Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

[Errno -1] Error importing repomd.xml for ol5_u8_base: Damaged repomd.xml file

socpresJun 17 2015 — edited Jun 22 2015

Hi,

I have a VM running Oracle Linux Server release 5.8 (/etc/oracle-release), and most actions in yum throw an error, like this output from yum repolist:

Loaded plugins: rhnplugin, security

This system is not registered with ULN.

ULN support will be disabled.

ol5_u8_base | 80 kB 00:00

http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/x86_64/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for ol5_u8_base: Damaged repomd.xml file

Trying other mirror.

repo id repo name status

ol5_u8_base Oracle Linux 5 Update 8 installation media copy (x86_64) 4,639

repolist: 4,639

uname -a shows:

Linux mybox.mydom.com 2.6.32-300.10.1.el5uek #1 SMP Wed Feb 22 17:37:40 EST 2012 x86_64 x86_64 x86_64 GNU/Linux

I can wget/curl the repomd.xml file from the public yum site just fine. Since this server hasn't been touched (yum-wise) in over a year, I also downloaded the public-yum-el5.repo and RPM-GPG-KEY-oracle-el5 files again from Oracle Public Yum Server. I've attempted to enable/disable all repos listed in the repo file (except the spacewalk ones), but each one throws that "Damaged repomd.xml file" error.

I need to install samba, so I thought I'd try that using yum install samba:

Loaded plugins: rhnplugin, security

This system is not registered with ULN.

ULN support will be disabled.

ol5_u8_base | 80 kB 00:00

http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/x86_64/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for ol5_u8_base: Damaged repomd.xml file

Trying other mirror.

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package samba.x86_64 0:3.0.33-3.37.el5 set to be updated

--> Processing Dependency: perl(Convert::ASN1) for package: samba

--> Running transaction check

---> Package perl-Convert-ASN1.noarch 0:0.20-1.1 set to be updated

--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================================

Package Arch Version Repository Size

===========================================================================================================================================================================

Installing:

samba x86_64 3.0.33-3.37.el5 ol5_u8_base 16 M

Installing for dependencies:

perl-Convert-ASN1 noarch 0.20-1.1 ol5_u8_base 42 k

Transaction Summary

===========================================================================================================================================================================

Install 2 Package(s)

Upgrade 0 Package(s)

Total download size: 16 M

Is this ok [y/N]: y

Downloading Packages:

(1/2): perl-Convert-ASN1-0.20-1.1.noarch.rpm | 80 kB 00:00

http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/x86_64/getPackage/perl-Convert-ASN1-0.20-1.1.noarch.rpm: [Errno -1] Package does not match intended download

Trying other mirror.

(2/2): samba-3.0.33-3.37.el5.x86_64.rpm | 80 kB 00:00

http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/x86_64/getPackage/samba-3.0.33-3.37.el5.x86_64.rpm: [Errno -1] Package does not match intended download

Trying other mirror.

Error Downloading Packages:

samba-3.0.33-3.37.el5.x86_64: failure: getPackage/samba-3.0.33-3.37.el5.x86_64.rpm from ol5_u8_base: [Errno 256] No more mirrors to try.

perl-Convert-ASN1-0.20-1.1.noarch: failure: getPackage/perl-Convert-ASN1-0.20-1.1.noarch.rpm from ol5_u8_base: [Errno 256] No more mirrors to try.

Again, I can wget the files from the server exactly as listed in the yum output. I've also tried yum clear all. I thought I had the correct repo enabled, but it doesn't matter what repo(s) I have enabled, I get the same error.

Thoughts?

Thanks!

Rich

This post has been answered by socpres on Jun 22 2015

Jump to Answer

Avi Miller-Oracle

I just double-checked my own test Oracle Linux 5 VM and it's downloading and using the repomd.xml file from public-yum.oracle.com just fine. I tested both the ol5_u8_base and ol5_latest repos. Can you run "yum clean all" and perhaps even delete everything in /var/cache/yum/ and try again?

Note that OL5U8 is vulnerable to ALL of the latest high-profile security issues. You really should upgrade to OL5U11, i.e. ol5_latest, as soon as possible to reduce your security vulnerabilities.

socpres

Hi Avi,

Yeah, I've done the yum clean all (in original message, but I overlooked highlighting it) and I did try to delete everything in /var/cache/yum as well. Given that you can use the repo, it sounds like something's hosed on my server. I also tried looking through an strace yum repolist but nothing's jumping out at me.

