Jump to content

update in buster is failing with redirection from https to 'http://armbian.tnahosting.net/apt/dists/buster/Release' is forbidden


dudepron
Go to solution Solved by lanefu,

Recommended Posts

I've tried without and with --no-allow-insecure-repositories and --allow-unauthenticated

Cert issue on the remote?

 

ns1@ns1:~$ sudo apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://httpredir.debian.org/debian buster InRelease
Hit:3 http://httpredir.debian.org/debian buster-updates InRelease
Ign:4 https://apt.armbian.com buster InRelease
Err:5 https://apt.armbian.com buster Release
  Redirection from https to 'http://armbian.tnahosting.net/apt/dists/buster/Release' is forbidden [IP: 173.45.128.12 443]
Reading package lists... Done
E: The repository 'https://apt.armbian.com buster Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
ns1@ns1:~$ sudo apt-get update --no-allow-insecure-repositories
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://httpredir.debian.org/debian buster InRelease
Hit:3 http://httpredir.debian.org/debian buster-updates InRelease
Ign:4 https://apt.armbian.com buster InRelease
Err:5 https://apt.armbian.com buster Release
  Redirection from https to 'http://armbian.tnahosting.net/apt/dists/buster/Release' is forbidden [IP: 173.45.128.12 443]
Reading package lists... Done
E: The repository 'https://apt.armbian.com buster Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
ns1@ns1:~$ sudo apt-get update --allow-unauthenticated
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://httpredir.debian.org/debian buster InRelease
Hit:3 http://httpredir.debian.org/debian buster-updates InRelease
Ign:4 https://apt.armbian.com buster InRelease
Err:5 https://apt.armbian.com buster Release
  Redirection from https to 'http://armbian.tnahosting.net/apt/dists/buster/Release' is forbidden [IP: 173.45.128.12 443]
Reading package lists... Done
E: The repository 'https://apt.armbian.com buster Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
ns1@ns1:~$

Link to comment
Share on other sites

But IMO connecting via HTTPS is preferred, while in this case a redirection to plain HTTP should simply not be done? The targets are available via HTTPS as well (https://armbian.systemonachip.net/apt/, https://armbian.tnahosting.net/apt/ etc.), some mirrors even enforce it (http://imola.armbian.com/), so wouldn't it be best to redirect without scheme to preserve HTTP or HTTPS depending on the initial client connection?

Link to comment
Share on other sites

On 7/30/2021 at 11:52 PM, lanefu said:

Lol i got a lot of feedback about https being an undesirable default.    Major reason being those on small connections heavilly rely on caching proxies to make life better.

 

And yes persisting protocol based on request would be ideal.  How are you at python?

 

https://github.com/armbian/dl-router/issues/2

Same script, one for http mirrors (port 80) and one for https mirrors (port 443).

Link to comment
Share on other sites

I would say same script, but changing the list to not include scheme, and then prepend scheme of client request to target mirror: https://github.com/armbian/dl-router/blob/master/app/mirrors.yaml

I also see that mirrors.netix.net entry is with HTTP, but it has forced redirect to HTTPS, at least after receiving the HSTS header once.

 

I'm learning Python by doing little contributions here and there, so I'll have a look if I can add this feature :).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines