Zypper patch ... with Authentication required?

Hi,
I was trying to update my openSuSE server using zypper patch.
First round went quite far, I guess, but started to ask me authentication to download
some packages.
I ignored those in the first run, was about codecs, so I thought I would retry later.
So when I retry this happens just from the start.

uyunisrv:~ # zypper patch --auto-agree-with-licenses
Authentication required for 'http://download.opensuse.org/update/leap/15.5/backports/'
User Name:

What would this authentication be for, download.opensuse.org?
Could this be an internal problem with the firewall this server has to go through to access internet (although seemed to work fine for weeks now)?

I have some “Invalid traffic” msg on the firewall log, e.g. for this IP

uyunisrv:~ # nslookup 99.83.188.102
102.188.83.99.in-addr.arpa      name = abb6b777297e9c2b1.awsglobalaccelerator.com.

is this some mirror or storage hosting for the openSuSE packages, so I would have to add these to the permits through the firewall?

So I added the awsglobalacc to the rule.
Next try with zypper:

uyunisrv:~ # zypper patch --auto-agree-with-licenses
Authentication required for 'http://download.opensuse.org/update/leap/15.5/backports/'
User Name: 

But opensuse.org is already in the rule with a wildcard and never made any problems.
Might this be some temporary problem?
What else can I do to check or get the updates through?
Thanks for any ideas.
Kind regards

Show

curl -ILv http://download.opensuse.org/update/leap/15.5/backports/repodata/repomd.xml

Hi and thanks

uyunisrv:~ # curl -ILv http://download.opensuse.org/update/leap/15.5/backports/repodata/repomd.xml
*   Trying 195.135.223.226:80...
* Connected to download.opensuse.org (195.135.223.226) port 80 (#0)
> HEAD /update/leap/15.5/backports/repodata/repomd.xml HTTP/1.1
> Host: download.opensuse.org
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< date: Tue, 14 May 2024 09:17:29 GMT
date: Tue, 14 May 2024 09:17:29 GMT
< server: Mojolicious (Perl)
server: Mojolicious (Perl)
< cache-control: must-revalidate
cache-control: must-revalidate
< content-disposition: inline;filename="repomd.xml"
content-disposition: inline;filename="repomd.xml"
< content-length: 3149
content-length: 3149
< content-type: application/xml;name="repomd.xml"
content-type: application/xml;name="repomd.xml"
< expires: Tue, 14 May 2024 09:19:49 GMT
expires: Tue, 14 May 2024 09:19:49 GMT

<
* Connection #0 to host download.opensuse.org left intact

Anything in /var/log/zypper.log?

Maybe no patches available at the moment. Normally people don’t use patch but zypper up in leap which includes the patch repo

Ok, thanks. When I try

uyunisrv:~ # zypper up
Authentication required for 'http://download.opensuse.org/update/leap/15.5/sle/'
User Name:

I still get some authentication request.
Either way, patches or no patches … who is asking for authentication? Does not look like my firewall does …
Thanks

In your first post you mentioned this is a server…
Do you have any additional security functions implemented? See for example this guy:
http://isp-control.net/forum/printthread.php?tid=10548

I can confirm there seems to be a cert signing problem on that repo.

Hopefully it will get fixed soon.

