even 15.3 comes with ancient aria2, downloading leap isos via metalink files throws TLS errors and weird stuff
hello list, even a current 15.3 apparently comes with ancient aria2 stuff, i tried to fetch some leap isos, 15.2 and 15.3 just recently and the aria2 instlled for this 15.3 ------------- aria2c -v aria2 version 1.33.1 Copyright (C) 2006, 2017 Tatsuhiro Tsujikawa This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. ** Configuration ** Enabled Features: Async DNS, BitTorrent, Firefox3 Cookie, GZip, HTTPS, Message Digest, Metalink, XML-RPC, SFTP Hash Algorithms: sha-1, sha-224, sha-256, sha-384, sha-512, md5, adler32 Libraries: zlib/1.2.11 libxml2/2.9.7 sqlite3/3.28.0 GnuTLS/3.6.7 nettle GMP/6.1.2 c-ares/1.17.0 libssh2/1.9.0 Compiler: gcc 7.5.0 built by x86_64-suse-linux-gnu on Jan 9 2019 13:47 System: Linux 5.3.18-59.16-default #1 SMP Thu Jul 15 11:28:57 UTC 2021 (0b62bdb) x86_64 Report bugs to https://github.com/aria2/aria2/issues Visit https://aria2.github.io/ ------------- throws tons of errors when (probably?) hitting mirrors on the maybe new or different mirrorcache infrastructure instead of the mirrorbrain infrastructure and there speaking about unknown TLS and maybe compromise of servers and downloads and what not. I suppose or can only guess this maybe has got to do with recent TLS 1.3 on select mirror servers or something? then i went into research aria2 version and turns out TLS 1.3 has been added like 2019 and the leap 15.3 aria version 1.33 is like ancient or so? This aria2 release being from 2017! why are we not even getting the latest, that still being from 2019? <https://github.com/aria2/aria2> why? :(
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2021-08-03 a las 23:49 +0200, cagsm escribió:
hello list,
even a current 15.3 apparently comes with ancient aria2 stuff, i tried to fetch some leap isos, 15.2 and 15.3 just recently and the aria2 instlled for this 15.3
------------- aria2c -v aria2 version 1.33.1 ... -------------
throws tons of errors when (probably?) hitting mirrors on the maybe new or different mirrorcache infrastructure instead of the mirrorbrain infrastructure and there speaking about unknown TLS and maybe compromise of servers and downloads and what not. I suppose or can only guess this maybe has got to do with recent TLS 1.3 on select mirror servers or something?
You are right, I can not download the 15.3 iso in 15.2 with aria2c as I did in the past: cer@minas-tirith:~> aria2c -V https://download.opensuse.org/distribution/leap/15.3/iso/openSUSE-Leap-15.3-... 08/04 00:28:27 [NOTICE] Downloading 1 item(s) 08/04 00:28:27 [WARN] aria2c had to connect to the other side using an unknown TLS protocol. The integrity and confidentiality of the connection might be compromised. Peer: download.opensuse.org (195.135.221.134:443) 08/04 00:28:27 [NOTICE] CUID#7 - Redirecting to https://mirrorcache.opensuse.org/distribution/leap/15.3/iso/openSUSE-Leap-15... 08/04 00:28:27 [WARN] aria2c had to connect to the other side using an unknown TLS protocol. The integrity and confidentiality of the connection might be compromised. Peer: mirrorcache.opensuse.org (195.135.221.140:443) 08/04 00:28:27 [NOTICE] CUID#7 - Redirecting to https://mirrorcache-eu.opensuse.org/distribution/leap/15.3/iso/openSUSE-Leap... [#95c8e1 0B/0B CN:1 DL:0B] 08/04 00:28:28 [NOTICE] Download complete: /home/cer/openSUSE-Leap-15.3-NET-x86_64-Current.iso Download Results: gid |stat|avg speed |path/URI ======+====+===========+======================================================= 95c8e1|OK | 2.5MiB/s|/home/cer/openSUSE-Leap-15.3-NET-x86_64-Current.iso Status Legend: (OK):download completed. cer@minas-tirith:~> l openSUSE-Leap-15.3-NET-x86_64-Current.iso - -rw-r--r-- 1 cer users 2668 Aug 4 00:28 openSUSE-Leap-15.3-NET-x86_64-Current.iso cer@minas-tirith:~>
then i went into research aria2 version and turns out TLS 1.3 has been added like 2019 and the leap 15.3 aria version 1.33 is like ancient or so? This aria2 release being from 2017! why are we not even getting the latest, that still being from 2019?
