[zypp-devel] Serving repos via SSL
Hi, I am trying to register a repository that sits behind an https:// URL and requires authentication. zypper appears to automatically detect such URLs as services instead of repositories. The repository refresh fails because there is no repoindex.xml file to be served. Can plain repositories be provided via SSL or must I use RIS? -Scott -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Fri, Apr 30, 2010 at 04:45:31PM +0200, Scott Bahling wrote:
I am trying to register a repository that sits behind an https:// URL and requires authentication. zypper appears to automatically detect such URLs as services instead of repositories.
What's the zypper command you're using to register the repo? Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Friday 30 April 2010 16:55:53 Michael Schroeder wrote:
On Fri, Apr 30, 2010 at 04:45:31PM +0200, Scott Bahling wrote:
I am trying to register a repository that sits behind an https:// URL and requires authentication. zypper appears to automatically detect such URLs as services instead of repositories.
What's the zypper command you're using to register the repo?
If it was 'zypper ar', please open a bugreport and attach the zypp.log. -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Mon, 2010-05-03 at 12:09 +0200, Michael Andres wrote:
On Friday 30 April 2010 16:55:53 Michael Schroeder wrote:
On Fri, Apr 30, 2010 at 04:45:31PM +0200, Scott Bahling wrote:
I am trying to register a repository that sits behind an https:// URL and requires authentication. zypper appears to automatically detect such URLs as services instead of repositories.
What's the zypper command you're using to register the repo?
If it was 'zypper ar', please open a bugreport and attach the zypp.log.
I realize now that the problem is more fundamental. I am trying to register a repository on a server that uses iChain authentication. Is this possible with zypper? If yes, how/where is the login information registered?
From what I can tell, the standard https://user:password@server URI will not work.
-Scott -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On 05/03/2010 06:58 PM, Scott Bahling wrote:
On Mon, 2010-05-03 at 12:09 +0200, Michael Andres wrote:
On Friday 30 April 2010 16:55:53 Michael Schroeder wrote:
On Fri, Apr 30, 2010 at 04:45:31PM +0200, Scott Bahling wrote:
I am trying to register a repository that sits behind an https:// URL and requires authentication. zypper appears to automatically detect such URLs as services instead of repositories.
What's the zypper command you're using to register the repo?
If it was 'zypper ar', please open a bugreport and attach the zypp.log.
I realize now that the problem is more fundamental. I am trying to register a repository on a server that uses iChain authentication. Is this possible with zypper? If yes, how/where is the login information registered?
From what I can tell, the standard https://user:password@server URI will not work.
It should. If it doesn't, we need to take a look at it, and we need zypper.log. Since this is an http(s) problem, running zypper with ZYPP_MEDIA_CURL_DEBUG=2 could provide even more info: $ zypper ar https://user:password@server myrepo $ ZYPP_LOGFILE=zypper.log ZYPP_MEDIA_CURL_DEBUG=2 zypper ref myrepo and attach the log. Even though zypper now uses aria, curl is still used for some requests (e.g. to check whether the remote file exists), that's why the curl debug variable. -- cheers, jano Ján Kupec YaST team ---------------------------------------------------------(PGP)--- Key ID: 637EE901 Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901 ---------------------------------------------------------(IRC)--- Server: irc.freenode.net Nick: jniq Channels: #zypp #yast #suse #susecz ---------------------------------------------------------(EOF)---
On Tue, 2010-05-04 at 10:54 +0200, Jano Kupec wrote:
On 05/03/2010 06:58 PM, Scott Bahling wrote:
On Mon, 2010-05-03 at 12:09 +0200, Michael Andres wrote:
On Friday 30 April 2010 16:55:53 Michael Schroeder wrote:
On Fri, Apr 30, 2010 at 04:45:31PM +0200, Scott Bahling wrote:
I am trying to register a repository that sits behind an https:// URL and requires authentication. zypper appears to automatically detect such URLs as services instead of repositories.
What's the zypper command you're using to register the repo?
If it was 'zypper ar', please open a bugreport and attach the zypp.log.
I realize now that the problem is more fundamental. I am trying to register a repository on a server that uses iChain authentication. Is this possible with zypper? If yes, how/where is the login information registered?
From what I can tell, the standard https://user:password@server URI will not work.
