Quantcast

mirrors

classic Classic list List threaded Threaded
52 messages Options
123
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

mirrors

Roger Oberholtzer-2
Background:

I have a couple of Tumbleweed (intel and ARM) machines at work. These
are behind the corporate firewall. This firewall scans every file
download for viri and the like. If a file is suspect, you don't get
it. I have encountered a problem where a couple of openSUSE RPMS look
suspicious to this check, and are blocked from download. At least this
is what the IT guys feel is happening.

The specific files change. But if a file fails, it will always fail.
So it is consistent. For example, at the time of this message, this
file is not allowed:

http://download.opensuse.org/tumbleweed/repo/oss/suse/i686/kernel-pae-4.9.9-1.1.i686.rpm

Another unpopular file is kernel-firmware. And, the Windows versions
of Tcl and Tk. But others pop up occasionally.

I had thought that I would just grab the files from home, put them on
my machine, and all will be fine. The problem is that Tumbleweed is
quite active. The files change over the day. So getting the ones that
cause the complaint is difficult. When I get back to work, new files
may complain.

Question:

The IT guys have offered to white list a site where the files will be
passed through. So I thought I would suggest download.opensuse.org.
The problem is that zypper uses mirrors. So the downloads may not
actually come from there. I thought I would just specify a local
mirror in the URL.

Unfortunately, mirrors seem not to mirror everything on
download.opensuse.org. So, I thought I might use the mirror URL for
the repos that the mirror has. But that leaves the other repos. Like
http://download.opensuse.org/update/tumbleweed/, which I do not see on
the mirrors I have checked.

Is it possible (even though I understand that it is perhaps bad
netiquette) to tell zypper to not use a mirror? At least this may
allow me to verify that, when white listed, the files from a repo can
be obtained.

A nice feature for zypper could be that it tries a mirror, and after a
couple failures, it tries the specified repo before failing.






--
Roger Oberholtzer

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Michael Hirmke
Hi Roger,

[...]

>A nice feature for zypper could be that it tries a mirror, and after a
>couple failures, it tries the specified repo before failing.

wouldn't it be an option for you to create your own internal mirror?
Then you could point all your internal SuSE machines to that mirror.
Depending on the number of machines this could reduce traffic and -
regarding your actual problem - you could mirror from a machine of your
choice, which in turn could be whitelisted in the firewall.




>--
>Roger Oberholtzer

Bye.
Michael.
--
Michael Hirmke

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Roger Oberholtzer-2
On Wed, Feb 15, 2017 at 11:57 AM, Michael Hirmke <[hidden email]> wrote:
> Hi Roger,
>
> [...]
>
>>A nice feature for zypper could be that it tries a mirror, and after a
>>couple failures, it tries the specified repo before failing.

I cannot populate my mirror because I would have to load the files via
the same file checker. Every file is checked. My mirror would not
contain the suspect files. They are simply not let pass. Unless the
external source is on the white list.

--
Roger Oberholtzer

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Andreas Mahel
On 15.02.2017 12:58, Roger Oberholtzer wrote:
> On Wed, Feb 15, 2017 at 11:57 AM, Michael Hirmke <[hidden email]> wrote:
>>> A nice feature for zypper could be that it tries a mirror, and after a
>>> couple failures, it tries the specified repo before failing.
>
> I cannot populate my mirror because I would have to load the files via
> the same file checker. Every file is checked. My mirror would not
> contain the suspect files. They are simply not let pass. Unless the
> external source is on the white list.
>

If I read Michael's mail correctly, the intention was to split the issue
in two aspects.
1. Avoid zypper using random mirrors by pointing it to the one and only
internal mirror repository
2. Limit the firewall exception to exactly one external repo server from
which you then mirror the data to your local server.

--
Cahn's Axiom:
        When all else fails, read the instructions.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Roger Oberholtzer-2
On Wed, Feb 15, 2017 at 2:14 PM, Andreas Mahel <[hidden email]> wrote:

> On 15.02.2017 12:58, Roger Oberholtzer wrote:
>> On Wed, Feb 15, 2017 at 11:57 AM, Michael Hirmke <[hidden email]> wrote:
>>>> A nice feature for zypper could be that it tries a mirror, and after a
>>>> couple failures, it tries the specified repo before failing.
>>
>> I cannot populate my mirror because I would have to load the files via
>> the same file checker. Every file is checked. My mirror would not
>> contain the suspect files. They are simply not let pass. Unless the
>> external source is on the white list.
>>
>
> If I read Michael's mail correctly, the intention was to split the issue
> in two aspects.
> 1. Avoid zypper using random mirrors by pointing it to the one and only
> internal mirror repository

No problem with that.