I think my next effort will be to attach the OL5.8 DVD to the VM and use that repo to reinstall yum and, well, poke around. Maybe I'll build another VM to grab its yum files or something.

Yeah, that's not too promising, but reinstalling the 36GB of software (EM12c tiers and repository) is going to be weeks worth of effort...

Thanks!

Rich

socpres

As a followup, I created a new VM (this one under VBox 4.3.26) using the OL5.8 64-bit DVD I have. I added access to the public yum as per http://public-yum.oracle.com and disabled most repos, leaving only [ol5_u8_base] enabled. A yum repolist comes back with the same error!

So I dug farther into output from the strace yum repolist from my original OL5.8 box. I'm not an HTTP expert, but it appears that after some interaction with public-yum.oracle.com, yum requests this from "a173-223-204-72.deploy.static.akamaitechnologies.com":

GET /repo/OracleLinux/OL5/8/base/x86_64/repodata/repomd.xml HTTP/1.1\r\nHost: public-yum.oracle.com\r\nAccept-Encoding: identity\r\nUser-agent: urlgrabber/3.1.0 yum/3.2.22\r\n\r\n

The reply is an HTTP 307 "Temporary Redirect" to:

/UserCheck/PortalMain?IID=[long-secure-id-here]&origUrl=[long-encrypted-url-here]

After the HTTP header on the above link, an HTML file containing some JavaScript is returned and saved into a temporary copy of repomd.xml. A google search on some phrases in the JavaScript (e.g. "The page has a logo defined in the GUI - load it." and "UserCheck.tools.handleErrorReportResponse") each returns exactly one match:

https://malwr.com/analysis/ZjYzN2M5ODA1Nzc4NDViNTg1NmYxMGI4YjZjMGVjOTc/

That seems a little ominous, although since the request is coming from Linux, if the above link is a valid analysis, it doesn't seem to me to be a security risk. In any case, the XML is not returned, which seems to validate the error that yum is throwing. After the error is thrown, the temporary file is unlinked (deleted).

It seems to me like there's a validation issue with my public yum request on Oracle's side. Could it be because my box is not on ULN?

Anyone?

Rich

Avi Miller-Oracle

I'm looking into this, but you absolutely should not be redirected by Akamai to anything. Certainly when I request the file via wget, I'm not being redirected:

$ wget http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/x86_64/repodata/repomd.xml
--2015-06-20 07:59:18--  http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/x86_64/repodata/repomd.xml
Resolving public-yum.oracle.com... 150.101.161.19, 150.101.161.9
Connecting to public-yum.oracle.com|150.101.161.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1429 (1.4K) [application/xml]
Saving to: `repomd.xml'
100%[===========================================================================================================================================>] 1,429       --.-K/s   in 0s

Anything else is suspect and I would absolutely check your local environment to make sure you're not a victim of DNS poisoning or similar to redirect traffic to authoritative sources.

Note that you do not need to be registered to ULN to use public-yum.oracle.com. The whole point is that it is available at no cost to anyone who wants to use Oracle Linux, not just Oracle customers.

1 person found this helpful

Avi Miller-Oracle

Can you please email the strace output to my firstname dot lastname at oracle dot com so we can take a look and see if we can reproduce the issue?

Dude!

Are you using any web protect anti virus software? Are you using a web proxy?

1 person found this helpful

socpres

Answer

I've got it. After expanding the strace output to dump strings up to 16K in length (default string dump size is 32 bytes), I spied our firewall software name in the Javascript of the HTML that was being returned. I just talked with our Network guy, who was able to see that the firewall company had at some point redefined "yum" network requests as being in the "high bandwidth" category, and therefore denied. This explains why wget worked, but not yum. Once that was opened up, I'm back in business!

Odd that yum itself (instead of individual websites) would fall under that category by default, but it's all good now.

Thanks!

Rich

Marked as Answer by socpres · Sep 27 2020

1 - 7

Locked Post

New comments cannot be posted to this locked post.

Locked on Jul 20 2015

Added on Jun 17 2015

#linux, #oracle-linux

7 comments

2,958 views

Infrastructure Software

[Errno -1] Error importing repomd.xml for ol5_u8_base: Damaged repomd.xml file

Comments

Post Details