dnf fails on HTTPS repo after update to Fedora 23
671 views
Skip to first unread message
Jeremy Rand
Dec 9, 2015, 4:14:17 PM12/9/15
to qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I recently upgraded my Fedora 21 template to Fedora 23. Now I get the
following error upon trying to dnf update the Fedora 23 VM.
[user@fedora-23 ~]$ sudo dnf update
Fedora 23 - x86_64 157 kB/s | 43 MB
04:38
Qubes OS Repository for VM (updates) 9.8 kB/s | 36 kB
00:03
Error: Failed to synchronize cache for repo 'updates' from
'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&ar
ch=x86_64':
Cannot prepare internal mirrorlist: Curl error (56): Failure when
receiving data from the peer for
https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&arc
h=x86_64
[Received HTTP code 500 from proxy after CONNECT]
I conjecture that Fedora moved some of their infrastructure to HTTPS
sometime between Fedora 21 and Fedora 23, and that the updates proxy
is unhappy about seeing HTTPS to a repo that it doesn't expect.
However, I'm not certain of this, and I'm not certain how to proceed
here. Suggestions?
FWIW, it's a very good thing that HTTPS seems to be gaining adoption
for system updates, since it improves privacy and also adds some
defense against replay attacks. It seems unfortunate to me that Qubes
doesn't (appear to) offer a convenient way to access these repos
(manually editing a text file doesn't seem to be sufficiently
convenient). Is there a plan on the table for improving usability for
such update repos?
Cheers,
- -Jeremy Rand
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWaJmSAAoJEAHN/EbZ1y06wwgP+watKGid4b1+awqkvhgCkB9d
JCFVXdxagJcXSEabU9SqduKCotqBgeBPI6PFhUpI36aLM8CiqCj4UmXd9eCbegEs
v+WVcJqeUyKLE1Gqs7TjxWH48bAI3WHaVhjIqg5aVsTCb9EjNiyxDBCKK8HJ0p8F
6G3NVzjk6kRWYMmLCQT6KvAVt9E5duuKILcHed14udZwUJhA5PUNGNoYs/+cUB9V
IkGBS+6YoRprNjZl27jLQ/P8bUvKSvsBqfYGa+oBltPAbn9TtAGUHkneaa+36g8U
6YH8zMEuHBJbWjER9DuZKx3Gajue2AOT7fn5KeTkw+eU8q2zf41WThUQzFJG8Q52
QXteEUjcEY1/Fa7dSP6j7KPcWOWRDriZIB3u0q7qK5LUEN+GTpSqJF3qFxtQ5ViK
6zT/4N4nfMtlwRZ6xz7TV6rFAr4DJ3ErtzCZKCjQL+OssKFg5J9+YyiOxagS11E6
g3pnPR39jyjCuR80SCO+pGorKcPEuiHKc3tYV+amYGSWDtojmwJSVEaQpfPm4CjZ
DoEnS4L8tlPF/BC6f2AmD/GZ3e8K+/xUOoAy1uxsRaEKAF6mwp38pJ1qaBS08N5n
hSpSrqaWw43lN3gF1vrsqsZZov0ms2782agnwVvQMsEywru9paZkA+L+OUvwqpQU
86ip7mUEA2OrdMVRlLDb
=8fqz
-----END PGP SIGNATURE-----
Hash: SHA256
I recently upgraded my Fedora 21 template to Fedora 23. Now I get the
following error upon trying to dnf update the Fedora 23 VM.
[user@fedora-23 ~]$ sudo dnf update
Fedora 23 - x86_64 157 kB/s | 43 MB
04:38
Qubes OS Repository for VM (updates) 9.8 kB/s | 36 kB
00:03
Error: Failed to synchronize cache for repo 'updates' from
'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&ar
ch=x86_64':
Cannot prepare internal mirrorlist: Curl error (56): Failure when
receiving data from the peer for
https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&arc
h=x86_64
[Received HTTP code 500 from proxy after CONNECT]
I conjecture that Fedora moved some of their infrastructure to HTTPS
sometime between Fedora 21 and Fedora 23, and that the updates proxy
is unhappy about seeing HTTPS to a repo that it doesn't expect.
However, I'm not certain of this, and I'm not certain how to proceed
here. Suggestions?
FWIW, it's a very good thing that HTTPS seems to be gaining adoption
for system updates, since it improves privacy and also adds some
defense against replay attacks. It seems unfortunate to me that Qubes
doesn't (appear to) offer a convenient way to access these repos
(manually editing a text file doesn't seem to be sufficiently
convenient). Is there a plan on the table for improving usability for
such update repos?
