Setup 2.917 fails to load mirror list

Jon Turney
Fri Feb 11 15:08:14 GMT 2022

On 10/02/2022 14:49, Vanda Vodkamilkevich wrote:
> Le jeu. 10 févr. 2022 à 14:54, Jon Turney a écrit :
>> On 09/02/2022 15:35, Vanda Vodkamilkevich wrote:
>>> If it helps, the output log when I saw the issues with setup
>>> ########### Try to download with proxy set
>> [...]
>>> Cached mirror list unavailable
>> [...]
>>> HTTP status 403 fetching
>>> ########### Using 2.908 version: it works
>> [...]
>>> Cached mirror list unavailable
>> [...]
>>> Fetched URL:
>>> ########### Rerun with new version
>> [...]
>>> Loaded cached mirror list
>> [...]> connection error: 12057 fetching
>>> Using cached mirror list
>> The significant change seems to be we now fetch the mirror list
>> using https (since 2.892, but since you are using a self-built
>> setup with local changes, you don't seem to have picked that up
>> until now)
>> 12057 is ERROR_INTERNET_SEC_CERT_REV_FAILED, which leads down quite
>> a rabbit hole, but apparently this means something like
>> 'certificate validity isn't checked in the process using wininet,
>> but in a service, which doesn't have access to the proxy
>> credentials we are using, so fails trying to fetch any CRL'.
>> You don't mention that your proxy actually needs any credentials.
>> Why we get a different error code the second time is mysterious.
>> How we can then go on to successfully fetch from a https:// mirror
>> if it presents a CRL doesn't make a lot of sense.
>> I'm baffled.
> You nailed it... My corporate proxy blocks the https to the mirror
> list. And my old version of setup was using http.

This could mean:
- https is blocked by the proxy (due to policy or misconfiguration)
- https to is blocked by the proxy (ditto)
- the setup code is doing something wrong so that the proxy is blocking 
it's attempt to use http here

> Maybe if https failed you should retry with http?

Nope, for the reasons already given by Adam.

I'd *maybe* consider a patch adding an '--no-https' option which causes 
plain http:// to be used (and probably turns off [1] as well) to allow 
setup to run in environments which are hostile to https.


> Btw where is this mirror list file saved? I could cheat by fetching
> it with http before using setup?

The 'cached mirror list' referred to here is stored in the mirrors-lst 
key in /etc/setup/setup.rc

More information about the Cygwin mailing list