11900 – Pakfire HTTP-Status-Code: 500 CoreUpdate 121 - 123

Bug 11900 - Pakfire HTTP-Status-Code: 500 CoreUpdate 121 - 123

Summary: Pakfire HTTP-Status-Code: 500 CoreUpdate 121 - 123

Status:	CLOSED ERRATA

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	all All

Importance:	Will affect all users Crash
Assignee:	Peter Müller
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-10-05 10:05 UTC by 5p9
Modified:	2020-04-11 08:33 UTC (History)
CC List:	3 users (show)

See Also:	12357

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 5p9 2018-10-05 10:05:48 UTC

I wanted to upgrade my current version to the 123, because it offered me the WUI.
However, I can't get from the half state to the 123s.

The following he tells me at pakfire update: 
####=====================================####
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD INFO: File received. Start checking signature...
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD INFO: Signature of meta-core-upgrade-122 is fine.
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD FINISHED: ipfire/pakfire2/2.21/meta/meta-core-upgrade-122
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD STARTED: paks/core-upgrade-2.21-122.ipfire
Oct  3 14:19:00 ipfw pakfire: MIRROR INFO: 32 servers found in list
Oct  3 14:19:00 ipfw pakfire: PING INFO: mirror.lightningwirelabs.com is alive
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD INFO: Host: mirror.lightningwirelabs.com (HTTPS) - File: pub/ipfire/pakfire2/2.21/paks/core-upgrade-2.21-122.ipfire
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD INFO: pub/ipfire/pakfire2/2.21/paks/core-upgrade-2.21-122.ipfire has size of  bytes
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
Oct  3 14:19:00 ipfw pakfire: Giving up: There was no chance to get the file paks/core-upgrade-2.21-122.ipfire from any available server. There was an error on the way. Please fix it.
Oct  3 14:19:00 ipfw pakfire: DOWNLOAD STARTED: meta/meta-core-upgrade-123
Oct  3 14:19:00 ipfw pakfire: MIRROR INFO: 32 servers found in list
Oct  3 14:19:01 ipfw pakfire: PING INFO: mirror.espoch.edu.ec is alive
Oct  3 14:19:01 ipfw pakfire: DOWNLOAD INFO: Host: mirror.espoch.edu.ec (HTTPS) - File: ipfire/pakfire2/2.21/meta/meta-core-upgrade-123
Oct  3 14:19:01 ipfw pakfire: DOWNLOAD INFO: ipfire/pakfire2/2.21/meta/meta-core-upgrade-123 has size of  bytes
Oct  3 14:19:01 ipfw pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
Oct  3 14:19:01 ipfw pakfire: Giving up: There was no chance to get the file meta/meta-core-upgrade-123 from any available server. There was an error on the way. Please fix it.
Oct  3 14:19:01 ipfw pakfire: No filename given in meta-file.
####=====================================####

Manually via terminal - on at --force seen:
####=====================================####
pakfire update
Giving up: There was no chance to get the file "counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879" from any available server.
There was an error on the way. Please fix it.

Giving up: There was no chance to get the file "2.21/lists/server-list.db" from any available server.
There was an error on the way. Please fix it.

Giving up: There was no chance to get the file "lists/packages_list.db" from any available server.
There was an error on the way. Please fix it.

Giving up: There was no chance to get the file "lists/core-list.db" from any available server.
There was an error on the way. Please fix it.
####=====================================####


fileinformation /opt/pakfire/db/meta:
####=====================================####
-rw-r--r-- 1 root root  964 Oct  3 14:19 meta-core-upgrade-122