Cheers,
- -Jeremy Rand
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWaJmSAAoJEAHN/EbZ1y06wwgP+watKGid4b1+awqkvhgCkB9d
JCFVXdxagJcXSEabU9SqduKCotqBgeBPI6PFhUpI36aLM8CiqCj4UmXd9eCbegEs
v+WVcJqeUyKLE1Gqs7TjxWH48bAI3WHaVhjIqg5aVsTCb9EjNiyxDBCKK8HJ0p8F
6G3NVzjk6kRWYMmLCQT6KvAVt9E5duuKILcHed14udZwUJhA5PUNGNoYs/+cUB9V
IkGBS+6YoRprNjZl27jLQ/P8bUvKSvsBqfYGa+oBltPAbn9TtAGUHkneaa+36g8U
6YH8zMEuHBJbWjER9DuZKx3Gajue2AOT7fn5KeTkw+eU8q2zf41WThUQzFJG8Q52
QXteEUjcEY1/Fa7dSP6j7KPcWOWRDriZIB3u0q7qK5LUEN+GTpSqJF3qFxtQ5ViK
6zT/4N4nfMtlwRZ6xz7TV6rFAr4DJ3ErtzCZKCjQL+OssKFg5J9+YyiOxagS11E6
g3pnPR39jyjCuR80SCO+pGorKcPEuiHKc3tYV+amYGSWDtojmwJSVEaQpfPm4CjZ
DoEnS4L8tlPF/BC6f2AmD/GZ3e8K+/xUOoAy1uxsRaEKAF6mwp38pJ1qaBS08N5n
hSpSrqaWw43lN3gF1vrsqsZZov0ms2782agnwVvQMsEywru9paZkA+L+OUvwqpQU
86ip7mUEA2OrdMVRlLDb
=8fqz
-----END PGP SIGNATURE-----
Vít Šesták
Dec 9, 2015, 4:58:06 PM12/9/15
to qubes-users
Works for me on 3.0. I've upgraded from fedora-21-minimal to F23 and I can't see such problems.
a. Do you use the template for NetVM?
b. Have you tried to reboot the computer, or at least some part? I sometimes have to restart the Qubes update proxy in order to get rid of slow downloads and some error messages.
Regards,
Vít Šesták 'v6ak'
a. Do you use the template for NetVM?
b. Have you tried to reboot the computer, or at least some part? I sometimes have to restart the Qubes update proxy in order to get rid of slow downloads and some error messages.
Regards,
Vít Šesták 'v6ak'
Jeremy Rand
Dec 9, 2015, 5:12:39 PM12/9/15
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On 12/09/2015 03:58 PM, Vít Šesták wrote:
> Works for me on 3.0. I've upgraded from fedora-21-minimal to F23
> and I can't see such problems.
I'm on 3.0 as well, although using the full Fedora template rather
> Works for me on 3.0. I've upgraded from fedora-21-minimal to F23
> and I can't see such problems.
than minimal.
> a. Do you use the template for NetVM?
recreate those two VM's; I only changed their base template to the
Fedora 23 template.
> b. Have you tried to reboot the computer, or at least some part? I
> sometimes have to restart the Qubes update proxy in order to get
> rid of slow downloads and some error messages.
Anyway, I was able to resolve the issue by using Whonix Gateway as my
NetVM for the Fedora 23 tempate. This is probably a little bit better
for security anyway.
