Anyone have an idea? This used to work fine. Perhaps something changed recently.
https://copr-be.cloud.fedoraproject.org/results/patternfly/patternfly-test/f...
""" Error Downloading http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...: hostname 'www.patternfly.org' doesn't match either of '*.rhcloud.com', 'rhcloud.com' """
RPM is hosted on www.patternfly.org, which is an OpenShift site (rhcloud.com). Almost looks like copr is checking IPs.
(An rpm upload would be very nice... not sure why copr needs to pull rpms via http anyway.)
Thanks, Greg
Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gshereme@redhat.com
----- Original Message -----
From: "Greg Sheremeta" gshereme@redhat.com To: copr-devel@lists.fedorahosted.org Cc: "Robb Hamilton" rhamilto@redhat.com Sent: Wednesday, January 28, 2015 4:29:05 PM Subject: help with failing build
Anyone have an idea? This used to work fine. Perhaps something changed recently.
https://copr-be.cloud.fedoraproject.org/results/patternfly/patternfly-test/f...
""" Error Downloading http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...: hostname 'www.patternfly.org' doesn't match either of '*.rhcloud.com', 'rhcloud.com' """
RPM is hosted on www.patternfly.org, which is an OpenShift site (rhcloud.com). Almost looks like copr is checking IPs.
(An rpm upload would be very nice... not sure why copr needs to pull rpms via http anyway.)
Thanks, Greg
Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gshereme@redhat.com _______________________________________________ copr-devel mailing list copr-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/copr-devel
The build appears to work if I use a different server to host the src rpm.
On 01/28/2015 10:29 PM, Greg Sheremeta wrote:
Anyone have an idea? This used to work fine. Perhaps something changed recently.
https://copr-be.cloud.fedoraproject.org/results/patternfly/patternfly-test/f...
""" Error Downloading http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...: hostname 'www.patternfly.org' doesn't match either of '*.rhcloud.com', 'rhcloud.com' """
RPM is hosted on www.patternfly.org, which is an OpenShift site (rhcloud.com). Almost looks like copr is checking IPs.
(An rpm upload would be very nice... not sure why copr needs to pull rpms via http anyway.)
This is problem in mockchain:
[mirek@triple//tmp]$ mockchain -r fedora-21-x86_64 http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20... starting logfile: None results dir: /var/tmp/mock-chain-mirek-6869-VkB2l5/results/fedora-21-x86_64 config dir: /var/tmp/mock-chain-mirek-6869-VkB2l5/configs/fedora-21-x86_64 Fetching http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20... Error Downloading http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...: hostname 'www.patternfly.org' doesn't match either of '*.rhcloud.com', 'rhcloud.com' Results out to: /var/tmp/mock-chain-mirek-6869-VkB2l5/results/fedora-21-x86_64 Pkgs built: 0
Can I as you please to file bug against mock? I will investigate it.
Mirek
On 01/29/2015 04:36 PM, Miroslav Suchy wrote:
This is problem in mockchain:
I'm taking it back. This is completly correct.
curl http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...
will print you redirect to https variant:
https://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc2...
And the SSL certificate is issued only for '*.rhcloud.com', 'rhcloud.com' and therefore does not match www.patternfly.org and python library refuse to download it. Which is completely correct.
Either please remove the http->https redirect or create SSL certificate which include www.patternfly.org (you have to have silver+ plan in OpenShift to do that) or just use different hosting (e.g. people.fedorahosted.org)
Mirek
Interesting -- I don't see that behavior in curl, and we actually do have the proper cert installed for patternfly:
SSL Server Certificate Issued To
Common Name (CN) *.patternfly.org Organization (O) Red Hat Inc. Organizational Unit (OU) <Not Part Of Certificate> Serial Number 02:51:C5:51:A1:11:D8:45:CA:B8:C1:FF:D8:3C:C2:D3
Maybe the cert isn't installed to all AWS locations properly? Very odd. I'm in the eastern US.
Robb, looks like there is definitely some kind of patternfly.org misconfiguration happening.
Thanks for the help, Mirek!
Greg
----- Original Message -----
From: "Miroslav Suchy" msuchy@redhat.com To: copr-devel@lists.fedorahosted.org Sent: Thursday, January 29, 2015 10:43:35 AM Subject: Re: help with failing build
On 01/29/2015 04:36 PM, Miroslav Suchy wrote:
This is problem in mockchain:
I'm taking it back. This is completly correct.
curl http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...
will print you redirect to https variant:
https://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc2...
And the SSL certificate is issued only for '*.rhcloud.com', 'rhcloud.com' and therefore does not match www.patternfly.org and python library refuse to download it. Which is completely correct.