Right, shoud have looked into that.
Indeed, I find “login failed” …

2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media] MediaHandler.cc(removeAttachPoint):162 Deleted default attach point /var/tmp/AP_0xWSX2UA
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media] MediaHandler.cc(release):775 Released: http://download.opensuse.org/update/leap/15.5/sle/ not attached; localRoot ""
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media] MediaManager.cc(close):116 Close: http(http://download.opensuse.org/update/leap/15.5/sle/ not attached; localRoot "") (OK)
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media++] MediaHandler.cc(release):707 Request to release media - not attached; eject ''
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media] MediaManager.cc(close):116 Close: http(http://download.opensuse.org/update/leap/15.5/sle/ not attached; localRoot "") (OK)
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media++] MediaHandler.cc(release):707 Request to release media - not attached; eject ''
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp::media++] MediaHandler.cc(removeAttachPoint):150 MediaHandler - checking if to remove attach point
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp] refresh.cc(~RefreshContext):58 Deleting RefreshContext
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp-core] PathInfo.cc(recursive_rmdir):435 recursive_rmdir /var/cache/zypp/raw/repo-sle-updateuaSc9B 
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypp-core++] TmpPath.cc(~Impl):82 TmpPath cleaned up /var/cache/zypp/raw/repo-sle-updateuaSc9B{d 0755 0/0}
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 RepoManager.cc(refreshMetadata):371 RETHROW:  Login failed. (http://download.opensuse.org/update/leap/15.5/sle/repodata/c811badf41a5febfb7b2dbde47c3ee38f3ba3d6cccee70afbaa2f8be0af21c13-deltainfo.xml.gz): The requested URL returned error: 401
2024-05-14 14:34:14 <3> uyunisrv(20795) [zypp] RepoManager.cc(refreshMetadata):380 Trying another url...
2024-05-14 14:34:14 <3> uyunisrv(20795) [zypp] RepoManager.cc(refreshMetadata):391 No more urls...
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 RepoManager.cc(refreshMetadata):392 THROW:    [repo-sle-update|http://download.opensuse.org/update/leap/15.5/sle/] Valid metadata not found at specified URL
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 History:
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202  - Login failed. (http://download.opensuse.org/update/leap/15.5/sle/repodata/c811badf41a5febfb7b2dbde47c3ee38f3ba3d6cccee70afbaa2f8be0af21c13-deltainfo.xml.gz): The requested URL returned error: 401
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 repos.cc(refresh_raw_metadata):425 CAUGHT:   [repo-sle-update|http://download.opensuse.org/update/leap/15.5/sle/] Valid metadata not found at specified URL
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 History:
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202  - Login failed. (http://download.opensuse.org/update/leap/15.5/sle/repodata/c811badf41a5febfb7b2dbde47c3ee38f3ba3d6cccee70afbaa2f8be0af21c13-deltainfo.xml.gz): The requested URL returned error: 401
2024-05-14 14:34:14 <5> uyunisrv(20795) [zypp-core] Exception.cc(log):202 
2024-05-14 14:34:14 <2> uyunisrv(20795) [zypper] Zypper.h(immediateExit):195 Immediate Exit requested (0,SigExitTreasure-Void).
2024-05-14 14:34:14 <1> uyunisrv(20795) [zypper] Zypper.cc(cleanup):738 START

Is there a way to upload some log file to this post?

Trying to check this out. Thanks.

I have the impression that the server is contacting lots of IP’s, like the aforementioned
awsglobalaccelerator.com
and now I see
*.static.monaco.mc

Is there a way to inhibit this what looks to me kind of round robbin among mirrors or is this something I have somehow to live with or adjust the firewall rules when it happens?

You can control which repos are used in Yast and zypper

I see a problem with the update repo here it appears to be a bad certificate.

Thanks.

These are my repos:

uyunisrv:~ # zypper lr -u
Repository priorities are without effect. All enabled repositories share the same priority.

#  | Alias                       | Name                                                                                        | Enabled | GPG Check | Refresh | URI
---+-----------------------------+---------------------------------------------------------------------------------------------+---------+-----------+---------+-------------------------------------------------------------------------------------------------------------------------
 1 | openSUSE-Leap-15.5-1        | openSUSE-Leap-15.5-1                                                                        | No      | ----      | ----    | cd:/?devices=/dev/disk/by-id/ata-VMware_Virtual_IDE_CDROM_Drive_00000000000000000001
 2 | repo-backports-debug-update | Update repository with updates for openSUSE Leap debuginfo packages from openSUSE Backports | No      | ----      | ----    | http://download.opensuse.org/update/leap/15.5/backports_debug/
 3 | repo-backports-update       | Update repository of openSUSE Backports                                                     | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.5/backports/
 4 | repo-debug                  | Debug Repository                                                                            | No      | ----      | ----    | http://download.opensuse.org/debug/distribution/leap/15.5/repo/oss/
 5 | repo-debug-non-oss          | Debug Repository (Non-OSS)                                                                  | No      | ----      | ----    | http://download.opensuse.org/debug/distribution/leap/15.5/repo/non-oss/
 6 | repo-debug-update           | Update Repository (Debug)                                                                   | No      | ----      | ----    | http://download.opensuse.org/debug/update/leap/15.5/oss/
 7 | repo-debug-update-non-oss   | Update Repository (Debug, Non-OSS)                                                          | No      | ----      | ----    | http://download.opensuse.org/debug/update/leap/15.5/non-oss/
 8 | repo-non-oss                | Non-OSS Repository                                                                          | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/distribution/leap/15.5/repo/non-oss/
 9 | repo-openh264               | Open H.264 Codec (openSUSE Leap)                                                            | Yes     | (r ) Yes  | Yes     | http://codecs.opensuse.org/openh264/openSUSE_Leap/
10 | repo-oss                    | Main Repository                                                                             | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/distribution/leap/15.5/repo/oss/
11 | repo-sle-debug-update       | Update repository with debuginfo for updates from SUSE Linux Enterprise 15                  | No      | ----      | ----    | http://download.opensuse.org/debug/update/leap/15.5/sle/
12 | repo-sle-update             | Update repository with updates from SUSE Linux Enterprise 15                                | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.5/sle/
13 | repo-source                 | Source Repository                                                                           | No      | ----      | ----    | http://download.opensuse.org/source/distribution/leap/15.5/repo/oss/
14 | repo-update                 | Main Update Repository                                                                      | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.5/oss
15 | repo-update-non-oss         | Update Repository (Non-Oss)                                                                 | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.5/non-oss/
16 | uyuni-server-stable         | uyuni-server-stable                                                                         | Yes     | (r ) Yes  | No      | https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/