Cheers,
- -Jeremy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWaKdFAAoJEAHN/EbZ1y06rqkP/2HBNi8m9ViaXvhvYnp8Hs+g
Version: GnuPG v2
EmMUc30dE2DkHHeS6sR/U1fAZp5B8W2gHMP4WBqLM1e3ufrywERfFZYL/wwhG1LV
+EhH360CgyVXXrLngCQrJ09zthwWX5RBzzQ4AbTLqmKq5SOSI824HSmE067LdLgJ
YvTapppP8AeVH3p1d7eloa5KxBQE8clGDgwXGe4pg4QnpHDCry2VM7/dAQ0b4BMu
N+ATtkZazbESSXOFlr9O3BSubaDIAZGNry+BRGuJip6W+w7TLTHDrMK/u5UevCMI
k5WNGs+ZbCnLZFdPGh4URd2LPdMO7R53hoh6vKUQNYSx32P4Vlt9kRsPTbYSY+HC
lThRbn2r5gJARgHQeiKzUQx5WusuL0qxPZ1V2vv1upLWO3nArowSUHviTmjNmNEH
MmPCuEjtUQd7Suo2Jpgzs2STGrB+alkzilU7tgaiYFkcZnZU89XJtFs0yeltC44n
0/ErGNKhhmJFSK0fS19d2lt9hdmqSQi1eEcGPa4UTsZwRpCUJB6vzQUIDEdoJwAC
Zu/8xxM6vBqZi/mirnYDnYnfS4gD7rPL/PK0uIYAxn+J9r2+LbfQHnt5EGbUUo5e
Z5q3ymIsjOd/DwAoPcbXhBvAZNOez9n3PwdVkE0EHMTdjPkEO3ts2hG5peRmWap2
Fv2kvQWMqFEBzQlm4kao
=LMNG
-----END PGP SIGNATURE-----
Tim W
Dec 9, 2015, 7:28:30 PM12/9/15
to qubes-users
Sorry for the top post but my kobile firfox browser does not seem to have a config to allow anything else.
Are you using the actual dnf update vs yum-deprecated cmd? I was not aware dnf cmd was working properly in 3.0 at least as of a week or two ago? Has this changed?
Jeremy Rand
Dec 9, 2015, 8:00:34 PM12/9/15
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On 12/09/2015 06:28 PM, Tim W wrote:
> Sorry for the top post but my kobile firfox browser does not seem
> to have a config to allow anything else.
As long as you apologize for it, it's totally fine. :)
> Sorry for the top post but my kobile firfox browser does not seem
> to have a config to allow anything else.
> Are you using the actual dnf update vs yum-deprecated cmd? I was
> not aware dnf cmd was working properly in 3.0 at least as of a
> week or two ago? Has this changed?
Gateway as the NetVM. A few times, it used a couple cores of CPU for
15-20 seconds, with no obvious indication why. Other than that, I
haven't seen any issues (yet). Which issues are other people
experiencing?
- -Jeremy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
03RyZoGnMBy5XKgQLHDJKRD/tEJyaA/jW7a/1lmmhs+1RJtfvEXhSGDqU51yzs/U
T69fhSlovUAGMvH9cAhtsZ7zUi8O+YFkXThOvi+l9yRyYyp9E/3IJdTqqdUsFz7b
Kt1oNw7g0jJjgY1Fmpllxmw1Yw33uy5hVmBIW1n82sYk2b1Mk2Phe1nVvQWzMJiM
KwHMogrOWYC1PRBcdqSEP0hwCZVHvt6WMxNFUqmJz28+6jJlKPs5A4OK9oLM8fij
VjgW8NQoQY3QUm0XOyjIqo8GsTYlaxmBcdvUlv9VUwgFG40QArOQUy8wjQeJHlW8
U8sCYJQGi9U/XqsEZ+Gq5/naz5BlaJkONT5TWS0wlng1RiM83h15xVLuG9ncwGRf
nnZchw6tsJqIfYhun8iKRUvNtCvvZzTbtMb2dCcV2JCfbRZURHb2juD/toLkHZgc
USL5iofyGGl+gS21R5RqeoZYdSlYuf/f5163Y107A7QjRMRgEqXvswvViCOgBL8A
mmt3AatFXM7LBPPR+uuaoUh5AfQ6gF6vDMeB2VTF/WaVAF4fCMcy0NwBmxB2DdzZ
sMAt4tJCUrmBrgNUykHWl6/2ptpJOcGAjUr8zUEZiL7KqpcB/C480bDncL7wMRld
O1YWu6PNaPs/DevpYNTo
=f6Ju
-----END PGP SIGNATURE-----
Tim W
Dec 9, 2015, 10:02:00 PM12/9/15
to qubes-users
Back on my laptop now.
I had it fail to update on a few occasions. I can not check what the specific issues were right now. They were on my Qubes OS laptop which I am still working to get 3.1 rc1 installed. The issue with the default username and password you set for the screen lock during install seems to prevent the final qubes config from running as its hard coded to only accept username 'user' ( the default) to work. Had another issue as well but regardless I do recall a couple issues with DNF and Marek told me to use yum-deprecated until they got all the bugs worked out. But again this was a few weeks ago. I never tried it again and have been using yum-depr ever since hence my question of it is working. Which is good news.
Once I get 3.1 loaded I am interested to see if DNF is being used in dom0 or if its still yum-dep as it is in 3.0
Reply all
Reply to author
Forward
0 new messages