> 2. Limit the firewall exception to exactly one external repo server from
> which you then mirror the data to your local server.

That is still the question: since all repos are not on all mirrors
(like the one I mentioned - but there are many more), I would still
need to get the mirror software to talk to an external server. I guess
the idea is that mirrors always get data from download.opensuse.org
and never from a mirror. SO I only need that in the white list.

I can't help but think that the mirror activity may be more work
against download.opensuse.org than my occasional updates...


--
Roger Oberholtzer

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Carlos E. R.-2
In reply to this post by Roger Oberholtzer-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



El 2017-02-15 a las 09:05 +0100, Roger Oberholtzer escribió:

...

> I had thought that I would just grab the files from home, put them on
> my machine, and all will be fine. The problem is that Tumbleweed is
> quite active. The files change over the day. So getting the ones that
> cause the complaint is difficult. When I get back to work, new files
> may complain.

Don't use tumbleweed...

:-P


> Question:
>
> The IT guys have offered to white list a site where the files will be
> passed through. So I thought I would suggest download.opensuse.org.
> The problem is that zypper uses mirrors. So the downloads may not
> actually come from there. I thought I would just specify a local
> mirror in the URL.
>
> Unfortunately, mirrors seem not to mirror everything on
> download.opensuse.org. So, I thought I might use the mirror URL for
> the repos that the mirror has. But that leaves the other repos. Like
> http://download.opensuse.org/update/tumbleweed/, which I do not see on
> the mirrors I have checked.
It would be a question of locating a mirror that contains all you need,
or some mirrors.


> Is it possible (even though I understand that it is perhaps bad
> netiquette) to tell zypper to not use a mirror? At least this may
> allow me to verify that, when white listed, the files from a repo can
> be obtained.
>
> A nice feature for zypper could be that it tries a mirror, and after a
> couple failures, it tries the specified repo before failing.

The thing is, it is not zypper which decides the mirror to use, but the
mirrorbrain at the download server.


Your people would have to decide to clear not a server outside, but one
inside. The one that creates an internal mirror. Install an antivirus in
that machine, and do the scanning in there. Suspect files are notified,
and you clear them manually after confirmation. While the mirror sync
job is working, the server does not serve the LAN.


- --
Cheers
        Carlos E. R.

        (from 42.2 x86_64 "Malachite" (Minas Tirith))

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlikV/sACgkQja8UbcUWM1wAZwEAiViOZjWK0pD1sRwlr9VpD8/g
/lt8HfxjFzV0TyVw8REA+gPyB+Ut7gdBWbnHRokIZcx+zaF9W5p9X7UmHk6gKicc
=lEP5
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Carlos E. R.-2
In reply to this post by Roger Oberholtzer-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



El 2017-02-15 a las 14:25 +0100, Roger Oberholtzer escribió:

> That is still the question: since all repos are not on all mirrors
> (like the one I mentioned - but there are many more), I would still
> need to get the mirror software to talk to an external server. I guess
> the idea is that mirrors always get data from download.opensuse.org
> and never from a mirror. SO I only need that in the white list.

No, I think the new files are "pushed" to the mirrors.

It would be very bad form to pull from the internal opensuse server.


- --
Cheers
        Carlos E. R.

        (from 42.2 x86_64 "Malachite" (Minas Tirith))

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlikWJcACgkQja8UbcUWM1wsHgD9GNTVhfstegQaUluVmeoe0puw
rVgfK8e6/cVhuBY5ZAwA/jgBzc9uEwUC42fIXwr2c/sTdk19gUUNcI4i67G9yhM9
=VCVA
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Roger Oberholtzer-2
In reply to this post by Carlos E. R.-2
On Wed, Feb 15, 2017 at 2:30 PM, Carlos E. R.
<[hidden email]> wrote:

> The thing is, it is not zypper which decides the mirror to use, but the
> mirrorbrain at the download server.
>
> Your people would have to decide to clear not a server outside, but one
> inside. The one that creates an internal mirror. Install an antivirus in
> that machine, and do the scanning in there. Suspect files are notified, and
> you clear them manually after confirmation. While the mirror sync job is
> working, the server does not serve the LAN.