Where do you see the bad certificate, in the log?
Can I fix that and can you advise me how?
Thanks a lot

you can’t fix it it must be fixed at the repo

1 Like

So it’s just to wait, right?
Thanks, guys, for your time and comments!

yep I just check again and the update worked

Oh, like minutes later?
I have no luck yet … still getting the authentication question …

maybe a different mirror try again tomorrow

After reboot I get this:

uyunisrv:~ # zypper up
Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata .......................................................[error]
Repository 'Update repository with updates from SUSE Linux Enterprise 15' is invalid.
[repo-sle-update|http://download.opensuse.org/update/leap/15.5/sle/] Valid metadata not found at specified URL
History:
 - File './repodata/c811badf41a5febfb7b2dbde47c3ee38f3ba3d6cccee70afbaa2f8be0af21c13-deltainfo.xml.gz' not found on medium 'http://download.opensuse.org/update/leap/15.5/sle/'

Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository 'Update repository with updates from SUSE Linux Enterprise 15' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Reading installed packages...

The following package update will NOT be installed:
  cobbler
Nothing to do.

with

uyunisrv:~ # curl -ILv http://download.opensuse.org/update/leap/15.5/sle/
*   Trying 195.135.223.226:80...
* Connected to download.opensuse.org (195.135.223.226) port 80 (#0)
> HEAD /update/leap/15.5/sle/ HTTP/1.1
> Host: download.opensuse.org
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< date: Tue, 14 May 2024 13:39:57 GMT
date: Tue, 14 May 2024 13:39:57 GMT
< server: Mojolicious (Perl)
server: Mojolicious (Perl)
< cache-control: public, max-age=300
cache-control: public, max-age=300
< content-length: 9478
content-length: 9478
< content-type: text/html;charset=UTF-8
content-type: text/html;charset=UTF-8
< vary: Accept-Encoding
vary: Accept-Encoding
< set-cookie: mojolicious=eyJjc3JmX3Rva2VuIjoiOTI2YzVlZjQzM2QxNGY2MzU1MjYxZDM1YzlmNDFkMWEzMWQ2YTk5NiIsImV4cGlyZXMiOjE3MTU2OTc1OTd9WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo---9203731f023e13b48034b4a348008863fcc12ad8030021bc947d3093f04be750; expires=Tue, 14 May 2024 14:39:57 GMT; path=/; HttpOnly; SameSite=Lax
set-cookie: mojolicious=eyJjc3JmX3Rva2VuIjoiOTI2YzVlZjQzM2QxNGY2MzU1MjYxZDM1YzlmNDFkMWEzMWQ2YTk5NiIsImV4cGlyZXMiOjE3MTU2OTc1OTd9WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo---9203731f023e13b48034b4a348008863fcc12ad8030021bc947d3093f04be750; expires=Tue, 14 May 2024 14:39:57 GMT; path=/; HttpOnly; SameSite=Lax

<
* Connection #0 to host download.opensuse.org left intact
uyunisrv:~ #

Yeah, I guess I will get back to this tomorrow.

Well, I just re-tried the zypper up again …
Looks like all (quite) is good now.

Except:

Retrieving: libopenh264-7-2.3.1-2.sle150500.2.x86_64 (Open H.264 Codec (openSUSE Leap))                                             (166/167), 428.8 KiB
Authentication required for 'http://codecs.opensuse.org/openh264/openSUSE_Leap/'
User Name: 

but I guess this will be handled, too, sometime.
So, thanks again for all the comments and hints.
I will sign the post as solved, as it “resolved by its own” :wink:

Thanks