-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use (ftp.gnu.org) as fallback of (ftpmirror.gnu.org), as the second might fail due to unsafe crypto #23281
Conversation
With the departure towards OpenSSL some mirrors are still using old unsafe renegotiation, and that's preventing from building this recipe. I have noticed the mirror here about the issue, but from the time being it's just better to use the non mirrored FTP. autoconf/2.71: ERROR: Error downloading file https://ftpmirror.gnu.org/autoconf/autoconf-2.71.tar.xz: 'HTTPSConnectionPool(host='ftp.rediris.es', port=443): Max retries exceeded with url: /mirror/GNU/autoconf/autoconf-2.71.tar.xz (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1006)')))' ERROR: autoconf/2.71: Error in source() method, line 51 get(self, **self.conan_data["sources"][self.version], strip_root=True) ConanException: Error downloading file https://ftpmirror.gnu.org/autoconf/autoconf-2.71.tar.xz: 'HTTPSConnectionPool(host='ftp.rediris.es', port=443): Max retries exceeded with url: /mirror/GNU/autoconf/autoconf-2.71.tar.xz (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1006)')))'
This comment has been minimized.
This comment has been minimized.
Shall I perform any extra action? Is it mandatory that I port this recipe for this change to be accepted? |
The recipe is already compatible, this was an issue as the CLA was not signed by the time the build started. I can relaunch it, however, I would advise to apply the changes as suggested by @valgur and list two URLs instead of just one. As reviewers this is a constant back and forth - some experience issues with https://www.gnu.org//server/mirror.html
Listing just one may work for you today, but not for others, or not in the future, so the fallback is probably sensible. On the other hand, if there an issue with the mirrors, especially on systems with new OpenSSL 3, I would advise reporting this issue to GNU directly - the closest contact information I can find related to mirrors is at webmasters@gnu.org. I think it's sensible that it should be pointed out that clients on newer OpenSSL, that some mirrors are not complying with https://www.rfc-editor.org/rfc/rfc5746.html - if this can be confirmed. |
Sorry, I thought the suggestion was already applied. Let me add it... And about reporting the issue to GNU, I have already done it. They replied that multiple mirrors have the issue. I guess it is on their side now. |
Co-authored-by: Martin Valgur <martin.valgur@gmail.com>
Co-authored-by: Martin Valgur <martin.valgur@gmail.com>
Suggestions applied: ready to merge 👍 |
This comment has been minimized.
This comment has been minimized.
1 similar comment
This comment has been minimized.
This comment has been minimized.
@conan-io/barbarians |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
@conan-io/barbarians This pull request seems ready to merge. |
Conan v1 pipeline ✔️All green in build 9 (
Conan v2 pipeline ✔️
All green in build 8 ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@RubenRBS 👌😉 |
…, as the second might fail due to unsafe crypto * Don't use ftpmirror.gnu.org, as it might fail With the departure towards OpenSSL some mirrors are still using old unsafe renegotiation, and that's preventing from building this recipe. I have noticed the mirror here about the issue, but from the time being it's just better to use the non mirrored FTP. autoconf/2.71: ERROR: Error downloading file https://ftpmirror.gnu.org/autoconf/autoconf-2.71.tar.xz: 'HTTPSConnectionPool(host='ftp.rediris.es', port=443): Max retries exceeded with url: /mirror/GNU/autoconf/autoconf-2.71.tar.xz (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1006)')))' ERROR: autoconf/2.71: Error in source() method, line 51 get(self, **self.conan_data["sources"][self.version], strip_root=True) ConanException: Error downloading file https://ftpmirror.gnu.org/autoconf/autoconf-2.71.tar.xz: 'HTTPSConnectionPool(host='ftp.rediris.es', port=443): Max retries exceeded with url: /mirror/GNU/autoconf/autoconf-2.71.tar.xz (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1006)')))' * autoconf/all/conandata.yml: fallback urls: v2.72 Co-authored-by: Martin Valgur <martin.valgur@gmail.com> * autoconf/all/conandata.yml: fallback urls: v2.71 Co-authored-by: Martin Valgur <martin.valgur@gmail.com> * autoconf: conandata.yml: Lint urls properly --------- Co-authored-by: Martin Valgur <martin.valgur@gmail.com>
With the departure towards OpenSSL 3 some mirrors are still using old unsafe renegotiation, and that's preventing from building this recipe.
I have noticed the mirror here about the issue, but for the time being it's just better to use the non mirrored FTP.
I will edit this back when I'm noticed it's fixed.
autoconf/2.71: ERROR: Error downloading file https://ftpmirror.gnu.org/autoconf/autoconf-2.71.tar.xz: 'HTTPSConnectionPool(host='ftp.rediris.es', port=443): Max retries exceeded with url: /mirror/GNU/autoconf/autoconf-2.71.tar.xz (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1006)')))' ERROR: autoconf/2.71: Error in source() method, line 51
get(self, **self.conan_data["sources"][self.version], strip_root=True)
ConanException: Error downloading file https://ftpmirror.gnu.org/autoconf/autoconf-2.71.tar.xz: 'HTTPSConnectionPool(host='ftp.rediris.es', port=443): Max retries exceeded with url: /mirror/GNU/autoconf/autoconf-2.71.tar.xz (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1006)')))'
Specify library name and version: lib/1.0