Issue with the MetaRepository repo
MrDini
Posts: 12
Freshman Member
Freshman Member
Hi again,
I got an NSA310 to make it "smarter" for a few days. 
It already had MetaRepository installed however with the old nas-central urls. Therefore I felt like I should update.
It already had MetaRepository installed however with the old nas-central urls. Therefore I felt like I should update.Firstly I modified the config like this:
# Mijzelf's repository
https://nas-central.mrdini.me/Users/Mijzelf/zypkg-repo/ Mijzelf
That didn't work out... Then I took a deeper look on the metarepo logs. Here is the full one: [link]
So it tries to use the fw built in curl located at /usr/bin/curl. That's not the best for me I thought because it uses the fw built-in libcrypto and libssl:
root@NSA310:~# readelf -a /usr/bin/curl | grep NEEDED
0x00000001 (NEEDED) Shared library: [libssl.so.0.9.8]
0x00000001 (NEEDED) Shared library: [libcrypto.so.0.9.8]
0x00000001 (NEEDED) Shared library: [librt.so.1]
0x00000001 (NEEDED) Shared library: [libz.so.1]
0x00000001 (NEEDED) Shared library: [libc.so.6]
So it fails with the CloudFlare SNI SSL what I have on my repo mirror:
root@NSA310:~# /usr/bin/curl https://nas-central.mrdini.me/Users/Mijzelf/zypkg-repo/ZYPKG_INFO.tgz --insecure > /dev/null
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
I have FFp installed with the latest curl from the good old barmalej2 repository and that one works fine.
However because of the default ordering in MetaRepo's pkgcgi.cgi, the fw built-in one will be used always:
for path in /bin/ /sbin/ /usr/bin/ /usr/sbin/ /usr/local/bin/ /usr/local/sbin/ /opt/bin/ /opt/sbin/ /ffp/bin/ /ffp/sbin/
I would prefer to keep https on my mirror, so making it http only isn't really an option.
Then I decided to go with the repository provided by @Mijzelf which seemed HTTP only and therefore perfect to me. That seems to be failing also and here is the log: [link]
If I do a manual curl I can get the files fine.
So what should I do to have the Mijzelf repo working?
#NAS_Jul_2019
#NAS_Jul_2019
0
Accepted Solution
-
On that mirror that should be http://zyxel.diskstation.eu/Users/Mijzelf/zypkg-repo/fw4 or -fw5, depending on your box. On nas-central that was / or /NAS500/, which was a bit ad-hoc. So now I had the chance I changed it.
And no, I'm not going to make the search path configurable using the webinterface, as that still doesn't solve the initial install problem.
For existing installations there are 2 work arounds, monkey patching, and using the internal repo on harddisk.
0
Guru MemberAll Replies
-
Your link to the 2nd log is the wrong one.I tried your repository with the build-in curl on my NAS520, and it works. So your problem is fw4 only, I suppose.I think there is no real solution for your problem. When the build in download tools fails, you won't be able to install MR, and no change in the package can solve that. The path in web_prefix has to be accessible by firmware tools.The search for curl in those paths are on purpose. I could have called curl without specification, as an early version of MR did. But on some box with an ffp stick somehow MR used ffp wget, which was broken. Don't know how that is possible, as ffp is not in the search path for apache, and so not for MR. But I think the owner had injected it to get a newer php or something like that. Anyway, that wget was broken.So I searched for the binary to explicitly call it, as build-in binaries are harder to break. Later I added curl support, as that also supported https links, and didn't change the search path.But of course you can change it manually when needed.BTW, are you aware that the latest MR on the 'other mirror' is updated to support mirrors explicitly? Some packages (like MidnightCommander on an fw5 device) needs to download some extra libraries, and it was hardcoded to nas-central. The latest MR tells the package on install where it came from, so it can adjust it's internal url's.
0 -
Sorry for the link, this forum engine is a bit annoying when it comes to inserting them so I managed to insert the wrong url. Will send the correct logs tomorrow.
Maybe depending on the success of the found curl binary we could force MR to check ffp's first and then if that's breaking return to the original one. Or maybe you could ship a curl binary... Or would that be overkill? Actually a simple textbox for the curl/wget pathes would be amazing to have so anyone can adjust those settings without monkey patching your code and therefore break the ability of upgrading MR without loosing the commit...
If that's too much to ask I understand! Ty0 -
0
Categories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 907 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
Consumer Product Help Center
FAQ