PDA

View Full Version : SLES 11 SP4 Trouble using "zypper addrepo" with http proxy and certs



tllmco
25-Jun-2018, 20:18
I am trying to setup a SLES 11 SP4 VM in Virtualbox to use a specific http proxy for all traffic along with certs exported from Windows.

I have successfully added the proxy and certs to Firefox so that Firefox works without problems. I also have the http_proxy and https_proxy environment variables set to the proxy URL.

Now I am trying to get zypper to work. My specific test case is to try and add the repository needed to install git. I will include the output below. I also tried to retry without the SSL verification but the result was the same error as before.


$ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo

Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
Error code: Connection failed
Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable

Abort, retry, ignore? [a/r/i/? shows all options] (a): a
Abort, retry, ignore? [a/r/i/? shows all options] (a): ?

a - Skip retrieval of the file and abort current operation.
r - Try to retrieve the file again.
i - Skip retrieval of the file and try to continue with the operation without the file.
u - Change current base URI and try retrieving the file again.

[a/r/i/? shows all options] (a): a
Problem accessing the file at the specified URI:
Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
Error code: Connection failed
Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable

Please check if the URI is valid and accessible.
$ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
Error code: Connection failed
Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable

Abort, retry, ignore? [a/r/i/? shows all options] (a): ?

a - Skip retrieval of the file and abort current operation.
r - Try to retrieve the file again.
i - Skip retrieval of the file and try to continue with the operation without the file.
u - Change current base URI and try retrieving the file again.
s - Disable SSL certificate authority check and continue.

[a/r/i/? shows all options] (a): s
SSL certificate authority check disabled.
Abort, retry, ignore? [a/r/i/? shows all options] (a): r
Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
Error code: Connection failed
Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable

Abort, retry, ignore? [a/r/i/? shows all options] (a): a
Abort, retry, ignore? [a/r/i/? shows all options] (a): a
Problem accessing the file at the specified URI:
Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
Error code: Connection failed
Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable

Please check if the URI is valid and accessible.

Interestingly I could use curl to download the content of the address, but only if I passed the --insecure flag.


$ curl --insecure https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://download.opensuse.org/repositories/devel:tools:/scm/SLE_11_SP4/devel:tools:scm.repo">here</a>.</p>
<hr>
<address>Apache/2.4.23 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
</body></html>

Any ideas how I can approach solving this?

smflood
25-Jun-2018, 23:55
tllmco Wrote in message:

> I am trying to setup a SLES 11 SP4 VM in Virtualbox to use a specific
> http proxy for all traffic along with certs exported from Windows.
>
> I have successfully added the proxy and certs to Firefox so that Firefox
> works without problems. I also have the http_proxy and https_proxy
> environment variables set to the proxy URL.
>
> Now I am trying to get zypper to work. My specific test case is to try
> and add the repository needed to install git. I will include the output
> below. I also tried to retry without the SSL verification but the result
> was the same error as before.
>
>
> Code:
> --------------------
> $ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
>
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Abort, retry, ignore? [a/r/i/? shows all options] (a): a
> Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
>
> a - Skip retrieval of the file and abort current operation.
> r - Try to retrieve the file again.
> i - Skip retrieval of the file and try to continue with the operation without the file.
> u - Change current base URI and try retrieving the file again.
>
> [a/r/i/? shows all options] (a): a
> Problem accessing the file at the specified URI:
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Please check if the URI is valid and accessible.
> $ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
>
> a - Skip retrieval of the file and abort current operation.
> r - Try to retrieve the file again.
> i - Skip retrieval of the file and try to continue with the operation without the file.
> u - Change current base URI and try retrieving the file again.
> s - Disable SSL certificate authority check and continue.
>
> [a/r/i/? shows all options] (a): s
> SSL certificate authority check disabled.
> Abort, retry, ignore? [a/r/i/? shows all options] (a): r
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Abort, retry, ignore? [a/r/i/? shows all options] (a): a
> Abort, retry, ignore? [a/r/i/? shows all options] (a): a
> Problem accessing the file at the specified URI:
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Please check if the URI is valid and accessible.
> --------------------
>
>
> Interestingly I could use curl to download the content of the address,
> but only if I passed the --insecure flag.
>
>
> Code:
> --------------------
> $ curl --insecure https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>301 Moved Permanently</title>
> </head><body>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a href="https://download.opensuse.org/repositories/devel:tools:/scm/SLE_11_SP4/devel:tools:scm.repo">here</a>.</p>
> <hr>
> <address>Apache/2.4.23 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
> </body></html>
> --------------------
>
>
> Any ideas how I can approach solving this?

