Default mirror broken?

[hartwork]

Hi!

While installation through the Rackspace mirror seems to work fine

# ./arch-bootstrap.sh -a x86_64 -r http://mirror.rackspace.com/archlinux/ arch_root

the default mirror at mirrors.kernel.org does not lead to a successful installation as of today, tried twice:

# ./arch-bootstrap.sh -a x86_64 arch_root
[..]
--- configure DNS and pacman
--- install packages: acl archlinux-keyring attr bzip2 curl expat glibc gpgme libarchive libassuan libgpg-error libssh2 lzo openssl pacman pacman-mirrorlist xz zlib krb5 e2fsprogs keyutils libidn gcc-libs filesystem coreutils bash grep gawk file tar systemd
:: Synchronizing package databases...
error: failed retrieving file 'core.db' from mirrors.kernel.org : error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
error: failed to update core (download library error)
error: failed retrieving file 'extra.db' from mirrors.kernel.org : error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
error: failed to update extra (download library error)
error: failed retrieving file 'community.db' from mirrors.kernel.org : error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
error: failed to update community (download library error)
error: failed to synchronize any databases
error: failed to init transaction (download library error)

# ls -l /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 273790 Apr 25 11:46 /etc/ssl/certs/ca-certificates.crt

Maybe Rackspace would make a better default mirror? It's listed as worldwide at the very top in etc/pacman.d/mirrorlist.

Best, Sebastian

[tokland]

Can you try again? this repo at the moment works for me.

[hartwork]

Same error again, Debian jessie below. What distro are you running the command from? Depending on what it is, I could try running it on the same as yours.

[tokland]

ArchLinux (tested from Spain and UK). What's the output of this? curl -v https://mirrors.kernel.org/archlinux/core/os/x86_64/curl-7.42.1-1-x86_64.pkg.tar.xz -o /dev/null

[hartwork]

bash: curl: command not found

;)

# curl -v https://mirrors.kernel.org/archlinux/core/os/x86_64/curl-7.42.1-1-x86_64.pkg.tar.xz -o /dev/null
* Hostname was NOT found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 198.145.20.143...
* Connected to mirrors.kernel.org (198.145.20.143) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*        subject: description=r1nDw5BOnE1CIcyp; C=US; ST=California; L=San Francisco; O=The Linux Foundation; CN=mirrors.kernel.org; emailAddress=webmaster@kernel.org
*        start date: 2014-04-09 08:26:12 GMT
*        expire date: 2016-04-08 23:33:00 GMT
*        subjectAltName: mirrors.kernel.org matched
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 2 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /archlinux/core/os/x86_64/curl-7.42.1-1-x86_64.pkg.tar.xz HTTP/1.1
> User-Agent: curl/7.38.0
> Host: mirrors.kernel.org
> Accept: */*
> 
< HTTP/1.1 200 OK
* Server nginx is not blacklisted
< Server: nginx
< Date: Sun, 31 May 2015 18:20:05 GMT
< Content-Type: application/octet-stream
< Content-Length: 747208
< Last-Modified: Thu, 30 Apr 2015 12:59:55 GMT
< ETag: "5542274b-b66c8"
< X-Frame-Options: DENY
< Accept-Ranges: bytes
< 
{ [data not shown]
100  729k  100  729k    0     0   203k      0  0:00:03  0:00:03 --:--:--  203k
* Connection #0 to host mirrors.kernel.org left intact

[tokland]

Ok, no idea :) Let's see if someone else has this problem, for now use the -r option.

[hartwork]

If you send an SSH pubkey to my mailbox, I can give you a shell on that Debian box, if you like.

[tokland]

http://goo.gl/sNsk1J

[tokland]

I see, the problem is not the repo, but using https instead of http. I'll rollback to http until we see how to solve the problem with the https access. 0ea1af9

[hartwork]

Sigh, that was not my intention, really. I'll re-open issue #13 then.

[deinspanjer]

I'm getting this exact same error trying to install the arch chroot on an alpine 3.4 box. Using the -r http://mirror.rackspace.com/archlinux/ mirror also worked for me, although I did get some intermittent 404 errors when using the rackspace mirror.

[mdeguzis]

Same error here on Debian 8.5 Digital Ocean VPS. :/ There is a mirror list you can use manually for now:

https://www.archlinux.org/mirrors/status/

Edit: I've found that this failure is off and on. What I did, is add a backup http location to my wrapper script:

https://github.com/ProfessorKaos64/LibreGeek-Packaging/blob/arch-linux/create-arch-chroot.sh

[tokland]

Indeed, the https repo does not work for me either. Let's return to http again. If anyone has a patch to make it work with https, a PR is welcome.