I have had a machine in the DMZ. It provided a few services. This is a
tricky machine in that the IT guys have an external company that tries
to exploit things that are exposed. They are ruthless. I have been
trying to minimize the things this machine does to the bare minimum so
that there is less for them to complain about. I don't really want to
have it become a mirror. I guess that would also mean that folks in
the area would perhaps be sent here for their files. I'm not sure if
that would be popular. Our IT guys are a paranoid lot. Of course, they
have chosen Windows as the infrastructure...

I had guessed that the mirror redirection was done as you described.
Too bad the mirror is not opaque and that the local system still just
sees download.opensuse.org.

--
Roger Oberholtzer

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Michael Hirmke
In reply to this post by Andreas Mahel
Hi,

>On 15.02.2017 12:58, Roger Oberholtzer wrote:
>> On Wed, Feb 15, 2017 at 11:57 AM, Michael Hirmke <[hidden email]>
>> wrote:
>>>> A nice feature for zypper could be that it tries a mirror, and after a
>>>> couple failures, it tries the specified repo before failing.
>>
>> I cannot populate my mirror because I would have to load the files via
>> the same file checker. Every file is checked. My mirror would not
>> contain the suspect files. They are simply not let pass. Unless the
>> external source is on the white list.
>>

>If I read Michael's mail correctly, the intention was to split the issue
>in two aspects.
>1. Avoid zypper using random mirrors by pointing it to the one and only
>internal mirror repository
>2. Limit the firewall exception to exactly one external repo server from
>which you then mirror the data to your local server.

this was exactly my intention.
And this is, what I'm doing here.

Bye.
Michael.
--
Michael Hirmke

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Michael Hirmke
In reply to this post by Roger Oberholtzer-2
Hi Roger,

[...]
>> 2. Limit the firewall exception to exactly one external repo server from
>> which you then mirror the data to your local server.

>That is still the question: since all repos are not on all mirrors
>(like the one I mentioned - but there are many more), I would still
>need to get the mirror software to talk to an external server. I guess
>the idea is that mirrors always get data from download.opensuse.org
>and never from a mirror. SO I only need that in the white list.

>I can't help but think that the mirror activity may be more work
>against download.opensuse.org than my occasional updates...

this might be, but you can definitely avoid your problem with the
firewall scanner by using exactly one external server - or maybe two, if
you need packages from more than one server.

>--
>Roger Oberholtzer

Bye.
Michael.
--
Michael Hirmke

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Carlos E. R.-2
In reply to this post by Roger Oberholtzer-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



El 2017-02-15 a las 14:56 +0100, Roger Oberholtzer escribió:

> On Wed, Feb 15, 2017 at 2:30 PM, Carlos E. R. <> wrote:
>
>> The thing is, it is not zypper which decides the mirror to use, but the
>> mirrorbrain at the download server.
>>
>> Your people would have to decide to clear not a server outside, but one
>> inside. The one that creates an internal mirror. Install an antivirus in
>> that machine, and do the scanning in there. Suspect files are notified, and
>> you clear them manually after confirmation. While the mirror sync job is
>> working, the server does not serve the LAN.
>
> I have had a machine in the DMZ. It provided a few services. This is a
> tricky machine in that the IT guys have an external company that tries
> to exploit things that are exposed. They are ruthless. I have been
> trying to minimize the things this machine does to the bare minimum so
> that there is less for them to complain about. I don't really want to
> have it become a mirror.
I was not thinking of a mirror in the DMZ. Just one designed together
with the IT guys. If they insist, it can be a Windows Server machine...

Just one machine that is allowed to download files without prior
scanning virus, but scanning later and using quarantine, not delete. And
scanning specifically for Linux viruses. Hopefully running in Linux.

When that machine starts syncing, it has to disable http server, till
the virus scan is run.

Notice that this is safer, from paranoid point of view, than
whitelisting an URL...


> I had guessed that the mirror redirection was done as you described.
> Too bad the mirror is not opaque and that the local system still just
> sees download.opensuse.org.

That's intentional: otherwise it is impossible to find which mirror is
misbehaving.


Your easier bet is to not use the download at opensuse server, but some
of the mirrors directly. A number of them if needed.


- --
Cheers
        Carlos E. R.