<https://github.com/aria2/aria2>
why? :(
Report in Bugzilla. - -- Cheers Carlos E. R. (from openSUSE Leap 15.2 x86_64 (Minas Tirith)) -----BEGIN PGP SIGNATURE----- iJIEAREIADoWIQQt/vKEw5659AgM/X2NrxRtxRYzXAUCYQnEeRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJEI2vFG3FFjNcT8AA/iE5PQwlVveL/WCYm55P 4bWh8e1JYThZyyjAiRsb4xi5AP9eg9zVC0X1O4/0SBXUXXU6zl60ndd065Oxd4Iw J64KaQ== =Lqxk -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2021-08-04 a las 00:34 +0200, Carlos E. R. escribió:
El 2021-08-03 a las 23:49 +0200, cagsm escribió:
hello list,
even a current 15.3 apparently comes with ancient aria2 stuff, i tried to fetch some leap isos, 15.2 and 15.3 just recently and the aria2 instlled for this 15.3
------------- aria2c -v aria2 version 1.33.1 ... -------------
throws tons of errors when (probably?) hitting mirrors on the maybe new or different mirrorcache infrastructure instead of the mirrorbrain infrastructure and there speaking about unknown TLS and maybe compromise of servers and downloads and what not. I suppose or can only guess this maybe has got to do with recent TLS 1.3 on select mirror servers or something?
You are right, I can not download the 15.3 iso in 15.2 with aria2c as I did in the past:
cer@minas-tirith:~> aria2c -V https://download.opensuse.org/distribution/leap/15.3/iso/openSUSE-Leap-15.3-...
...
Download Results: gid |stat|avg speed |path/URI gid |stat|avg speed |path/URI ======+====+===========+======================================================= 95c8e1|OK | 2.5MiB/s|/home/cer/openSUSE-Leap-15.3-NET-x86_64-Current.iso
Status Legend: (OK):download completed. cer@minas-tirith:~> l openSUSE-Leap-15.3-NET-x86_64-Current.iso -rw-r--r-- 1 cer users 2668 Aug 4 00:28 openSUSE-Leap-15.3-NET-x86_64-Current.iso cer@minas-tirith:~>
then i went into research aria2 version and turns out TLS 1.3 has been added like 2019 and the leap 15.3 aria version 1.33 is like ancient or so? This aria2 release being from 2017! why are we not even getting the latest, that still being from 2019?
<https://github.com/aria2/aria2>
why? :(
Report in Bugzilla.