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Name: core-upgrade
ProgVersion: 2.21
Release: 122
Size: 50360320
Dependencies:
File: core-upgrade-2.21-122.ipfire
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJbUe/HAAoJEG/veo7XE1lLSCwP/iv8IiSih4/3RG1lkmQ13TcN
y6vR1z78Y1r9Recw8EkNP6ZcviAAXmCxn6wiMbhmmpdo2Q7N/JdqknSxkqSc+9tr
VK86HqwOoEEigr2FaqzD2jEgGQhUzSsimztVevxDB1hVJi9kMBcY8EtvrzsW7rxe
1opYqa72/zBmrYkheyJh6aGfjiLCpAEVkQiyuoiRqYRxOnel/PuhnPlqpUpRc+SE
qe1xQAcQjLNRApdgSNJ2FvgnTJ0A+HHb0r0FklhqG341TjSs0kVVJYr6PQ2B32fo
EK6Y/7ui7suyNwpD4KKgVgyh/sebeYoNdiBY/3Cux7OV+kab0AtCTKrM+0dY/nwg
M+qW8QW3sFV8u5kvcA+rLSe/1LKxrRkEuhmnH1GAwAX7b30IMV5+eQBR9Fms5ZGf
2pIgLIuuNbFIymONHeTO686z6B5u1jd19PtBpR052biLVA4NBQKzNwkF+HDfVazn
RpWVW0PcB5DSmKSjdto3ppxVMnHEc7eCUsvogxuAZUlZW/V7Dp3EpGVDUW6m/v1U
b4ZYS/gUiBHD0YK8V/DULDL13Z3Oo/wlK4dgvDt7Q3lqcshu6ltON9zeX0Ac1WQe
r8yLoY6KvoquDWcPJ+gQ1HbEwXfRaF/MWxNrf4D5OWHlv8SZIHdJSm6UVGMuuD7s
yYlXm/AkA4ss1vpJec9G
=2NYS
-----END PGP SIGNATURE-----
####=====================================####

The 123's empty: 
####=====================================####
-rw-r--r-- 1 root root    0 Oct  3 14:19 meta-core-upgrade-123
####=====================================####

Also DNS changes to currently 8.8.8.8 as well as 1.1.1.1 or 81.3.27.54 (Lightning Wire Labs) did not bring any changes including restarts of unbound.

Ping works - already stored in /etc/hosts for tests:
####=====================================####
ping pakfire.ipfire.org
PING fw01.ipfire.org (81.3.27.38) 56(84) bytes of data.
64 bytes from 81.3.27.38 (81.3.27.38): icmp_seq=1 ttl=54 time=30.4 ms
64 bytes from 81.3.27.38 (81.3.27.38): icmp_seq=2 ttl=54 time=30.0 ms
64 bytes from 81.3.27.38 (81.3.27.38): icmp_seq=3 ttl=54 time=30.6 ms
####=====================================####

even a "rm meta-core-upgrade-123" with update afterwards didn't bring anything.

####=====================================####
root@ipfw(/opt/pakfire/db/meta):pakfire update
Giving up: There was no chance to get the file "counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879" from any available server.
There was an error on the way. Please fix it.

Giving up: There was no chance to get the file "2.21/lists/server-list.db" from any available server.
There was an error on the way. Please fix it.
packages_list.db     100.00% |=============================>|    4.31 KB

Giving up: There was no chance to get the file "lists/core-list.db" from any available server.
There was an error on the way. Please fix it.
####=====================================####

Version in mine:
####=====================================####
/opt/pakfire/db/core):less mine 121
####=====================================####
What more could I test or do to make it work? 

BR, Thomas

Comment 1 Michael Tremer 2018-10-05 14:12:11 UTC

Is the time set correctly on the system?

Does a simple "wget -O - https://www.ipfire.org" show you the HTML page?

Comment 2 5p9 2018-10-06 09:25:50 UTC

Hey Michael,

yes date and the HTML Welcome Site lookng good. I cant see any problems.

BR, Thomas

Comment 3 Peter Müller 2018-10-06 19:17:18 UTC

I also saw these log lines on a system tonight:

