Results 1 to 4 of 4

Thread: Trouble using "zypper addrepo" with http proxy and certs

  1. #1

    Trouble using "zypper addrepo" with http proxy and certs

    I am trying to setup a SLES 11 SP4 VM in Virtualbox to use a specific http proxy for all traffic along with certs exported from Windows.

    I have successfully added the proxy and certs to Firefox so that Firefox works without problems. I also have the http_proxy and https_proxy environment variables set to the proxy URL.

    Now I am trying to get zypper to work. My specific test case is to try and add the repository needed to install git. I will include the output below. I also tried to retry without the SSL verification but the result was the same error as before.

    Code:
    $ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
    
    Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    Error code: Connection failed
    Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    
    Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
    
    a - Skip retrieval of the file and abort current operation.
    r - Try to retrieve the file again.
    i - Skip retrieval of the file and try to continue with the operation without the file.
    u - Change current base URI and try retrieving the file again.
    
    [a/r/i/? shows all options] (a): a
    Problem accessing the file at the specified URI:
    Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    Error code: Connection failed
    Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    
    Please check if the URI is valid and accessible.
    $ sudo zypper addrepo https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
    Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    Error code: Connection failed
    Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    
    Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
    
    a - Skip retrieval of the file and abort current operation.
    r - Try to retrieve the file again.
    i - Skip retrieval of the file and try to continue with the operation without the file.
    u - Change current base URI and try retrieving the file again.
    s - Disable SSL certificate authority check and continue.
    
    [a/r/i/? shows all options] (a): s
    SSL certificate authority check disabled.
    Abort, retry, ignore? [a/r/i/? shows all options] (a): r
    Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
    Error code: Connection failed
    Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    
    Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    Problem accessing the file at the specified URI:
    Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
    Error code: Connection failed
    Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    
    Please check if the URI is valid and accessible.
    Interestingly I could use curl to download the content of the address, but only if I passed the --insecure flag.

    Code:
    $ curl --insecure https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>301 Moved Permanently</title>
    </head><body>
    <h1>Moved Permanently</h1>
    <p>The document has moved <a href="https://download.opensuse.org/repositories/devel:tools:/scm/SLE_11_SP4/devel:tools:scm.repo">here</a>.</p>
    <hr>
    <address>Apache/2.4.23 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
    </body></html>
    Any ideas how I can approach solving this?

  2. #2

    Re:Trouble using "zypper addrepo" with http proxy and certs

    tllmco Wrote in message:

    > I am trying to setup a SLES 11 SP4 VM in Virtualbox to use a specific
    > http proxy for all traffic along with certs exported from Windows.
    >
    > I have successfully added the proxy and certs to Firefox so that Firefox
    > works without problems. I also have the http_proxy and https_proxy
    > environment variables set to the proxy URL.
    >
    > Now I am trying to get zypper to work. My specific test case is to try
    > and add the repository needed to install git. I will include the output
    > below. I also tried to retry without the SSL verification but the result
    > was the same error as before.
    >
    >
    > Code:
    > --------------------
    > $ sudo zypper addrepo https://download.opensuse.org/reposi...tools:scm.repo
    >
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
    >
    > a - Skip retrieval of the file and abort current operation.
    > r - Try to retrieve the file again.
    > i - Skip retrieval of the file and try to continue with the operation without the file.
    > u - Change current base URI and try retrieving the file again.
    >
    > [a/r/i/? shows all options] (a): a
    > Problem accessing the file at the specified URI:
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Please check if the URI is valid and accessible.
    > $ sudo zypper addrepo https://download.opensuse.org/reposi...tools:scm.repo
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
    >
    > a - Skip retrieval of the file and abort current operation.
    > r - Try to retrieve the file again.
    > i - Skip retrieval of the file and try to continue with the operation without the file.
    > u - Change current base URI and try retrieving the file again.
    > s - Disable SSL certificate authority check and continue.
    >
    > [a/r/i/? shows all options] (a): s
    > SSL certificate authority check disabled.
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): r
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    > Problem accessing the file at the specified URI:
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Please check if the URI is valid and accessible.
    > --------------------
    >
    >
    > Interestingly I could use curl to download the content of the address,
    > but only if I passed the --insecure flag.
    >
    >
    > Code:
    > --------------------
    > $ curl --insecure https://download.opensuse.org/reposi...tools:scm.repo
    > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    > <html><head>
    > <title>301 Moved Permanently</title>
    > </head><body>
    > <h1>Moved Permanently</h1>
    > <p>The document has moved <a href="https://download.opensuse.org/repositories/devel:tools:/scm/SLE_11_SP4/devel:tools:scm.repo">here</a>.</p>
    > <hr>
    > <address>Apache/2.4.23 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
    > </body></html>
    > --------------------
    >
    >
    > Any ideas how I can approach solving this?


    Is the IPv6 address above your proxy as set for http_proxy and
    https_proxy? To be honest I've never tried setting an IPv6
    address only IPv4.

    Have you seen TID 7006845[1], particularly the reference to
    /etc/sysconfig/proxy ?

    HTH.

    [1] https://www.novell.com/support/kb/doc.php?id=7006845
    --
    Simon Flood
    SUSE Knowledge Partner


    ----Android NewsGroup Reader----
    http://usenet.sinaapp.com/

  3. #3

    Re: Trouble using "zypper addrepo" with http proxy and certs

    tllmco Wrote in message:

    > I am trying to setup a SLES 11 SP4 VM in Virtualbox to use a specific
    > http proxy for all traffic along with certs exported from Windows.
    >
    > I have successfully added the proxy and certs to Firefox so that Firefox
    > works without problems. I also have the http_proxy and https_proxy
    > environment variables set to the proxy URL.
    >
    > Now I am trying to get zypper to work. My specific test case is to try
    > and add the repository needed to install git. I will include the output
    > below. I also tried to retry without the SSL verification but the result
    > was the same error as before.
    >
    >
    > Code:
    > --------------------
    > $ sudo zypper addrepo https://download.opensuse.org/reposi...tools:scm.repo
    >
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
    >
    > a - Skip retrieval of the file and abort current operation.
    > r - Try to retrieve the file again.
    > i - Skip retrieval of the file and try to continue with the operation without the file.
    > u - Change current base URI and try retrieving the file again.
    >
    > [a/r/i/? shows all options] (a): a
    > Problem accessing the file at the specified URI:
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Please check if the URI is valid and accessible.
    > $ sudo zypper addrepo https://download.opensuse.org/reposi...tools:scm.repo
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): ?
    >
    > a - Skip retrieval of the file and abort current operation.
    > r - Try to retrieve the file again.
    > i - Skip retrieval of the file and try to continue with the operation without the file.
    > u - Change current base URI and try retrieving the file again.
    > s - Disable SSL certificate authority check and continue.
    >
    > [a/r/i/? shows all options] (a): s
    > SSL certificate authority check disabled.
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): r
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    > Abort, retry, ignore? [a/r/i/? shows all options] (a): a
    > Problem accessing the file at the specified URI:
    > Download (curl) error for 'https://download.opensuse.org/repositories/devel:tools:scm/SLE_11_SP4/devel:tools:scm.repo?ssl_verify=no':
    > Error code: Connection failed
    > Error message: Failed to connect to 2620:113:80c0:8::13: Network is unreachable
    >
    > Please check if the URI is valid and accessible.
    > --------------------
    >
    >
    > Interestingly I could use curl to download the content of the address,
    > but only if I passed the --insecure flag.
    >
    >
    > Code:
    > --------------------
    > $ curl --insecure https://download.opensuse.org/reposi...tools:scm.repo
    > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    > <html><head>
    > <title>301 Moved Permanently</title>
    > </head><body>
    > <h1>Moved Permanently</h1>
    > <p>The document has moved <a href="https://download.opensuse.org/repositories/devel:tools:/scm/SLE_11_SP4/devel:tools:scm.repo">here</a>.</p>
    > <hr>
    > <address>Apache/2.4.23 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
    > </body></html>
    > --------------------
    >
    >
    > Any ideas how I can approach solving this?


    Is the IPv6 address above your proxy as set for http_proxy and
    https_proxy? To be honest I've never tried setting an IPv6
    address only IPv4.
    The IPv6 address is my proxy. I assumed it was the repository's address.

    Have you seen TID 7006845[1], particularly the reference to
    /etc/sysconfig/proxy ?
    Thanks for the resource. I haven't seen it. I edited /etc/sysconfig/proxy and set both the HTTP and HTTPS variables to point to my HTTP proxy, logged out and back in and now zypper works (albeit with disabling SSL Verification)!

  4. #4

    Re: Trouble using "zypper addrepo" with http proxy and certs

    If your proxy terminates SSL, you need the proxy's certificate as a trusted CA.
    In order to have this, copy the PEM encoded certificate to /etc/ssl/certs and do a
    Code:
    c_rehash /etc/ssl/certs
    on SLES11. On SLES12 you'd need to use the /etc/pki/trust/anchors directory and call
    Code:
    update-ca-certificates
    See the
    Code:
    rpm -q --scripts openssl-certs
    (SLES11) or
    Code:
    rpm -q --scripts ca-certificates
    (SLES12) output if in doubt.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •