answered
2015-01-23 18:31:53 +0300
Ok, found a solution, however this is more than a hack, but works in my case.
Things to do:
#1. Modify repositories to use HTTP connection instead of HTTPS
Execute the following commands as [root]#:
ssu ar jolla http://dvvwui2qyedk6.cloudfront.net/releases/1.1.1.26/jolla/i486/
ssu ar mer-tools http://dvvwui2qyedk6.cloudfront.net/releases/1.1.1.26/mer-tools/builds/i486/packages/
ssu dr adaptation0
ssu dr adaptation1
ssu dr hotfixes
ssu dr sdk
Now only the jolla and mer-tools repositories are enabled via HTTP. The URI of http://release.jolla.com will be redirected to cloudfront with HTTPS. So this is why changing the repository URL from https to http for http://release.jolla.com/... doesnt work and the cryptic cloudfront url has to be used.
#2. Setup iptables forwarding
Since PackageKit used libzyp as a backend and libzyp uses libcurl to fetch packages, proxy env settings are not honored like curl does. Nor is .curlrc honored. So what I have done next is to create a small IP tables entry to forward all HTTP-connections to my corporate firewall.
#!/bin/bash
# IP address and port number of the webcache
WEBCACHE=<my corporate proxy>:<port>
# Flush any previous rules
iptables -t nat --flush
# Delete and recreate the chain
iptables -t nat -X HTTPFORCE
iptables -t nat -N HTTPFORCE
# Don't touch local traffic (localhost and internal network)
iptables -t nat -A HTTPFORCE -o lo -j RETURN
iptables -t nat -A HTTPFORCE --dst 127.0.0.1/8 -j RETURN
iptables -t nat -A HTTPFORCE --dst 10.0.0.0/8 -j RETURN
# Add any other local networks here.
# Now we have two options. Please uncomment out one of them
# 1) Redirect packets on port 80 to the webcache
# This may not work unless the webcache is generous with its input
iptables -t nat -A HTTPFORCE -p tcp --dport 80 -j DNAT --to $WEBCACHE
# 2) Redirect packets on port 80 to localhost port 1234
# On port 1234 you need to run a local web proxy, which forwards
# requests to the real webcache
#iptables -t nat -A HTTPFORCE -p tcp --dport 443 -j REDIRECT --to-port 3128
# Capture all outgoing TCP syns
iptables -t nat -A OUTPUT -p tcp --syn -j HTTPFORCE
Now you can do pkcon refresh and pkcon install zypper etc. for your pleasure behind a corporate firewall!
Exporting proxy settings does not work with pkcon because pkcon is just a command line utility to send dbus messages to the packagekitd daemon process, which is the one that is actually talking to the network.
kaltsi ( 2014-08-19 13:25:59 +0300 )editSOS-emulator? I guess you mean SFOS or SailfishOS SDK emulator, right?
foss4ever ( 2015-01-25 03:12:27 +0300 )edit