From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from re-prd-fep-045.btinternet.com (mailomta23-re.btinternet.com [213.120.69.116]) by sourceware.org (Postfix) with ESMTPS id C8414385840E for ; Fri, 11 Feb 2022 15:08:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C8414385840E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dronecode.org.uk Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk Received: from re-prd-rgout-002.btmx-prd.synchronoss.net ([10.2.54.5]) by re-prd-fep-045.btinternet.com with ESMTP id <20220211150849.OMWG21969.re-prd-fep-045.btinternet.com@re-prd-rgout-002.btmx-prd.synchronoss.net>; Fri, 11 Feb 2022 15:08:49 +0000 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com; bimi=skipped X-SNCR-Rigid: 613A8DE81430F8DC X-Originating-IP: [86.139.167.74] X-OWM-Source-IP: 86.139.167.74 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvvddrieefgdejudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfuffvfhfhjggtgfesthekredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnheptdeijeeijeehtdeftdehteeggfegfeeifeeufedthfdtudfgfeffjedtudfgueehnecuffhomhgrihhnpegthihgfihinhdrtghomhdpmhhirhhrohhrihhfihhtphhrvghsvghnthhsrggtrhhlughovghsnhhtmhgrkhgvrghlohhtohhfshgvnhhsvgdrihhmpdhhthhtphhsthhotgihghifihhnrdgtohhmpdhhthhtphhnohhpvghfohhrthhhvghrvggrshhonhhsrghlrhgvrgguhihgihhvvghnsgihrggurghmrdhiugenucfkphepkeeirddufeelrdduieejrdejgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedruddruddtfegnpdhinhgvthepkeeirddufeelrdduieejrdejgedpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtoheptgihghifihhnsegthihgfihi nhdrtghomhdprhgtphhtthhopehvrghnuggrrdhvohgukhgrmhhilhhkvghvihgthhesghhmrghilhdrtghomh X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.103] (86.139.167.74) by re-prd-rgout-002.btmx-prd.synchronoss.net (5.8.716.04) (authenticated as jonturney@btinternet.com) id 613A8DE81430F8DC; Fri, 11 Feb 2022 15:08:49 +0000 Message-ID: <7bec0294-c042-0e42-dca7-352fd108534e@dronecode.org.uk> Date: Fri, 11 Feb 2022 15:08:14 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.1 Subject: Re: Setup 2.917 fails to load mirror list Content-Language: en-GB To: Vanda Vodkamilkevich , The Cygwin Mailing List References: <904e9b5c-bd3e-9afc-1512-c5e659156dec@dronecode.org.uk> <6188769f-6250-384e-cfac-be2b460c872e@dronecode.org.uk> From: Jon Turney In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3570.7 required=5.0 tests=BAYES_00, FORGED_SPF_HELO, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2022 15:08:53 -0000 On 10/02/2022 14:49, Vanda Vodkamilkevich wrote: > Le jeu. 10 févr. 2022 à 14:54, Jon Turney a écrit : >> On 09/02/2022 15:35, Vanda Vodkamilkevich wrote: >>> If it helps, the output log when I saw the issues with setup >> >>> ########### Try to download with proxy set >> [...] >>> Cached mirror list unavailable >> [...] >>> HTTP status 403 fetching https://cygwin.com/mirrors.lst >> >>> ########### Using 2.908 version: it works >> [...] >>> Cached mirror list unavailable >> [...] >>> Fetched URL: http://cygwin.com/mirrors.lst >> >>> ########### Rerun with new version >> [...] >>> Loaded cached mirror list >> [...]> connection error: 12057 fetching >> https://cygwin.com/mirrors.lst >>> Using cached mirror list >> >> The significant change seems to be we now fetch the mirror list >> using https (since 2.892, but since you are using a self-built >> setup with local changes, you don't seem to have picked that up >> until now) >> >> 12057 is ERROR_INTERNET_SEC_CERT_REV_FAILED, which leads down quite >> a rabbit hole, but apparently this means something like >> 'certificate validity isn't checked in the process using wininet, >> but in a service, which doesn't have access to the proxy >> credentials we are using, so fails trying to fetch any CRL'. >> >> You don't mention that your proxy actually needs any credentials. >> >> Why we get a different error code the second time is mysterious. >> >> How we can then go on to successfully fetch from a https:// mirror >> if it presents a CRL doesn't make a lot of sense. >> >> I'm baffled. > > You nailed it... My corporate proxy blocks the https to the mirror > list. And my old version of setup was using http. This could mean: - https is blocked by the proxy (due to policy or misconfiguration) - https to cygwin.com is blocked by the proxy (ditto) - the setup code is doing something wrong so that the proxy is blocking it's attempt to use http here > Maybe if https failed you should retry with http? Nope, for the reasons already given by Adam. I'd *maybe* consider a patch adding an '--no-https' option which causes plain http:// to be used (and probably turns off [1] as well) to allow setup to run in environments which are hostile to https. [1] https://cygwin.com/git/?p=cygwin-apps/setup.git;a=commitdiff;h=b4947fb6db0cbd8b0c673dc49a18224c44da8116;hp=57ddb743c06996e93567a98c6de6694ddcc5d616 > Btw where is this mirror list file saved? I could cheat by fetching > it with http before using setup? The 'cached mirror list' referred to here is stored in the mirrors-lst key in /etc/setup/setup.rc