        (from 42.2 x86_64 "Malachite" (Minas Tirith))

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlikaNEACgkQja8UbcUWM1yfJgD/fbrPkpX1jzEoFpJVrm3nBX3I
UcsFYNBiLDDrhLkiR68A/Au6W/fQ8MOC/oZAAtVlYjEQdmm/jINzQ72v/agmeV46
=6j81
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Per Jessen
In reply to this post by Roger Oberholtzer-2
Roger Oberholtzer wrote:

> Background:
>
> I have a couple of Tumbleweed (intel and ARM) machines at work. These
> are behind the corporate firewall. This firewall scans every file
> download for viri and the like. If a file is suspect, you don't get
> it. I have encountered a problem where a couple of openSUSE RPMS look
> suspicious to this check, and are blocked from download. At least this
> is what the IT guys feel is happening.
>
> The specific files change. But if a file fails, it will always fail.
> So it is consistent. For example, at the time of this message, this
> file is not allowed:
>
> http://download.opensuse.org/tumbleweed/repo/oss/suse/i686/kernel-pae-4.9.9-1.1.i686.rpm
>
> Another unpopular file is kernel-firmware. And, the Windows versions
> of Tcl and Tk. But others pop up occasionally.

That is very odd.  By default, zypper will use chunked/segmented downloading
spread over multiple mirrors.  Your corp firewall will only see individual
segments from different servers, never a single complete file - so the
failure is happening on bits of the files only. Very odd.

> The IT guys have offered to white list a site where the files will be
> passed through. So I thought I would suggest download.opensuse.org.
> The problem is that zypper uses mirrors. So the downloads may not
> actually come from there. I thought I would just specify a local
> mirror in the URL.
>
> Unfortunately, mirrors seem not to mirror everything on
> download.opensuse.org.

Correct, the mirror operators decide what they want to mirror.  Couldn't you
just pick a single mirror that provides tumbleweed/ ? for instance:

http://mirrors.se.eu.kernel.org/opensuse/tumbleweed

> Is it possible (even though I understand that it is perhaps bad
> netiquette) to tell zypper to not use a mirror?

Not to my knowledge.  mirrorbrain dishes them out, I think it's just an http
302 redirect.

 
--
Per Jessen, Zürich (10.3°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Per Jessen
In reply to this post by Roger Oberholtzer-2
Roger Oberholtzer wrote:

> On Wed, Feb 15, 2017 at 2:30 PM, Carlos E. R.
> <[hidden email]> wrote:
>
>> The thing is, it is not zypper which decides the mirror to use, but the
>> mirrorbrain at the download server.
>>
>> Your people would have to decide to clear not a server outside, but one
>> inside. The one that creates an internal mirror. Install an antivirus in
>> that machine, and do the scanning in there. Suspect files are notified,
>> and you clear them manually after confirmation. While the mirror sync job
>> is working, the server does not serve the LAN.
>
> I have had a machine in the DMZ. It provided a few services. This is a
> tricky machine in that the IT guys have an external company that tries
> to exploit things that are exposed. They are ruthless. I have been
> trying to minimize the things this machine does to the bare minimum so
> that there is less for them to complain about. I don't really want to
> have it become a mirror. I guess that would also mean that folks in
> the area would perhaps be sent here for their files.

Only if you sign up as an official mirror.  If such a machine on the DMZ
does not have files scanned, a local mirror sounds like a pretty good idea.

 
--
Per Jessen, Zürich (10.4°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Carlos E. R.-2
In reply to this post by Per Jessen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



El 2017-02-15 a las 16:34 +0100, Per Jessen escribió:
> Roger Oberholtzer wrote:

>> http://download.opensuse.org/tumbleweed/repo/oss/suse/i686/kernel-pae-4.9.9-1.1.i686.rpm
>>
>> Another unpopular file is kernel-firmware. And, the Windows versions
>> of Tcl and Tk. But others pop up occasionally.
>
> That is very odd.  By default, zypper will use chunked/segmented downloading
> spread over multiple mirrors.  Your corp firewall will only see individual
> segments from different servers, never a single complete file - so the
> failure is happening on bits of the files only. Very odd.

Can't be, because on retries the chunks would be different, no? And
still it trigers the malware block.

- --
Cheers
        Carlos E. R.

        (from 42.2 x86_64 "Malachite" (Minas Tirith))

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlikdzIACgkQja8UbcUWM1yDxQD5AakyROHfmC1BlruZT55BhOp8
BFwSBlx1/bZM7buk3wkA/0wFLJsfogqwMfOSZ1ZP6KRPsKTYbpjKK126WsqSTW+R
=UYeE
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Per Jessen
In reply to this post by Per Jessen
Per Jessen wrote:

> That is very odd.  By default, zypper will use chunked/segmented
> downloading spread over multiple mirrors.  Your corp firewall will only
> see individual segments from different servers, never a single complete
> file

There is obviously some threshold size that determines whether it is chunked
or not.  Dunno what it is.