01:27:05 pakfire:  PAKFIRE INFO: Pakfire has finished. Closing.
01:27:05 pakfire:  DOWNLOAD FINISHED: pakfire2/2.21-x86_64/lists/core-list.db
01:27:05 pakfire:  DOWNLOAD INFO: Signature of core-list.db is fine.
01:27:05 pakfire:  DOWNLOAD INFO: File received. Start checking signature...
01:27:05 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
01:26:41 pakfire:  DOWNLOAD INFO: pakfire2/2.21-x86_64/lists/core-list.db has size of 871 bytes
01:26:28 pakfire:  PAKFIRE INFO: Pakfire has finished. Closing.
01:26:28 pakfire:  DOWNLOAD FINISHED: pakfire2/2.21-x86_64/lists/core-list.db
01:26:28 pakfire:  DOWNLOAD INFO: Signature of core-list.db is fine.
01:26:28 pakfire:  DOWNLOAD INFO: File received. Start checking signature...
01:26:28 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
01:26:28 pakfire:  DOWNLOAD INFO: pakfire2/2.21-x86_64/lists/core-list.db has size of 871 bytes
01:26:28 pakfire:  DOWNLOAD INFO: Logging in with: fw-[REDACTED] - [REDACTED]
01:26:28 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
01:26:28 pakfire:  DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.21-x86_64/lists/core-list.db
01:26:28 pakfire:  PING INFO: ipfire.earl-net.com is alive
01:26:28 pakfire:  MIRROR INFO: 27 servers found in list
01:26:28 pakfire:  DOWNLOAD STARTED: lists/core-list.db
01:26:28 pakfire:  CORE INFO: core-list.db is 79610 seconds old. - DEBUG: force
01:26:28 pakfire:  DB INFO: packages_list.db is 15 seconds old. - DEBUG: noforce
01:26:28 pakfire:  Giving up: There was no chance to get the file 2.21-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
01:26:28 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:80 (connect: Connection timed out)
01:26:13 pakfire:  DOWNLOAD INFO: Logging in with: fw-[REDACTED] - [REDACTED]
01:26:13 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
01:26:13 pakfire:  DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.21-x86_64/lists/core-list.db
01:26:13 pakfire:  PING INFO: mirror1.ipfire.org is alive
01:26:13 pakfire:  MIRROR INFO: 27 servers found in list
01:26:13 pakfire:  DOWNLOAD STARTED: lists/core-list.db
01:26:13 pakfire:  CORE INFO: core-list.db is 79595 seconds old. - DEBUG: force
01:26:13 pakfire:  DOWNLOAD FINISHED: pakfire2/2.21-x86_64/lists/packages_list.db
01:26:13 pakfire:  DOWNLOAD INFO: Signature of packages_list.db is fine.
01:26:13 pakfire:  DOWNLOAD INFO: File received. Start checking signature...
01:26:13 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
01:26:13 pakfire:  DOWNLOAD INFO: pakfire2/2.21-x86_64/lists/packages_list.db has size of 4387 bytes
01:26:13 pakfire:  DOWNLOAD INFO: Logging in with: fw-[REDACTED] - [REDACTED]
01:26:13 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
01:26:13 pakfire:  DOWNLOAD INFO: Host: mirror2.ipfire.org (HTTPS) - File: pakfire2/2.21-x86_64/lists/packages_list.db
01:26:13 pakfire:  PING INFO: mirror2.ipfire.org is alive
01:26:13 pakfire:  MIRROR INFO: 27 servers found in list
01:26:13 pakfire:  DOWNLOAD STARTED: lists/packages_list.db
01:26:13 pakfire:  DB INFO: packages_list.db is 79603 seconds old. - DEBUG: force
01:26:13 pakfire:  Giving up: There was no chance to get the file 2.21-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
01:26:13 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (connect: Connection timed out)
01:26:13 pakfire:  DOWNLOAD INFO: 2.21-x86_64/lists/server-list.db has size of  bytes
01:25:57 pakfire:  DOWNLOAD INFO: Logging in with: fw-[REDACTED] - [REDACTED]
01:25:57 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
01:25:57 pakfire:  DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.21-x86_64/lists/server-list.db
01:25:57 pakfire:  DOWNLOAD STARTED: 2.21-x86_64/lists/server-list.db
01:25:57 pakfire:  MIRROR INFO: server-list.db is 79594 seconds old. - DEBUG: force
01:25:49 pakfire:  DOWNLOAD INFO: 2.21-x86_64/lists/server-list.db has size of 2368 bytes
01:25:19 pakfire:  DOWNLOAD INFO: Logging in with: fw-[REDACTED] - [REDACTED]
01:25:19 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
01:25:19 pakfire:  DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.21-x86_64/lists/server-list.db
01:25:19 pakfire:  DOWNLOAD STARTED: 2.21-x86_64/lists/server-list.db
01:25:19 pakfire:  MIRROR INFO: server-list.db is 79556 seconds old. - DEBUG: force
01:25:19 pakfire:  PAKFIRE INFO: IPFire Pakfire 2.21-x86_64 started!
01:25:01 pakfire:  CRON INFO: Waiting for 56 seconds.
01:25:01 pakfire:  CRON INFO: Running an update
01:25:01 pakfire:  PAKFIRE INFO: IPFire Pakfire 2.21-x86_64 started!