I downloaded version 1.33.1 from the network:utilities repo, but it has the same problem. It complains and finally downloads a 4 byte iso file. Then I noticed that the URL given is https. This is wrong, we have to use plain http: then it works: cer@minas-tirith:~> aria2c -V http://download.opensuse.org/distribution/leap/15.3/iso/openSUSE-Leap-15.3-N... 08/04 12:43:15 [NOTICE] Downloading 1 item(s) 08/04 12:43:15 [NOTICE] Download complete: /home/cer/openSUSE-Leap-15.3-NET-x86_64.iso.meta4 08/04 12:43:15 [ERROR] Checksum error detected. file=/home/cer/openSUSE-Leap-15.3-NET-x86_64.iso 08/04 12:43:15 [NOTICE] Allocating disk space. Use --file-allocation=none to disable it. See --file-allocation option in man page for more details. 08/04 12:43:16 [ERROR] CUID#11 - Download aborted. URI=http://opensuse.mirrors.proxad.net/opensuse/distribution/leap/15.3/iso/openS... Exception: [AbstractCommand.cc:351] errorCode=8 URI=http://opensuse.mirrors.proxad.net/opensuse/distribution/leap/15.3/iso/openS... -> [HttpResponse.cc:86] errorCode=8 Invalid range header. Request: 76546048-114819071/153092096, Response: 0-153092095/153092096 *** Download Progress Summary as of Wed Aug 4 12:44:16 2021 *** ==================================================================================================================================== [#cccbca 103MiB/146MiB(70%) CN:4 DL:1.7MiB ETA:23s] FILE: /home/cer/openSUSE-Leap-15.3-NET-x86_64.iso - ------------------------------------------------------------------------------------------------------------------------------------ [#cccbca 144MiB/146MiB(99%) CN:1 DL:1.6MiB] 08/04 12:44:43 [NOTICE] Download complete: /home/cer/openSUSE-Leap-15.3-NET-x86_64.iso Download Results: gid |stat|avg speed |path/URI ======+====+===========+======================================================= 715cc6|OK | 274KiB/s|/home/cer/openSUSE-Leap-15.3-NET-x86_64.iso.meta4 cccbca|OK | 1.6MiB/s|/home/cer/openSUSE-Leap-15.3-NET-x86_64.iso Status Legend: (OK):download completed. cer@minas-tirith:~> cer@minas-tirith:~> l -h openSUSE-Leap-15.3-NET-x86_64.iso* - -rw-r--r-- 1 cer users 146M Aug 4 12:44 openSUSE-Leap-15.3-NET-x86_64.iso - -rw-r--r-- 1 cer users 51K Aug 4 12:43 openSUSE-Leap-15.3-NET-x86_64.iso.meta4 cer@minas-tirith:~> - -- Cheers Carlos E. R. (from openSUSE Leap 15.2 x86_64 (Minas Tirith)) -----BEGIN PGP SIGNATURE----- iJIEAREIADoWIQQt/vKEw5659AgM/X2NrxRtxRYzXAUCYQpzgBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJEI2vFG3FFjNc4jMBAJpmf84YZvRcW47tTeKY 0Fp/xEq/3CJMkQ0CX06ki9GcAQCAiwuJ0CwpHOFagLJyAyVkQXYbRqinF4rEiv8k H4sXfg== =ViyH -----END PGP SIGNATURE-----
On Tue, Aug 3, 2021 at 11:49 PM cagsm <cumandgets0mem00f@gmail.com> wrote:
even a current 15.3 apparently comes with ancient aria2 stuff, i tried to fetch some leap isos, 15.2 and 15.3 just recently and the aria2 instlled for this 15.3 aria2c -v aria2 version 1.33.1 Copyright (C) 2006, 2017 Tatsuhiro Tsujikawa throws tons of errors when (probably?) hitting mirrors on the maybe new or different mirrorcache infrastructure instead of the mirrorbrain infrastructure and there speaking about unknown TLS and maybe compromise of servers and downloads and what not. I suppose or can only guess this maybe has got to do with recent TLS 1.3 on select mirror servers or something? then i went into research aria2 version and turns out TLS 1.3 has been added like 2019 and the leap 15.3 aria version 1.33 is like ancient or so? This aria2 release being from 2017! why are we not even getting the latest, that still being from 2019?
found some discussion about TLS 1.3 being the problem over at stackexchange and the like <https://unix.stackexchange.com/questions/502763/aria2c-had-to-connect-to-the-other-side-using-an-unknown-tls-protocol-why> dont have bugzilla accounts and acces, can anyone please bugreport this and include latest aria2 in suse leap? ty.
On 04/08/2021 15.29, cagsm wrote:
On Tue, Aug 3, 2021 at 11:49 PM cagsm <> wrote:
...
found some discussion about TLS 1.3 being the problem over at stackexchange and the like <https://unix.stackexchange.com/questions/502763/aria2c-had-to-connect-to-the-other-side-using-an-unknown-tls-protocol-why>
dont have bugzilla accounts and acces, can anyone please bugreport this and include latest aria2 in suse leap? ty.
Done, Bug 1189107, against leap 15.2. I can not report against 15.3 -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
participants (2)
-
cagsm -
Carlos E. R.