--
Per Jessen, Zürich (10.5°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

jdd@dodin.org
I'm surprised to see that tumbleweed is not completely mirrored in any
mirror...

As you seems to work for a big business, may be you could pick the
nearest mirror (network related), verify the content and eventually ask
the mirror admin what happens, with some chance of being heard

may be it's only an update delay that makes some mirrors be a bit late
in sync

may be you could obtain from your admins to become a true openSUSE
mirror :-)

good luck
jdd

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

jdd@dodin.org
In reply to this post by Carlos E. R.-2
Le 15/02/2017 à 16:43, Carlos E. R. a écrit :

> Can't be, because on retries the chunks would be different, no? And
> still it trigers the malware block.

but it's not a malware, but simply a block that trigger with a matching
signature :-(


jdd

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Per Jessen
In reply to this post by Carlos E. R.-2
Carlos E. R. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
>
> El 2017-02-15 a las 16:34 +0100, Per Jessen escribió:
>> Roger Oberholtzer wrote:
>
>>> http://download.opensuse.org/tumbleweed/repo/oss/suse/i686/kernel-pae-4.9.9-1.1.i686.rpm
>>>
>>> Another unpopular file is kernel-firmware. And, the Windows versions
>>> of Tcl and Tk. But others pop up occasionally.
>>
>> That is very odd.  By default, zypper will use chunked/segmented
>> downloading
>> spread over multiple mirrors.  Your corp firewall will only see
>> individual segments from different servers, never a single complete file
>> - so the failure is happening on bits of the files only. Very odd.
>
> Can't be, because on retries the chunks would be different, no?

No, the chunks remain the same.  For example, one 10Mb file split into 40
segments of 256K - 40 individual downloads.  If one segment fails, it is
retried, that's all.  Might be worth disabling the chunking, I don't know if
that is possible.


--
Per Jessen, Zürich (9.8°C)
http://www.dns24.ch/ - your free DNS host, made in Switzerland.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Carlos E. R.-2
In reply to this post by jdd@dodin.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



El 2017-02-15 a las 16:54 +0100, jdd escribió:
> Le 15/02/2017 à 16:43, Carlos E. R. a écrit :
>
>> Can't be, because on retries the chunks would be different, no? And
>> still it trigers the malware block.
>
> but it's not a malware, but simply a block that trigger with a matching
> signature :-(

Of course.

- --
Cheers
        Carlos E. R.

        (from 42.2 x86_64 "Malachite" (Minas Tirith))

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlikfIsACgkQja8UbcUWM1wUGAEAnmdcYKJeUewMUfXSiK3Y/VCL
8WtRp+/LgqKo0Lgb1OsA/0AqfmR2gl/MUJITp/G5KEqIzrrkIOk6TzRNCZL1MTy4
=vF+D
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mirrors

Carlos E. R.-2
In reply to this post by Per Jessen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



El 2017-02-15 a las 17:03 +0100, Per Jessen escribió:
> Carlos E. R. wrote:

>>> That is very odd.  By default, zypper will use chunked/segmented
>>> downloading
>>> spread over multiple mirrors.  Your corp firewall will only see
>>> individual segments from different servers, never a single complete file
>>> - so the failure is happening on bits of the files only. Very odd.
>>
>> Can't be, because on retries the chunks would be different, no?
>
> No, the chunks remain the same.  For example, one 10Mb file split into 40
> segments of 256K - 40 individual downloads.  If one segment fails, it is
> retried, that's all.  Might be worth disabling the chunking, I don't know if
> that is possible.
Ah, I see. You mean the chunks would be the same each time.

Are you sure the checker can't reconstruct the file? Some places the
download occurs at an internal server, and the user machine sees nothing
till after the end, when that machine does a virus check. Other times
the download stalls at 99% and never ends. The name Ironclad comes to my
mind.

- --
Cheers
        Carlos E. R.

        (from 42.2 x86_64 "Malachite" (Minas Tirith))

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlikfT0ACgkQja8UbcUWM1yWggEAhMSL9CkYK9N/T+bvL/wJl0AI
7vRR64eWi8BhnAmfqEcA/iR5hn3IhHgMTeKVuW70v9qHfIomAwwe55OfKy0lHbNM
=/U17
-----END PGP SIGNATURE-----
123
Loading...