However, a few hours later, everything works fine. Manual test done right now also result in correctly fetching the lists.

I have no idea what went wrong here.

@Michael: Thoughts on this? Thank you.

Comment 4 5p9 2018-10-08 08:17:00 UTC

Hi, nothing's changed with me and the same message comes up.

BR, Thomas

Comment 5 Peter Müller 2018-10-08 19:42:26 UTC

This seems to be a connectivity issue:

01:26:03 pakfire:  DB INFO: packages_list.db is 79588 seconds old. - DEBUG: force
01:26:03 pakfire:  Giving up: There was no chance to get the file 2.21-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
01:26:03 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:80 (connect: Connection timed out)
01:25:48 pakfire:  DOWNLOAD INFO: 2.21-x86_64/lists/server-list.db has size of 2368 bytes

It only happens occasionally on my systems and only ~ 01:00 CEST.
At ~ 03:15 CEST, everything works fine.

Comment 6 5p9 2018-10-08 20:13:03 UTC

The Same Problem top another Time. I cant find my actually problem where it is:

Oct 8 20:10:19 ipfw-pcomu pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
Oct 8 20:10:33 ipfw-pcomu pakfire: PAKFIRE INFO: IPFire Pakfire 2.21 started!
Oct 8 20:10:33 ipfw-pcomu pakfire: Sending my uuid: 96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 8 20:10:33 ipfw-pcomu pakfire: DOWNLOAD STARTED: counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 8 20:10:33 ipfw-pcomu pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 8 20:10:33 ipfw-pcomu pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
Oct 8 20:10:33 ipfw-pcomu pakfire: Giving up: There was no chance to get the file counter.py?ver=2.21
Oct 8 20:10:33 ipfw-pcomu pakfire: MIRROR INFO: server-list.db is 3529777 seconds old. - DEBUG: force
Oct 8 20:10:33 ipfw-pcomu pakfire: DOWNLOAD STARTED: 2.21/lists/server-list.db
Oct 8 20:10:33 ipfw-pcomu pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.21/lists/server-list.db

Comment 7 Michael Tremer 2018-10-09 13:06:35 UTC

Neither Arne not I can reproduce this. Any idea what could influence this? Do
you have any upstream proxies in use?

Comment 8 Peter Müller 2018-10-09 16:31:23 UTC

I have an upstream proxy (Squid 4.x) in use; since all other
traffic works well, it would surprise me if this caused the issue.

Systems NTP time is being monitored and does not show major skew.

Comment 9 Michael Tremer 2018-10-09 18:14:22 UTC

Could we investigate from where this HTTP response is coming? Don't think that
the web server here is doing that.

Comment 10 5p9 2018-10-14 18:07:30 UTC

I cant find thus Problem. What can i do to make the Update manually?
What meaning the systemlog with: 
Can't verify SSL peers without knowing which Certificate Authorities


Oct 14 22:39:01 ipfw-pcomu pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
Oct 14 22:39:01 ipfw-pcomu pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
Oct 14 22:39:01 ipfw-pcomu pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
Oct 14 22:39:53 ipfw-pcomu pakfire: PAKFIRE INFO: IPFire Pakfire 2.21 started!
Oct 14 22:39:53 ipfw-pcomu pakfire: Sending my uuid: 96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 14 22:39:53 ipfw-pcomu pakfire: DOWNLOAD STARTED: counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 14 22:39:53 ipfw-pcomu pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 14 22:39:54 ipfw-pcomu pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
Oct 14 22:39:54 ipfw-pcomu pakfire: Giving up: There was no chance to get the file counter.py?ver=2.21
Oct 14 22:39:54 ipfw-pcomu pakfire: MIRROR INFO: server-list.db is 4057138 seconds old. - DEBUG: force
Oct 14 22:39:54 ipfw-pcomu pakfire: DOWNLOAD STARTED: 2.21/lists/server-list.db
Oct 14 22:39:54 ipfw-pcomu pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.21/lists/server-list.db

Comment 11 Merome 2018-10-18 09:26:45 UTC

I have the exact same problem.
I described it on the forum : https://forum.ipfire.org/viewtopic.php?p=119648#p119648

