archive/fedora/linux/$releasever/Everything/$basearch/os/
>
> The baseurl for rpmfusion is http://archive.rpmfusion.org/free-archive/fedora/releases/$releasever/Everything/$basearch/os/
>
> dl, download and archive all seem to work as first term in fedora path.
>
> Modified the *-update.repo files similarly (but not same).
>
> I had been using http://wiki.laptop.org/go/Gstreamer  method of installing rpmfusion,
> but simpler and newer is:
> wget -c download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm
> and rpm  -i rpmfusion-free-release-18.noarch.rpm
>
> Removed extraneous rpmfusion  repos from /etc/yum.repos.d/
>
> This effort was to allow installing Internet-in-a-Box on a larger SD for Raspberry Pi Zero W using only XO and the Zero.
> Two external ports are needed and had previously used Pi 4 to prepare SD.
> The single USB port on Zero is used for the connection to an XO using X11Forwarding for display, keyboard and shared WiFi (secondary to Zero W on-board WiFi or as primary for simple Zero).
>
> Still looking for cause of YUM Mirrors failure.
>
> Carrol Riddle
>
>
> > On November 10, 2019 at 9:57 AM Peter Robinson <[hidden email]> wrote:
> >
> >
> > On Sun, Nov 10, 2019 at 5:29 AM Carrol Riddle <[hidden email]> wrote:
> > >
> > > XO's attempting to run YUM update or install are unable to use fedora mirror sites (https://) but able to use primary fedora site (http://).
> > >
> > > Is this a matter of https vs http / ca-certificates or changes in mirror structures ?  Ca-certificates update have not been done, but could be done.
> > >
> > >  Running OLPC 13.2.10 with current date / time and hwclock -w to sync.
> > >
> > > Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out mirrorlist line and uncommenting baseurl line (and adding "archive" to url path after /pub/).
> > >
> > > There are no entries in yum.log and error message is:
> > > "Cannot retrieve metalink for repository: fedora/18/i386.  Please verify its path and try again."
> > >
> > > My specific case is trying to install rpmfusion in preparing to install exfat-utils and fuse-exfat ,  but occurs with other installs that have been done in the past.
> >
> > I'm guessing you might need to update for content that has been
> > archived, I thought the mirror manager dealt with redirects
> > automatically there but I don't know exactly.
> _______________________________________________
> Devel mailing list
> [hidden email]
> http://lists.laptop.org/listinfo/devel

--
James Cameron
http://quozl.netrek.org/
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: XO's cannot use mirror repo's in YUM update or install

Carrol Riddle
In reply to this post by Carrol Riddle
Correction: baseurl must begin with "download" instead of "dl" for this case.
Rpmfusion must be installed before exfat.

> On November 10, 2019 at 3:15 PM Carrol Riddle <[hidden email]> wrote:
>
>
> Have been able to Yum install exfat files on my XO-1, but everywhere had to block mirrorline and use baseurl.
>
> Still do not know why mirrors do not work.
>
> The baseurl for fedora.repo is http://dl.fedoraproject.org/pub/archive/fedora/linux/$releasever/Everything/$basearch/os/
>
> The baseurl for rpmfusion is http://archive.rpmfusion.org/free-archive/fedora/releases/$releasever/Everything/$basearch/os/
>
> dl, download and archive all seem to work as first term in fedora path.
>
> Modified the *-update.repo files similarly (but not same).
>
> I had been using http://wiki.laptop.org/go/Gstreamer  method of installing rpmfusion,
> but simpler and newer is:
> wget -c download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm
> and rpm  -i rpmfusion-free-release-18.noarch.rpm
>
> Removed extraneous rpmfusion  repos from /etc/yum.repos.d/
>
> This effort was to allow installing Internet-in-a-Box on a larger SD for Raspberry Pi Zero W using only XO and the Zero.
> Two external ports are needed and had previously used Pi 4 to prepare SD.
> The single USB port on Zero is used for the connection to an XO using X11Forwarding for display, keyboard and shared WiFi (secondary to Zero W on-board WiFi or as primary for simple Zero).
>
> Still looking for cause of YUM Mirrors failure.
>
> Carrol Riddle
>
>
> > On November 10, 2019 at 9:57 AM Peter Robinson <[hidden email]> wrote:
> >
> >
> > On Sun, Nov 10, 2019 at 5:29 AM Carrol Riddle <[hidden email]> wrote:
> > >
> > > XO's attempting to run YUM update or install are unable to use fedora mirror sites (https://) but able to use primary fedora site (http://).
> > >
> > > Is this a matter of https vs http / ca-certificates or changes in mirror structures ?  Ca-certificates update have not been done, but could be done.
> > >
> > >  Running OLPC 13.2.10 with current date / time and hwclock -w to sync.
> > >
> > > Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out mirrorlist line and uncommenting baseurl line (and adding "archive" to url path after /pub/).
> > >
> > > There are no entries in yum.log and error message is:
> > > "Cannot retrieve metalink for repository: fedora/18/i386.  Please verify its path and try again."
> > >
> > > My specific case is trying to install rpmfusion in preparing to install exfat-utils and fuse-exfat ,  but occurs with other installs that have been done in the past.
> >
> > I'm guessing you might need to update for content that has been
> > archived, I thought the mirror manager dealt with redirects
> > automatically there but I don't know exactly.
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel