| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.1 sourceware.org 290373858C60 |
| Authentication-Results: | sourceware.org; |
| dmarc=none (p=none dis=none) header.from=dinwoodie.org | |
| Authentication-Results: | sourceware.org; spf=pass smtp.mailfrom=dinwoodie.org |
| Date: | Thu, 10 Feb 2022 15:27:25 +0000 |
| From: | Adam Dinwoodie <adam AT dinwoodie DOT org> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Setup 2.917 fails to load mirror list |
| Message-ID: | <20220210152725.wly2ghd3i55dovfu@lucy.dinwoodie.org> |
| References: | <CA+GYywBGDf7wiFWtYaqFTyBaQjVjTBYynqg11EtJiv87XCXCmw AT mail DOT gmail DOT com> |
| <904e9b5c-bd3e-9afc-1512-c5e659156dec AT dronecode DOT org DOT uk> | |
| <CA+GYywDYS8f54E_B1zkcsn1otgNGJJyqBy+RiEq4unxS3ter+A AT mail DOT gmail DOT com> | |
| <6188769f-6250-384e-cfac-be2b460c872e AT dronecode DOT org DOT uk> | |
| <CA+GYywBfXptowQ-2oAOyvUfxXxoG_gE+q774qg1MSHigr0Mbqg AT mail DOT gmail DOT com> | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CA+GYywBfXptowQ-2oAOyvUfxXxoG_gE+q774qg1MSHigr0Mbqg@mail.gmail.com> |
| X-Spam-Status: | No, score=-0.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, |
| PDS_RDNS_DYNAMIC_FP, RDNS_DYNAMIC, SPF_HELO_PASS, SPF_PASS, TXREP, | |
| T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.4 (2020-01-24) on |
| server2.sourceware.org | |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| Errors-To: | cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id 21AFRkkU007663 |
On Thu, Feb 10, 2022 at 03:49:38PM +0100, Vanda Vodkamilkevich wrote: > Le jeu. 10 févr. 2022 à 14:54, Jon Turney <jon DOT turney AT dronecode DOT org DOT uk> a > écrit : > > > > Le mer. 9 févr. 2022 à 12:11, Jon Turney a > > > écrit : > > > > > >> On 08/02/2022 18:09, Vanda Vodkamilkevich wrote: > > >>> Hi, > > >>> When behind a (corporate) proxy the mirror list is apparently fetched > > >>> without using the proxy configuration. This can only be seen in a fresh > > >>> install, I tried with 2.908 and it worked then the new version can use > > >> the > > >> > > >> Only appearing on a fresh install makes sense, as a failure to fetch the > > >> mirror list is silent is we have a cached mirror list data. > > >> > > >>> cached file... > > >>> I'll try to add the logs provided by '-v' but it's complicated to get > > >> them > > >>> out of my corporate network. > > >>> I can't debug more precisely as I have to reinstall my complete cygwin > > >> tree > > >>> before :-( > > >> > > >> This is puzzling, since I don't see any changes which could cause this. > > >> > > > > On 09/02/2022 15:35, Vanda Vodkamilkevich wrote: > > > If it helps, the output log when I saw the issues with setup > > > > > ########### Try to download with proxy set > > [...] > > > Cached mirror list unavailable > > [...] > > > HTTP status 403 fetching https://cygwin.com/mirrors.lst > > > > > ########### Using 2.908 version: it works > > [...] > > > Cached mirror list unavailable > > [...] > > > Fetched URL: http://cygwin.com/mirrors.lst > > > > > ########### Rerun with new version > > [...] > > > Loaded cached mirror list > > [...]> connection error: 12057 fetching https://cygwin.com/mirrors.lst > > > Using cached mirror list > > > > The significant change seems to be we now fetch the mirror list using > > https (since 2.892, but since you are using a self-built setup with > > local changes, you don't seem to have picked that up until now) > > > > 12057 is ERROR_INTERNET_SEC_CERT_REV_FAILED, which leads down quite a > > rabbit hole, but apparently this means something like 'certificate > > validity isn't checked in the process using wininet, but in a service, > > which doesn't have access to the proxy credentials we are using, so > > fails trying to fetch any CRL'. > > > > You don't mention that your proxy actually needs any credentials. > > > > Why we get a different error code the second time is mysterious. > > > > How we can then go on to successfully fetch from a https:// mirror if it > > presents a CRL doesn't make a lot of sense. > > > > I'm baffled. > > > > You nailed it... My corporate proxy blocks the https to the mirror list. > And my old version of setup was using http. > > Maybe if https failed you should retry with http? This is generally considered A Bad Idea; it may well be a good plan to make the error behaviour clearer (this is basically always true of any software), but automatically falling back to HTTP is the sort of thing that will make the installer much more vulnerable to man-in-the-middle attacks. > Btw where is this mirror list file saved? I could cheat by fetching it with > http before using setup? -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |