On 10/02/2022 14:49, Vanda Vodkamilkevich wrote:
Le jeu. 10 févr. 2022 à 14:54, Jon Turney a écrit :
On 09/02/2022 15:35, Vanda Vodkamilkevich wrote:
If it helps, the output log when I saw the issues with setup
########### Try to download with proxy set
[...]
Cached mirror list unavailable
[...]
HTTP status 403 fetching https://cygwin.com/mirrors.lst
########### Using 2.908 version: it works
[...]
Cached mirror list unavailable
[...]
Fetched URL: http://cygwin.com/mirrors.lst
########### Rerun with new version
[...]
Loaded cached mirror list
[...]> connection error: 12057 fetching
https://cygwin.com/mirrors.lst
Using cached mirror list
The significant change seems to be we now fetch the mirror list
using https (since 2.892, but since you are using a self-built
setup with local changes, you don't seem to have picked that up
until now)
12057 is ERROR_INTERNET_SEC_CERT_REV_FAILED, which leads down quite
a rabbit hole, but apparently this means something like
'certificate validity isn't checked in the process using wininet,
but in a service, which doesn't have access to the proxy
credentials we are using, so fails trying to fetch any CRL'.
You don't mention that your proxy actually needs any credentials.
Why we get a different error code the second time is mysterious.
How we can then go on to successfully fetch from a https:// mirror
if it presents a CRL doesn't make a lot of sense.
I'm baffled.
You nailed it... My corporate proxy blocks the https to the mirror
list. And my old version of setup was using http.
This could mean:
- https is blocked by the proxy (due to policy or misconfiguration)
- https to cygwin.com is blocked by the proxy (ditto)
- the setup code is doing something wrong so that the proxy is blocking
it's attempt to use http here
Maybe if https failed you should retry with http?
Nope, for the reasons already given by Adam.
I'd *maybe* consider a patch adding an '--no-https' option which causes
plain http:// to be used (and probably turns off [1] as well) to allow
setup to run in environments which are hostile to https.
[1]
https://cygwin.com/git/?p=cygwin-apps/setup.git;a=commitdiff;h=b4947fb6db0cbd8b0c673dc49a18224c44da8116;hp=57ddb743c06996e93567a98c6de6694ddcc5d616
Btw where is this mirror list file saved? I could cheat by fetching
it with http before using setup?
The 'cached mirror list' referred to here is stored in the mirrors-lst
key in /etc/setup/setup.rc
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
