Thanks for the problem report and workaround. The cause is an SSLv3 Handshake Failure, apparently a result of tightened security configuration at fedoraproject.org which is no longer compatible with Fedora 18.
Unfortunately yum does not report the actual problem. Here's how to catch proof; 1. use tcpdump to capture network packets and then wireshark to analyse, 2. look for the "Alert (Level: Fatal, Description: Handshake Failure)", 3. look for the immediately preceeding SSLv3 Client Hello message, 4. note the Cipher Suites list contains some that are no longer acceptable. Your workaround is fine. It is similar to the one I used for XO-1.75 and XO-4 in 13.2.8; https://github.com/quozl/olpc-os-builder/commit/f2cb3908aff0cc7bc3ba7937a93b0337140dd81e Another workaround is to change from https to http in the mirrorlist entries. sudo sed -i 's/mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/*.repo However, while this is faster, it also lowers the overall security because it makes a man in the middle attack easier. Best way to image a set of laptops with rpmfusion packages is to build an image using olpc-os-builder. I've got notes on how to do that. On Sun, Nov 10, 2019 at 03:15:55PM -0500, Carrol Riddle wrote: > Have been able to Yum install exfat files on my XO-1, but everywhere had to > block mirrorline and use baseurl. > > Still do not know why mirrors do not work. > > The baseurl for fedora.repo is > http://dl.fedoraproject.org/pub/archive/fedora/linux/$releasever/Everything/$basearch/os/ > > The baseurl for rpmfusion is > http://archive.rpmfusion.org/free-archive/fedora/releases/$releasever/Everything/$basearch/os/ > > dl, download and archive all seem to work as first term in fedora path. > > Modified the *-update.repo files similarly (but not same). > > I had been using http://wiki.laptop.org/go/Gstreamer method of installing > rpmfusion, > but simpler and newer is: > wget -c > download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm > and rpm -i rpmfusion-free-release-18.noarch.rpm > > Removed extraneous rpmfusion repos from /etc/yum.repos.d/ > > This effort was to allow installing Internet-in-a-Box on a larger SD for > Raspberry Pi Zero W using only XO and the Zero. > Two external ports are needed and had previously used Pi 4 to prepare SD. > The single USB port on Zero is used for the connection to an XO using > X11Forwarding for display, keyboard and shared WiFi (secondary to Zero W > on-board WiFi or as primary for simple Zero). > > Still looking for cause of YUM Mirrors failure. > > Carrol Riddle > > > > On November 10, 2019 at 9:57 AM Peter Robinson <pbrobin...@gmail.com> wrote: > > > > > > On Sun, Nov 10, 2019 at 5:29 AM Carrol Riddle <ebox...@scishare.com> wrote: > > > > > > XO's attempting to run YUM update or install are unable to use fedora > > > mirror sites (https://) but able to use primary fedora site (http://). > > > > > > Is this a matter of https vs http / ca-certificates or changes in mirror > > > structures ? Ca-certificates update have not been done, but could be > > > done. > > > > > > Running OLPC 13.2.10 with current date / time and hwclock -w to sync. > > > > > > Primaries used by editing /etc/yum.repos.d/fedora.repo and commenting out > > > mirrorlist line and uncommenting baseurl line (and adding "archive" to > > > url path after /pub/). > > > > > > There are no entries in yum.log and error message is: > > > "Cannot retrieve metalink for repository: fedora/18/i386. Please verify > > > its path and try again." > > > > > > My specific case is trying to install rpmfusion in preparing to install > > > exfat-utils and fuse-exfat , but occurs with other installs that have > > > been done in the past. > > > > I'm guessing you might need to update for content that has been > > archived, I thought the mirror manager dealt with redirects > > automatically there but I don't know exactly. > _______________________________________________ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel -- James Cameron http://quozl.netrek.org/ _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
