12-11-2014, 03:12 PM | #1 |
Junior Member
Posts: 8
Karma: 10
Join Date: Dec 2010
Device: Kindle 3
|
Linux Installer Times Out Behind Firewall
Any help installing Calibre on Linux behind a firewall would be appreciated.
I'm running the standard Linux Installer command: sudo -v && wget -nv -O- https://raw.githubusercontent.com/ko...x-installer.py | sudo python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()" This times out with the error: Code:
2014-12-11 14:57:00 URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py [25619/25619] -> "-" [1] Installing to /opt/calibre Downloading tarball signature securely... Traceback (most recent call last): File "<string>", line 1, in <module> File "<string>", line 648, in main File "<string>", line 620, in download_and_extract File "<string>", line 612, in get_tarball_info File "<string>", line 576, in get_https_resource_securely File "<string>", line 493, in connect File "/usr/lib64/python2.7/socket.py", line 571, in create_connection raise err socket.timeout: timed out Rather, this looks to be some certificate issue. Examining the Python code returned by github, I see that the installer stalls at grabbing the signature at https://status.calibre-ebook.com/tarball-info/x86_64. I can browse and see this signature if I enter a certificate exception or save the cert and load into FF's server certificates. However, wget shows this: Code:
$ wget https://status.calibre-ebook.com/tarball-info/x86_64 --2014-12-11 15:04:59-- https://status.calibre-ebook.com/tarball-info/x86_64 Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:3128... connected. ERROR: cannot verify status.calibre-ebook.com's certificate, issued by ‘/C=IN/ST=Maharashtra/L=Mumbai/O=calibre/CN=calibre-ebook.com’: Unable to locally verify the issuer's authority. To connect to status.calibre-ebook.com insecurely, use `--no-check-certificate'. Any fixes to this issue? |
12-11-2014, 04:13 PM | #2 |
Addict
Posts: 245
Karma: 20386
Join Date: Sep 2010
Location: France
Device: Cybook Diva
|
I don't know what wget uses as a certificate repo. Did you try adding --no-check-certificate ?
N. |
Advert | |
|
12-11-2014, 05:29 PM | #3 |
Junior Member
Posts: 8
Karma: 10
Join Date: Dec 2010
Device: Kindle 3
|
Yes, the wget commands work using --no-check-certificate, but that doesn't help the Python code that wget gets.
|
12-11-2014, 05:47 PM | #4 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
I believe the certificate is contained within linux-installer.py -- because it is self-signed by Kovid.
So it shouldn't be allowed to fail. That would explain why wget cannot grab it. <insert shameless plug> My auto-upgrade script: https://www.mobileread.com/forums/sho...d.php?t=237233 </insert shameless plug>
So you can use (in cron, even) Code:
sudo calibre-upgrade.sh Last edited by eschwartz; 12-13-2014 at 09:49 PM. |
12-13-2014, 01:52 AM | #5 |
creator of calibre
Posts: 43,866
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Why do you think a timeout is a certificate issue? If it were me, I'd look at traffic to/from the https proxy. I'd guess that the proxy does not forward an https connection it cannot establish itself (since it does not have the necessary certificate).
In any case, you can always downlaod the tarball yourself and run the installer manually see the instructions on the download page for reverting to a earlier calibre release. Last edited by kovidgoyal; 12-13-2014 at 01:55 AM. |
Advert | |
|
12-19-2014, 05:57 AM | #6 |
Junior Member
Posts: 8
Karma: 10
Join Date: Dec 2010
Device: Kindle 3
|
I believe you're right—this is some shell variable issue on my box, and has nothing to do with certs or calibre. Sorry for the misdirect.
For some reason, sudo commands aren't being passed the http_proxy and https_proxy environment variables. These are set in the user space, and I've made sure that they're both set in the user and root's ~/.profile, yet sudo commands don't get these variables. It will take some more digging—I haven't seen behavior this before. |
12-28-2014, 12:58 AM | #7 | |
Junior Member
Posts: 2
Karma: 10
Join Date: Dec 2014
Location: Udon Thani, Thailand
Device: Samsung Note 10.1
|
followup to manual install recommendation
Quote:
/opt/calibre is not on my current path. Do you have a recommended method to launch it? (other than typing /opt/calibre/calibre) I'm using Ubuntu 14.10. I thought about a symbolic link in /usr/bin but thought I'd ask first. TIA |
|
12-28-2014, 01:17 AM | #8 |
creator of calibre
Posts: 43,866
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
A symlink is fine, though if you run sudo /opt/calibre/calibre_postinstall it will do all that for you automatically.
|
12-29-2014, 06:53 AM | #9 |
Junior Member
Posts: 2
Karma: 10
Join Date: Dec 2014
Location: Udon Thani, Thailand
Device: Samsung Note 10.1
|
|
01-29-2015, 03:53 PM | #10 | |
Junior Member
Posts: 8
Karma: 10
Join Date: Dec 2010
Device: Kindle 3
|
Fixed it. Behind a firewall, you must use 'sudo -E' to preserve the http_proxy and https_proxy environment variables, like this:
Quote:
|
|
Tags |
centos, certificate, install, linux, ssl |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Fully automatic calibre installer/updater for linux | eschwartz | Related Tools | 43 | 02-08-2022 06:59 PM |
Linux installer question | opitzs | Calibre | 2 | 11-09-2011 07:20 AM |
Either a userbug or a problem with the generic Linux binary installer. | Ingrid | Calibre | 11 | 07-16-2008 03:26 AM |
Firewall Forensics (What am I seeing?) | Colin Dunstan | Lounge | 0 | 06-27-2005 02:23 AM |
Free Linux-based Sentry Firewall CD | TadW | Lounge | 0 | 05-25-2005 04:25 PM |