Logs :
13:49:18	pakfire:	PAKFIRE INFO: IPFire Pakfire 2.21-x86_64 started!
13:49:18	pakfire:	Sending my uuid: e6d47317-174d-47f7-a382-0d98d2e64055
13:49:18	pakfire:	DOWNLOAD STARTED: counter.py?ver=2.21-x86_64&uuid=e6d47317-174d-47f7-a382-0d98d 2e64055
13:49:18	pakfire:	DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: counter.py?ver=2.21-x86_ 64&uuid=e6d47317-174d-47f7-a382-0d98d2e64055
13:49:18	pakfire:	DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowi ng which Certificate Authorities to trust
13:49:18	pakfire:	Giving up: There was no chance to get the file counter.py?ver=2.21-x86_64
13:49:18	pakfire:	MIRROR INFO: server-list.db is 4182165 seconds old. - DEBUG: force
13:49:18	pakfire:	DOWNLOAD STARTED: 2.21-x86_64/lists/server-list.db
13:49:18	pakfire:	DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.21-x86_64/lists/server -list.db
13:49:18	pakfire:	DOWNLOAD INFO: 2.21-x86_64/lists/server-list.db has size of bytes
13:49:18	pakfire:	DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowi ng which Certificate Authorities to trust
13:49:18	pakfire:	Giving up: There was no chance to get the file 2.21-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
13:49:18	pakfire:	DB INFO: packages_list.db is 35789 seconds old. - DEBUG: force
13:49:18	pakfire:	DOWNLOAD STARTED: lists/packages_list.db
13:49:18	pakfire:	MIRROR INFO: 32 servers found in list
13:49:19	pakfire:	PING INFO: mirror.onesystems.ch is alive
13:49:19	pakfire:	DOWNLOAD INFO: Host: mirror.onesystems.ch (HTTPS) - File: ipfire/pakfire2/2.19- x86_64/lists/packages_list.db
13:49:19	pakfire:	DOWNLOAD INFO: ipfire/pakfire2/2.19-x86_64/lists/packages_list.db has size of bytes
13:49:19	pakfire:	DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowi ng which Certificate Authorities to trust
13:49:19	pakfire:	Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
13:49:19	pakfire:	CORE INFO: core-list.db is 35789 seconds old. - DEBUG: force
13:49:19	pakfire:	DOWNLOAD STARTED: lists/core-list.db
13:49:19	pakfire:	MIRROR INFO: 32 servers found in list
13:49:19	pakfire:	PING INFO: mirror.ictec.it is alive
13:49:19	pakfire:	DOWNLOAD INFO: Host: mirror.ictec.it (HTTP) - File: ipfire/pakfire2/2.19-x86_64 /lists/core-list.db
13:49:20	pakfire:	DOWNLOAD INFO: ipfire/pakfire2/2.19-x86_64/lists/core-list.db has size of 233 b ytes
13:49:20	pakfire:	DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
13:49:20	pakfire:	DOWNLOAD INFO: File received. Start checking signature...
13:49:20	pakfire:	DOWNLOAD INFO: Signature of core-list.db is fine.
13:49:20	pakfire:	DOWNLOAD FINISHED: ipfire/pakfire2/2.19-x86_64/lists/core-list.db
13:49:20	pakfire:	PAKFIRE INFO: Pakfire has finished. Closing.

Comment 12 5p9 2018-10-18 11:48:45 UTC

Hey @ all fyi: https://forum.ipfire.org/viewtopic.php?f=17&t=21556 in this thread here you can find a litte bit more information (in german) about my problem.

Comment 13 Peter Müller 2018-10-18 20:41:44 UTC

I can confirm something is going wrong with Pakfire behind
an upstream proxy (at least after updating to Core 124) indeed.

Log records look like proxy settings are not applied correctly:

20:38:16 pakfire:  PAKFIRE INFO: Pakfire has finished. Closing.
20:38:16 pakfire:  DOWNLOAD FINISHED: pub/ipfire/pakfire2/2.21-x86_64/lists/core-list.db
20:38:16 pakfire:  DOWNLOAD INFO: Signature of core-list.db is fine.
20:38:16 pakfire:  DOWNLOAD INFO: File received. Start checking signature...
20:38:16 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
20:38:15 pakfire:  DOWNLOAD INFO: pub/ipfire/pakfire2/2.21-x86_64/lists/core-list.db has size of 871 bytes
20:38:15 pakfire:  DOWNLOAD INFO: Logging in with: [REDACTED] - [REDACTED]
20:38:15 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
20:38:15 pakfire:  DOWNLOAD INFO: Host: mirror.lightningwirelabs.com (HTTPS) - File: pub/ipfire/pakfire2/2.21-x86_64/lists/core-list.db
20:38:15 pakfire:  MIRROR INFO: 25 servers found in list
20:38:15 pakfire:  DOWNLOAD STARTED: lists/core-list.db
20:38:15 pakfire:  CORE INFO: core-list.db is 182912 seconds old. - DEBUG: force
20:38:15 pakfire:  Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
20:38:15 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ftp.nluug.nl:443 (connect: Connection timed out)
20:38:00 pakfire:  DOWNLOAD INFO: os/Linux/distr/ipfire/pakfire2/2.21-x86_64/lists/packages_list.db has size of  bytes
20:37:44 pakfire:  DOWNLOAD INFO: Logging in with: [REDACTED] - [REDACTED]
20:37:44 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
20:37:44 pakfire:  DOWNLOAD INFO: Host: ftp.nluug.nl (HTTPS) - File: os/Linux/distr/ipfire/pakfire2/2.21-x86_64/lists/packages_list.db
20:37:44 pakfire:  MIRROR INFO: 25 servers found in list
20:37:44 pakfire:  DOWNLOAD STARTED: lists/packages_list.db
20:37:44 pakfire:  DB INFO: packages_list.db is 157516 seconds old. - DEBUG: force
20:37:44 pakfire:  DOWNLOAD FINISHED: 2.21-x86_64/lists/server-list.db
20:37:44 pakfire:  DOWNLOAD INFO: Signature of server-list.db is fine.
20:37:44 pakfire:  DOWNLOAD INFO: File received. Start checking signature...
20:37:44 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
20:37:44 pakfire:  DOWNLOAD INFO: 2.21-x86_64/lists/server-list.db has size of 2236 bytes
20:37:43 pakfire:  DOWNLOAD INFO: Logging in with: [REDACTED] - [REDACTED]
20:37:43 pakfire:  DOWNLOAD INFO: Upstream proxy: [REDACTED]:3128
20:37:43 pakfire:  DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: 2.21-x86_64/lists/server-list.db
20:37:43 pakfire:  DOWNLOAD STARTED: 2.21-x86_64/lists/server-list.db
20:37:43 pakfire:  MIRROR INFO: server-list.db is 58200 seconds old. - DEBUG: force
20:37:43 pakfire:  PAKFIRE INFO: IPFire Pakfire 2.21-x86_64 started!

Surprisingly, Pakfire closes with a success message even the
package list could not be fetched correctly.

Comment 14 Peter Müller 2018-10-18 21:40:25 UTC

https://patchwork.ipfire.org/patch/1956/ fixes this problem
for systems behind upstream proxies.

Comment 15 5p9 2018-10-18 23:38:22 UTC

Hey Peter, thank you for these lines. I will Test & report it at the next Weekend. Good night.

Comment 16 5p9 2018-10-18 23:45:07 UTC

Oh, this Patch is not for me. I have no Proxy active.

Comment 17 5p9 2018-10-22 10:07:57 UTC

Hello,

i find a new fail messages into my tcpdump.

