yum urlgrabber error in lxc-create -t fedora
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | urlgrabber (Debian) |
Fix Released
|
Unknown
|
||
| | urlgrabber (Ubuntu) |
High
|
Unassigned | ||
| | Trusty |
High
|
Clint Byrum | ||
Bug Description
[Impact]
* Users wishing to use Yum on Ubuntu to build Fedora packages will be met with a backtrace due to curl changing its' API. This makes urlgrabber basically unusable without forcing turning off SSL certification verification, which is not acceptible.
[Test Case]
* Install yum-utils
* Ensure sslverify in section "main" is not set, or is "1" in /etc/yum/yum.conf
* Create a working directory for testing, reference as WORKING
* mkdir $WORKING/
* Add attached "fedora.repo" to $WORKING/
* mkdir $WORKING/
* rpm --rootdir=$WORKING initdb
* yumdownloader --releasever=21 --setopt-
The yumdownloader step will fail with a traceback ending in "pycurl.error: (43, 'CURLOPT_
[Regression Potential]
* Since the library is mostly inoperable when running without SSL verification, regressions seem unlikely.
* The additional fix for keepalives which was included upstream is low risk also as it simply makes the code resilient to a known failure by not allowing incompatible options to be used together.
[Other Info]
N/A
---- Original Report ----
On ubuntu 13.04 with
yum: 3.4.3-1ubuntu1
lxc: 0.9.0-0ubuntu3.3
lxc-templates: 0.9.0-0ubuntu3.3
When attempting to create a fedora Linux Container, I see
$ sudo lxc-create -n fed1 -t fedora
lxc-create: No config file specified, using the default config /etc/lxc/
This is not a fedora host and release missing, defaulting to 14. use -R|--release to specify release
Checking cache download in /var/cache/
Downloading fedora minimal ...
Fetching from http://
% Total % Received % Xferd Average Speed Time Time Time Current
100 24404 100 24404 0 0 41435 0 --:--:-- --:--:-- --:--:-- 43192
rpm: RPM should not be used directly install RPM packages, use Alien instead!
rpm: However assuming you know what you are doing...
warning: /var/cache/
Preparing... #######
package fedora-
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in <module>
yummain.
File "/usr/share/
errcode = main(args)
File "/usr/share/
result, resultmsgs = base.doCommands()
File "/usr/share/
self.
File "/usr/lib/
self.
File "/usr/lib/
pkgSack = self.pkgSack
File "/usr/lib/
pkgSack = property(
File "/usr/lib/
self.
File "/usr/lib/
sack.
File "/usr/lib/
if self._check_
File "/usr/lib/
return repo._check_
File "/usr/lib/
repoXML = self.repoXML
File "/usr/lib/
repoXML = property(
File "/usr/lib/
self.
File "/usr/lib/
return self._groupLoad
File "/usr/lib/
if self._commonLoa
File "/usr/lib/
result = self._getFileRe
File "/usr/lib/
size=102400) # setting max size as 100K
File "/usr/lib/
result = self.grab.
File "/usr/lib/
grab = property(lambda self: self._getgrab())
File "/usr/lib/
self.
File "/usr/lib/
self._grab = mgclass(
File "/usr/lib/
urls = property(
File "/usr/lib/
self.
File "/usr/lib/
mirrorurls.
File "/usr/lib/
metalink_data = property(
File "/usr/lib/
result = ug.urlgrab(url, local, text=self.id + "/metalink")
File "/usr/lib/
return self._retry(opts, retryfunc, url, filename)
File "/usr/lib/
r = apply(func, (opts,) + args, {})
File "/usr/lib/
fo = PyCurlFileObjec
File "/usr/lib/
self._do_open()
File "/usr/lib/
self.
File "/usr/lib/
self.
pycurl.error: (43, '')
Failed to download the rootfs, aborting.
Failed to download 'fedora base'
failed to install fedora
lxc-create: failed to execute template 'fedora'
lxc-create: aborted
This appears to be a yum error. /usr/share/
yum --installroot /var/cache/
| Jeremy Fishman (jeremy-r-fishman) wrote : | #2 |
I am seeing this same issue via 'yumdownloader'.
It appears to be a bug in urlgrabber, fixed here http://
For explanation, see http://
The bug is still present in the latest upstream 3.9.1 release of urlgrabber.
It is possible to work-around the urlgrabber bug by setting the options 'ssl_verify_host' to 2 instead of True, though 'True' is expected value according to the pydoc:
> self.ssl_
>
> Check the server's hostname to make sure it matches the certificate DN
| Jeremy Fishman (jeremy-r-fishman) wrote : | #3 |
Sorry, my details:
yum: 3.4.3-1ubuntu1
yum-utils: 1.1.26-0ubuntu1
python-urlgrabber: 3.9.1-4ubuntu2
| Mike Miller (mtmiller) wrote : | #4 |
Confirmed here as well, and I can also confirm that the patch does fix the problem reported here.
| affects: | yum (Ubuntu) → urlgrabber (Ubuntu) |
| Changed in urlgrabber (Ubuntu): | |
| status: | New → Confirmed |
| Mike Miller (mtmiller) wrote : | #5 |
Linked Debian bug #715416 reporting the same bug in urlgrabber.
| Changed in urlgrabber (Debian): | |
| status: | Unknown → New |
| GP Solutions (gpsolutions) wrote : | #6 |
As workaround you can set sslverify to 0 in /etc/yum/yum.conf.
| Changed in urlgrabber (Debian): | |
| status: | New → Fix Released |
| Clint Byrum (clint-fewbar) wrote : | #7 |
This is pretty badly broken, and fixed already in Debian and everywhere else.
| Changed in urlgrabber (Ubuntu): | |
| status: | Confirmed → Triaged |
| importance: | Undecided → Critical |
| importance: | Critical → High |
| Changed in urlgrabber (Ubuntu Trusty): | |
| status: | New → In Progress |
| importance: | Undecided → High |
| assignee: | nobody → Clint Byrum (clint-fewbar) |
| summary: |
- yum error in lxc-create -t fedora + yum urlgrabber error in lxc-create -t fedora |
| description: | updated |
| Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package urlgrabber - 3.9.1-4ubuntu5
---------------
urlgrabber (3.9.1-4ubuntu5) vivid; urgency=medium
* Apply patch to fix urlgrabber for newer libcurl (LP: #1200288)
-- Clint Byrum <email address hidden> Tue, 31 Mar 2015 14:34:19 -0700
| Changed in urlgrabber (Ubuntu): | |
| status: | Triaged → Fix Released |
Hello tlc, or anyone else affected,
Accepted urlgrabber into trusty-proposed. The package will build now and be available at http://
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in urlgrabber (Ubuntu Trusty): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed |
| Clint Byrum (clint-fewbar) wrote : | #10 |
Tested on 14.04 from trusty-proposed, works!
| tags: |
added: verification-done removed: verification-needed |
| Clint Byrum (clint-fewbar) wrote : | #11 |
This has been verified for almost 2 weeks. Any reason it isn't released to trusty-updates yet?
| Launchpad Janitor (janitor) wrote : | #12 |
This bug was fixed in the package urlgrabber - 3.9.1-4ubuntu3.
---------------
urlgrabber (3.9.1-
* Apply patch to fix urlgrabber for newer libcurl (LP: #1200288)
-- Clint Byrum <email address hidden> Tue, 31 Mar 2015 14:34:19 -0700
| Changed in urlgrabber (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
The verification of the Stable Release Update for urlgrabber has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
Works on ubuntu 12.04 with
yum: 3.2.25-1ubuntu2
lxc: 0.7.5-0ubuntu67