Linux Installer Times Out Behind Firewall

[stvs]

Any help installing Calibre on Linux behind a firewall would be appreciated.

I'm running the standard Linux Installer command:

sudo -v && wget -nv -O- https://raw.githubusercontent.com/ko...x-installer.py | sudo python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()"

This times out with the error:

Code:

2014-12-11 14:57:00 URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py [25619/25619] -> "-" [1]
Installing to /opt/calibre
Downloading tarball signature securely...
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "<string>", line 648, in main
  File "<string>", line 620, in download_and_extract
  File "<string>", line 612, in get_tarball_info
  File "<string>", line 576, in get_https_resource_securely
  File "<string>", line 493, in connect
  File "/usr/lib64/python2.7/socket.py", line 571, in create_connection
    raise err
socket.timeout: timed out

My shell's http_proxy and https_proxy vars are all set and working correctly, and a quick check of of 'proxies = urllib.getproxies()' shows that Python is correctly grabbing the proxies.

Rather, this looks to be some certificate issue.

Examining the Python code returned by github, I see that the installer stalls at grabbing the signature at https://status.calibre-ebook.com/tarball-info/x86_64. I can browse and see this signature if I enter a certificate exception or save the cert and load into FF's server certificates. However, wget shows this:

Code:

$ wget https://status.calibre-ebook.com/tarball-info/x86_64
--2014-12-11 15:04:59--  https://status.calibre-ebook.com/tarball-info/x86_64
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:3128... connected.
ERROR: cannot verify status.calibre-ebook.com's certificate, issued by ‘/C=IN/ST=Maharashtra/L=Mumbai/O=calibre/CN=calibre-ebook.com’:
  Unable to locally verify the issuer's authority.
To connect to status.calibre-ebook.com insecurely, use `--no-check-certificate'.

I've used CentOS's KDE System Settings>SSL Preferences to add the PEM, but this doesn't help Python's urllib to grab the signature and tarball at https://status.calibre-ebook.com, with its self-signed cert.

Any fixes to this issue?

[aleyx]

I don't know what wget uses as a certificate repo. Did you try adding --no-check-certificate ?

N.

[stvs]

Yes, the wget commands work using --no-check-certificate, but that doesn't help the Python code that wget gets.

[eschwartz]

I believe the certificate is contained within linux-installer.py -- because it is self-signed by Kovid.
So it shouldn't be allowed to fail.

That would explain why wget cannot grab it.

<insert shameless plug>

My auto-upgrade script: https://www.mobileread.com/forums/sho...d.php?t=237233
So you can use (in cron, even)

Code:

sudo calibre-upgrade.sh

</insert shameless plug>

[kovidgoyal]

Why do you think a timeout is a certificate issue? If it were me, I'd look at traffic to/from the https proxy. I'd guess that the proxy does not forward an https connection it cannot establish itself (since it does not have the necessary certificate).

In any case, you can always downlaod the tarball yourself and run the installer manually see the instructions on the download page for reverting to a earlier calibre release.

[stvs]

I believe you're right—this is some shell variable issue on my box, and has nothing to do with certs or calibre. Sorry for the misdirect.

For some reason, sudo commands aren't being passed the http_proxy and https_proxy environment variables. These are set in the user space, and I've made sure that they're both set in the user and root's ~/.profile, yet sudo commands don't get these variables. It will take some more digging—I haven't seen behavior this before.

[GarNelson]

Quote:

Originally Posted by kovidgoyal

In any case, you can always downlaod the tarball yourself and run the installer manually see the instructions on the download page for reverting to a earlier calibre release.

Actually, this helped me a lot. I've been struggling for a month with the download scripts and getting nowhere. Doing a manual download, the install only took a couple of minutes and it's done and mostly working.

/opt/calibre is not on my current path. Do you have a recommended method to launch it? (other than typing /opt/calibre/calibre)

I'm using Ubuntu 14.10. I thought about a symbolic link in /usr/bin but thought I'd ask first.

TIA

[kovidgoyal]

A symlink is fine, though if you run sudo /opt/calibre/calibre_postinstall it will do all that for you automatically.

[GarNelson]

Quote:

Originally Posted by kovidgoyal

A symlink is fine, though if you run sudo /opt/calibre/calibre_postinstall it will do all that for you automatically.

Much better. Thank you.

[stvs]

Fixed it. Behind a firewall, you must use 'sudo -E' to preserve the http_proxy and https_proxy environment variables, like this:

Quote:

sudo -E -v && wget -nv -O- https://raw.githubusercontent.com/ko...x-installer.py | sudo -E python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()"