:tcpdump -vvv -i red0 dst port 80:
####=====================================####
09:46:20.798061 IP (tos 0x0, ttl 64, id 50065, offset 0, flags [none], proto TCP (6), length 52)
    192.168.YYY.ZZZ.49679 > 81.3.27.38.http: Flags [F.], cksum 0x2f02 (incorrect -> 0x2654), seq 178, ack 174, win 237, options [nop,nop,TS val 487596818 ecr 85315067], length 0
09:46:21.044170 IP (tos 0x0, ttl 64, id 50114, offset 0, flags [none], proto TCP (6), length 60)
    192.168.YYY.ZZZ.49680 > 81.3.27.38.http: Flags [S], cksum 0x2f0a (incorrect -> 0x298b), seq 3326391415, win 29200, options [mss 1460,sackOK,TS val 487596892 ecr 0,nop,wscale 7], length 0
09:46:21.073278 IP (tos 0x0, ttl 64, id 50115, offset 0, flags [none], proto TCP (6), length 52)
    192.168.YYY.ZZZ.49680 > 81.3.27.38.http: Flags [.], cksum 0x2f02 (incorrect -> 0xc5fd), seq 3326391416, ack 2921627938, win 229, options [nop,nop,TS val 487596901 ecr 85315343], length 0
09:46:21.073721 IP (tos 0x0, ttl 64, id 50116, offset 0, flags [none], proto TCP (6), length 195)
    192.168.YYY.ZZZ.49680 > 81.3.27.38.http: Flags [P.], cksum 0x2f91 (incorrect -> 0x8e50), seq 0:143, ack 1, win 229, options [nop,nop,TS val 487596901 ecr 85315343], length 143: HTTP, length: 143
        HEAD /2.21/lists/server-list.db HTTP/1.1
        TE: deflate,gzip;q=0.3
        Connection: TE, close
        Host: pakfire.ipfire.org
        User-Agent: Pakfire/2.21

09:46:21.109494 IP (tos 0x0, ttl 64, id 50127, offset 0, flags [none], proto TCP (6), length 52)
    192.168.YYY.ZZZ.49680 > 81.3.27.38.http: Flags [F.], cksum 0x2f02 (incorrect -> 0xc4ae), seq 143, ack 138, win 237, options [nop,nop,TS val 487596912 ecr 85315378], length 0
09:46:21.315020 IP (tos 0x0, ttl 64, id 50178, offset 0, flags [none], proto TCP (6), length 60)
    192.168.YYY.ZZZ.49681 > 81.3.27.38.http: Flags [S], cksum 0x2f0a (incorrect -> 0x32fc), seq 3999105691, win 29200, options [mss 1460,sackOK,TS val 487596973 ecr 0,nop,wscale 7], length 0
09:46:21.342448 IP (tos 0x0, ttl 64, id 50182, offset 0, flags [none], proto TCP (6), length 52)
    192.168.YYY.ZZZ.49681 > 81.3.27.38.http: Flags [.], cksum 0x2f02 (incorrect -> 0xd40b), seq 3999105692, ack 1651033910, win 229, options [nop,nop,TS val 487596981 ecr 85315611], length 0
09:46:21.343053 IP (tos 0x0, ttl 64, id 50183, offset 0, flags [none], proto TCP (6), length 194)
    192.168.YYY.ZZZ.49681 > 81.3.27.38.http: Flags [P.], cksum 0x2f90 (incorrect -> 0xab81), seq 0:142, ack 1, win 229, options [nop,nop,TS val 487596982 ecr 85315611], length 142: HTTP, length: 142
        GET /2.21/lists/server-list.db HTTP/1.1
        TE: deflate,gzip;q=0.3
        Connection: TE, close
        Host: pakfire.ipfire.org
        User-Agent: Pakfire/2.21

09:46:21.372703 IP (tos 0x0, ttl 64, id 50189, offset 0, flags [none], proto TCP (6), length 52)
    192.168.YYY.ZZZ.49681 > 81.3.27.38.http: Flags [F.], cksum 0x2f02 (incorrect -> 0xd2c4), seq 142, ack 138, win 237, options [nop,nop,TS val 487596990 ecr 85315641], length 0
09:46:22.198260 IP (tos 0x0, ttl 127, id 27279, offset 0, flags [DF], proto TCP (6), length 41)
    192.168.YYY.ZZZ.63230 > ip5886b629.dynamic.kabel-deutschland.de.http: Flags [.], cksum 0xb843 (correct), seq 1033665349:1033665350, ack 1752044190, win 64240, length 1: HTTP
09:46:32.229706 IP (tos 0x0, ttl 127, id 27294, offset 0, flags [DF], proto TCP (6), length 41)
    192.168.YYY.ZZZ.63230 > ip5886b629.dynamic.kabel-deutschland.de.http: Flags [.], cksum 0xb843 (correct), seq 0:1, ack 1, win 64240, length 1: HTTP
####=====================================####

The sourcepoint is:
####=====================================####
inetnum:        81.3.27.32 - 81.3.27.63
netname:        IPFIRE-ORG-NET
descr:          visit www.ipfire.org
country:        DE
admin-c:        MT15803-RIPE
tech-c:         MT15803-RIPE
status:         ASSIGNED PA
mnt-by:         SSERV-MNT
created:        2016-01-19T10:15:52Z
last-modified:  2016-01-19T10:15:52Z
source:         RIPE

I think this is my Problem.