Either please remove the http->https redirect or create SSL certificate which include www.patternfly.org (you have to have silver+ plan in OpenShift to do that) or just use different hosting (e.g. people.fedorahosted.org)
Mirek _______________________________________________ copr-devel mailing list copr-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/copr-devel
On 01/29/2015 07:09 PM, Greg Sheremeta wrote:
Interesting -- I don't see that behavior in curl, and we actually do have the proper cert installed for patternfly:
Interesting. From browser I see too: Common Name (CN) *.patternfly.org
Here is full reproducer from CLI:
python -c 'import requests; requests.get("http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...")'
Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python2.7/site-packages/requests/api.py", line 55, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 456, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, in send history = [resp for resp in gen] if allow_redirects else [] File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 179, in resolve_redirects allow_redirects=False, File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 559, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 382, in send raise SSLError(e, request=request) requests.exceptions.SSLError: hostname 'www.patternfly.org' doesn't match either of '*.rhcloud.com', 'rhcloud.com'
curl http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20... <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20.src.rpm">here</a>.</p> <hr> <address>Apache/2.2.15 (Red Hat) Server at www.patternfly.org Port 80</address> </body></html>
I am not sure what going on. I will try to dive deeper into requests module of python.
Mirek
----- Original Message -----
From: "Miroslav Suchy" msuchy@redhat.com To: "Cool Other Package Repositories" copr-devel@lists.fedorahosted.org Sent: Thursday, January 29, 2015 4:35:46 PM Subject: Re: help with failing build
On 01/29/2015 07:09 PM, Greg Sheremeta wrote:
Interesting -- I don't see that behavior in curl, and we actually do have the proper cert installed for patternfly:
Interesting. From browser I see too: Common Name (CN) *.patternfly.org
Here is full reproducer from CLI:
python -c 'import requests; requests.get("http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...")'
Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python2.7/site-packages/requests/api.py", line 55, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 456, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585, in send history = [resp for resp in gen] if allow_redirects else [] File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 179, in resolve_redirects allow_redirects=False, File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 559, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 382, in send raise SSLError(e, request=request) requests.exceptions.SSLError: hostname 'www.patternfly.org' doesn't match either of '*.rhcloud.com', 'rhcloud.com'
curl http://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://www.patternfly.org/wp-content/uploads/rpmsrc/patternfly1-1.1.3-1.fc20.src.rpm">here</a>.</p> <hr> <address>Apache/2.2.15 (Red Hat) Server at www.patternfly.org Port 80</address> </body></html>
I am not sure what going on. I will try to dive deeper into requests module of python.
Mirek _______________________________________________ copr-devel mailing list copr-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/copr-devel
Thanks. Robb is also reaching out to the OpenShift team to see if they have any ideas.
Not a huge deal for us for this build, but something worth looking into.
Greg
The problem is, that apps on OpenShift use SNI to enable custom domain names with custom certificates. Which is a standard for a bazillion years and the only thing that does not support it is Windows XP with IE 6 and... ehm, Python 2.
http://en.wikipedia.org/wiki/Server_Name_Indication
On Python 3 with request, this is completely supported. However, on Python 2, there's a workaround needed. You'll need the following to use SNI from requests:
requests>=2.3.0 ndg_httpsclient>=0.3.2 pyOpenSSL>=0.14 pyasn1>=0.1.7
On Fedora 21, for example, this is all available in the following packages:
python-requests python-ndg_httpsclient pyOpenSSL python-pyasn1
See:
* http://docs.python-requests.org/en/latest/community/faq/#what-are-hostname-d... * https://stackoverflow.com/questions/18578439/using-requests-with-tls-doesnt-...
On 01/30/2015 12:16 PM, Miro Hrončok wrote:
The problem is, that apps on OpenShift use SNI to enable custom domain names with custom certificates. Which is a standard for a bazillion years and the only thing that does not support it is Windows XP with IE 6 and... ehm, Python 2.
http://en.wikipedia.org/wiki/Server_Name_Indication
On Python 3 with request, this is completely supported. However, on Python 2, there's a workaround needed. You'll need the following to use SNI from requests:
Excelent!
pyOpenSSL>=0.14
Not available on F21 :(
Dne 30.1.2015 v 13:37 Miroslav Suchý napsal(a):
pyOpenSSL>=0.14
Not available on F21 :(
That's weird. I have it working with 0.13 but it doesn't work in virtual machine. I'm going to investigate.
Dne 30.1.2015 v 14:40 Miro Hrončok napsal(a):
That's weird. I have it working with 0.13 but it doesn't work in virtual machine. I'm going to investigate.
Ok, uninstalling and installing pyOpenSSL package reintroduced the behavior (SNI not working)
However pyOpenSSL form rawhide is installable and makes SNI work.
copr-devel@lists.fedorahosted.org