Is the IPv6 address above your proxy as set for http_proxy and
https_proxy? To be honest I've never tried setting an IPv6
address only IPv4.

Have you seen TID 7006845[1], particularly the reference to
/etc/sysconfig/proxy ?

HTH.

[1] https://www.novell.com/support/kb/doc.php?id=7006845
--
Simon Flood
SUSE Knowledge Partner


----Android NewsGroup Reader----
http://usenet.sinaapp.com/

tllmco
26-Jun-2018, 17:21
tllmco Wrote in message:

> I am trying to setup a SLES 11 SP4 VM in Virtualbox to use a specific
> http proxy for all traffic along with certs exported from Windows.
>
> I have successfully added the proxy and certs to Firefox so that Firefox
> works without problems. I also have the http_proxy and https_proxy
> environment variables set to the proxy URL.
>
> Now I am trying to get zypper to work. My specific test case is to try
> and add the repository needed to install git. I will include the output
> below. I also tried to retry without the SSL verification but the result
> was the same error as before.
>
>
> Code:
> --------------------
> $ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
>
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Abort, retry, ignore? [a/r/i/? shows all options] (a): a
> Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
>
> a - Skip retrieval of the file and abort current operation.
> r - Try to retrieve the file again.
> i - Skip retrieval of the file and try to continue with the operation without the file.
> u - Change current base URI and try retrieving the file again.
>
> [a/r/i/? shows all options] (a): a
> Problem accessing the file at the specified URI:
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Please check if the URI is valid and accessible.
> $ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
>
> a - Skip retrieval of the file and abort current operation.
> r - Try to retrieve the file again.
> i - Skip retrieval of the file and try to continue with the operation without the file.
> u - Change current base URI and try retrieving the file again.
> s - Disable SSL certificate authority check and continue.
>
> [a/r/i/? shows all options] (a): s
> SSL certificate authority check disabled.
> Abort, retry, ignore? [a/r/i/? shows all options] (a): r
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Abort, retry, ignore? [a/r/i/? shows all options] (a): a
> Abort, retry, ignore? [a/r/i/? shows all options] (a): a
> Problem accessing the file at the specified URI:
> Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
> Error code: Connection failed
> Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
>
> Please check if the URI is valid and accessible.
> --------------------
>
>
> Interestingly I could use curl to download the content of the address,
> but only if I passed the --insecure flag.
>
>
> Code:
> --------------------
> $ curl --insecure https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>301 Moved Permanently</title>
> </head><body>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a href="https://download.opensuse.org/repositories/devel:tools:/scm/SLE_11_SP4/devel:tools:scm.repo">here</a>.</p>
> <hr>
> <address>Apache/2.4.23 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
> </body></html>
> --------------------
>
>
> Any ideas how I can approach solving this?


Is the IPv6 address above your proxy as set for http_proxy and
https_proxy? To be honest I've never tried setting an IPv6
address only IPv4.

The IPv6 address is my proxy. I assumed it was the repository's address.


Have you seen TID 7006845[1], particularly the reference to
/etc/sysconfig/proxy ?

Thanks for the resource. I haven't seen it. I edited /etc/sysconfig/proxy and set both the HTTP and HTTPS variables to point to my HTTP proxy, logged out and back in and now zypper works (albeit with disabling SSL Verification)!

enovaklbank
26-Nov-2018, 16:44
If your proxy terminates SSL, you need the proxy's certificate as a trusted CA.
In order to have this, copy the PEM encoded certificate to /etc/ssl/certs and do a

c_rehash /etc/ssl/certs
on SLES11. On SLES12 you'd need to use the /etc/pki/trust/anchors directory and call

update-ca-certificates
See the
rpm -q --scripts openssl-certs (SLES11) or
rpm -q --scripts ca-certificates (SLES12) output if in doubt.