It should. If it doesn't, we need to take a look at it, and we need zypper.log. Since this is an http(s) problem, running zypper with ZYPP_MEDIA_CURL_DEBUG=2 could provide even more info:
$ zypper ar https://user:password@server myrepo $ ZYPP_LOGFILE=zypper.log ZYPP_MEDIA_CURL_DEBUG=2 zypper ref myrepo
and attach the log. Even though zypper now uses aria, curl is still used for some requests (e.g. to check whether the remote file exists), that's why the curl debug variable.
I opened bug 602355 and added logs. -Scott -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Tuesday 04 May 2010 14:14:35 Scott Bahling wrote:
and attach the log. Even though zypper now uses aria, curl is still used for some requests (e.g. to check whether the remote file exists), that's why the curl debug variable.
I opened bug 602355 and added logs.
I suppose ZYPP_ARIA2C=0 zypper ref myrepo works. -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Tue, 2010-05-04 at 16:07 +0200, Michael Andres wrote:
On Tuesday 04 May 2010 14:14:35 Scott Bahling wrote:
and attach the log. Even though zypper now uses aria, curl is still used for some requests (e.g. to check whether the remote file exists), that's why the curl debug variable.
I opened bug 602355 and added logs.
I suppose ZYPP_ARIA2C=0 zypper ref myrepo works.
Fails in a different way. It fails checking the repomd.xml.key, but I have a suspicion that what it downloaded was not the key file because the sha1 key and file size don't match. Is there a way to run zypper and not have it cleanup the tmp directories? -Scott -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Tuesday 04 May 2010 18:01:47 Scott Bahling wrote:
On Tue, 2010-05-04 at 16:07 +0200, Michael Andres wrote:
On Tuesday 04 May 2010 14:14:35 Scott Bahling wrote:
and attach the log. Even though zypper now uses aria, curl is still used for some requests (e.g. to check whether the remote file exists), that's why the curl debug variable.
I opened bug 602355 and added logs.
I suppose ZYPP_ARIA2C=0 zypper ref myrepo works.
Fails in a different way. It fails checking the repomd.xml.key, but I have a suspicion that what it downloaded was not the key file because the sha1 key and file size don't match. Is there a way to run zypper and not have it cleanup the tmp directories?
To me it looks like being a server side problem. Trying to access repomd.xml, I get a redirect to https://build.novell.com/ICSLogin, but libzypp won't be able to fill out the form. I would expect a 401 authentication required instead.
HEAD /.../repodata/repomd.xml HTTP/1.1 User-Agent: ZYpp 7.5.0 (curl 7.19.6) openSUSE-11.2-i586 Host: build.novell.com Accept: */* X-ZYpp-AnonymousId: 38bed85e-6209-11dd-baba-00a0d22f6cc7 X-ZYpp-DistributionFlavor: ftp
< HTTP/1.1 302 Found < Content-Type: text/html; charset=utf-8 < Content-Length: 128 < Pragma: no-cache < Location: https://build.novell.com/ICSLogin/?"https://build.novell.com/.../repodata/repomd.xml -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Wed, May 05, 2010 at 12:26:48PM +0200, Michael Andres wrote:
On Tuesday 04 May 2010 18:01:47 Scott Bahling wrote:
On Tue, 2010-05-04 at 16:07 +0200, Michael Andres wrote:
On Tuesday 04 May 2010 14:14:35 Scott Bahling wrote:
and attach the log. Even though zypper now uses aria, curl is still used for some requests (e.g. to check whether the remote file exists), that's why the curl debug variable.
I opened bug 602355 and added logs.
I suppose ZYPP_ARIA2C=0 zypper ref myrepo works.
Fails in a different way. It fails checking the repomd.xml.key, but I have a suspicion that what it downloaded was not the key file because the sha1 key and file size don't match. Is there a way to run zypper and not have it cleanup the tmp directories?
To me it looks like being a server side problem. Trying to access repomd.xml, I get a redirect to https://build.novell.com/ICSLogin, but libzypp won't be able to fill out the form. I would expect a 401 authentication required instead.
In that case it's an iChain setup problem. It has be be set up for BasicAuthentication, so that it doesn't show a login page. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
participants (4)
-
Jano Kupec -
Michael Andres -
Michael Schroeder -
Scott Bahling