Comment 18 Michael Tremer 2018-10-22 16:48:04 UTC

*What* is the problem in that dump? I do not see anything suspicious...

Comment 19 Merome 2018-10-22 16:53:06 UTC

The patch given on comment #14 didn't solve the problem for us (although our ipfire isn't behind a proxy).
Still have "HTTP-Status-Code: 500" error.

Comment 20 Peter Müller 2018-10-22 16:59:24 UTC

As far as I am concerned, we are dealing with two different problems here:
(a) IPFire systems do not apply proxy settings correctly if behind an upstream
proxy.
(b) In some other scenarios, users experience a 500 server error. This looks
more like an upstream problem on the main mirror to me.

Comment 21 5p9 2018-10-22 19:26:23 UTC

Hi Michael,

i don't now! But my general Problem is this messages:

####=====================================####
Oct 22 11:47:29 ipfw pakfire: PAKFIRE INFO: IPFire Pakfire 2.21 started!
Oct 22 11:47:29 ipfw pakfire: Sending my uuid: 96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 22 11:47:29 ipfw pakfire: DOWNLOAD STARTED: counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 22 11:47:29 ipfw pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTP) - File: counter.py?ver=2.21&uuid=96b13752-49b9-4abd-a8e6-b3439a72c879
Oct 22 11:47:29 ipfw pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
Oct 22 11:47:29 ipfw pakfire: Giving up: There was no chance to get the file counter.py?ver=2.21
####=====================================####

for more inputs see here:
https://forum.ipfire.org/viewtopic.php?f=17&p=119733&sid=2eb69d68503165ec4183513e11acaebf#p119733

I don't know where and what else I can check.
Maybe someone else knows what else I can do to test the ssl test.

Comment 22 5p9 2018-10-24 21:03:28 UTC

Hi,

i think i have solved my Problem:
https://forum.ipfire.org/viewtopic.php?f=17&t=21556&p=119838#p119838 (in german)

it was my Perl /usr/lib/perl5/site_perl/5.28.0/LWP/UserAgent.pm 

I set the checkvalue to: $ssl_opts->{verify_hostname} = 0; 
The Download it is now okay!

this perlversion came from my postfix smtp proxy installation.
But, my openssl.cnf has a missmatch btw. cnf file and destinationsfolder, these are empty - exept: index.txt and serial

####=====================================####
/var/ipfire/certs):ls -al
total 12
drwxr-xr-x  2 nobody nobody 4096 Oct 16  2014 .
drwxr-xr-x 51 root   root   4096 Aug 22 19:50 ..
-rw-r--r--  1 nobody nobody    0 Oct 16  2014 index.txt
-rw-r--r--  1 nobody nobody    3 Oct 16  2014 serial

Comment 23 Peter Müller 2019-04-07 20:26:31 UTC

(In reply to 5p9 from comment #22)
> Hi,
> 
> i think i have solved my Problem:
> https://forum.ipfire.org/viewtopic.php?f=17&t=21556&p=119838#p119838 (in
> german)
> 
> it was my Perl /usr/lib/perl5/site_perl/5.28.0/LWP/UserAgent.pm 
> 
> I set the checkvalue to: $ssl_opts->{verify_hostname} = 0; 
This is dangerous since it disables hostname verification for certificates!

Do not do this!
> The Download it is now okay!
> 
> this perlversion came from my postfix smtp proxy installation.
> But, my openssl.cnf has a missmatch btw. cnf file and destinationsfolder,
> these are empty - exept: index.txt and serial
> 
> ####=====================================####
> /var/ipfire/certs):ls -al
> total 12
> drwxr-xr-x  2 nobody nobody 4096 Oct 16  2014 .
> drwxr-xr-x 51 root   root   4096 Aug 22 19:50 ..
> -rw-r--r--  1 nobody nobody    0 Oct 16  2014 index.txt
> -rw-r--r--  1 nobody nobody    3 Oct 16  2014 serial
Okay, so I assume this was an ERRATA and will close the issue. Feel free to reopen if I am wrong.

Downloading updates behind a proxy still is not working, but I will file this in a separate bug.