Setup 2.917 fails to load mirror list
Jon Turney
jon.turney@dronecode.org.uk
Thu Feb 10 13:54:01 GMT 2022
> Le mer. 9 févr. 2022 à 12:11, Jon Turney a
> écrit :
>
>> On 08/02/2022 18:09, Vanda Vodkamilkevich wrote:
>>> Hi,
>>> When behind a (corporate) proxy the mirror list is apparently fetched
>>> without using the proxy configuration. This can only be seen in a fresh
>>> install, I tried with 2.908 and it worked then the new version can use
>> the
>>
>> Only appearing on a fresh install makes sense, as a failure to fetch the
>> mirror list is silent is we have a cached mirror list data.
>>
>>> cached file...
>>> I'll try to add the logs provided by '-v' but it's complicated to get
>> them
>>> out of my corporate network.
>>> I can't debug more precisely as I have to reinstall my complete cygwin
>> tree
>>> before :-(
>>
>> This is puzzling, since I don't see any changes which could cause this.
>>
On 09/02/2022 15:35, Vanda Vodkamilkevich wrote:
> If it helps, the output log when I saw the issues with setup
> ########### Try to download with proxy set
[...]
> Cached mirror list unavailable
[...]
> HTTP status 403 fetching https://cygwin.com/mirrors.lst
> ########### Using 2.908 version: it works
[...]
> Cached mirror list unavailable
[...]
> Fetched URL: http://cygwin.com/mirrors.lst
> ########### Rerun with new version
[...]
> Loaded cached mirror list
[...]> connection error: 12057 fetching https://cygwin.com/mirrors.lst
> Using cached mirror list
The significant change seems to be we now fetch the mirror list using
https (since 2.892, but since you are using a self-built setup with
local changes, you don't seem to have picked that up until now)
12057 is ERROR_INTERNET_SEC_CERT_REV_FAILED, which leads down quite a
rabbit hole, but apparently this means something like 'certificate
validity isn't checked in the process using wininet, but in a service,
which doesn't have access to the proxy credentials we are using, so
fails trying to fetch any CRL'.
You don't mention that your proxy actually needs any credentials.
Why we get a different error code the second time is mysterious.
How we can then go on to successfully fetch from a https:// mirror if it
presents a CRL doesn't make a lot of sense.
I'm baffled.
More information about the Cygwin
mailing list