本地FTP YUM源报错处理

报错处理"/>

本地FTP YUM源报错处理

一、问题描述

某次OS升级到Anolis 8.6后，但是还需要centos 6.5的yum源，恢复回去后，yum更新，报如下错误：
Errors during downloading metadata for repository ‘base’:

• Curl error (8): Weird server reply for ftp://10.172.1.206/centos6.5/media/repodata/repomd.xml [Got a 500 ftp-server response when 220 was expected]
  错误：为仓库 ‘base’ 下载元数据失败 : Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

资源：CURL-FAQ

二、报错处理

2.1、根据报错，执行：

curl -vvv ftp://10.172.1.206/centos6.5/media/repodata/repomd.xml 
*   Trying 10.172.1.206...
* TCP_NODELAY set
* Connected to 10.172.1.206 (10.172.1.206) port 21 (#0)
< 500 OOPS: tcp_wrappers is set to YES but no tcp wrapper support compiled in
* Got a 500 ftp-server response when 220 was expected
* Closing connection 0
curl: (8) Got a 500 ftp-server response when 220 was expected

FTP server配置文件回顾：其中，tcp_wrappers用于访问控制，如上显示yum安装的默认未启用该功能支持，因此，我们只需要禁用即可。除非你必须使用，可从新编译，增加：

说明：TCP_Wrappers实际是Linux OS中的一个安全机制，可叫它为TCP_Wrappers防火墙，是一个工作在第四层（传输层）的安全工具，它有一个TCP的守护进程叫作tcpd，可以对有状态连接的特定服务进行安全检测并实现访问控制，凡是包含有libwrap.so库文件的程序就可以受TCP_Wrappers的安全控制。它的主要功能就是控制谁可以访问，常见的程序有rpcbind、vsftpd、sshd，telnet。优点 ：配置改变，立即生效；缺点：缺只能针对服务程序和主机地址进行访问控制策略的设置，而不能指定网络解析和其他属性进行设置。

对于基于UDP连接的访问控制，可以通过使用内置或第三方的防火墙来实现。比如：每当有ssh的连接请求时，tcpd即会截获请求，先读取系统管理员所设置的访问控制文件，符合要求，则会把这次连接原封不动的转给真正的ssh进程，由ssh完成后续工作；如果这次连接发起的ip不符合访问控制文件中的设置，则会中断连接请求，拒绝提供ssh服务。

它的控制文件就是用OS的：/etc/hosts.allow 定义允许的访问，/etc/hosts.deny 定义拒绝的访问，另外deny文件里的过滤规则说明：

LOCAL 主机中不含.的主机(通常是指自己)
KNOWN 所有在DNS中可以解析到的主机
UNKNOWN 所有在DNS不可以解析到的主机
PARANOID 所有在DNS中正向解析与反向解析不匹配的主机
ALL 代表匹配所有(这个主机和服务都可以定义)
EXCEPT 反向选择

2.2、重新编译支持制定功能

FTP编译是没有configure，可编辑构建文件启用相关功能：vi /usr/local/src/vsftp-d.2.3.4/builddefs.h

默认值如下：支持则将对应项设为define，否则设为undef，建议全部define

#undef VSF_BUILD_TCPWRAPPERS #是否支持TCP WRAPPERS*/
#define VSF_BUILD_PAM #是否支持自定义虚拟用户登录*/
#undef VSF_BUILD_SSL #是否支持SSL传输*/

2.3、报错：不支持media协议， Unsupported protocol for media

Errors during downloading metadata for repository 'base':- Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz [Protocol "media" not supported or disabled in libcurl]- Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/495d3964f864fbab835ea1afb8a5272352cd12ded13d607205109fefaddd0ab6-primary.xml.gz [Protocol "media" not supported or`strace -f ` disabled in libcurl]- Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz [Protocol "media" not supported or disabled in libcurl]
错误：为仓库 'base' 下载元数据失败 : Yum repo downloading error: Downloading error(s): repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz - Download failed: Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz [Protocol "media" not supported or disabled in libcurl]; repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz - Download failed: Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz [Protocol "media" not supported or disabled in libcurl]; repodata/495d3964f864fbab835ea1afb8a5272352cd12ded1

调试

curl -vvv ftp://10.172.1.206/centos6.5/media/repodata/repomd.xml 
*   Trying 10.172.1.206...
* TCP_NODELAY set
* Connected to 10.172.1.206 (10.172.1.206) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> USER anonymous
< 331 Please specify the password.
> PASS ftp@example
< 230 Login successful.
> PWD
< 257 "/" is the current directory
* Entry path is '/'
> CWD centos6.5
* ftp_perform ends with SECONDARY: 0
< 250 Directory successfully changed.
> CWD media
< 250 Directory successfully changed.
> CWD repodata
< 250 Directory successfully changed.
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||60100|)
*   Trying 10.172.1.206...
* TCP_NODELAY set
* Connecting to 10.172.1.206 (10.172.1.206) port 60100
* Connected to 10.172.1.206 (10.172.1.206) port 21 (#0)
> TYPE I
< 200 Switching to Binary mode.
> SIZE repomd.xml
< 213 4062
> RETR repomd.xml
< 150 Opening BINARY mode data connection for repomd.xml (4062 bytes).
* Maxdownload = -1
* Getting file with size: 4062
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="" xmlns:rpm=""><revision>1385726898</revision>
<data type="group"><checksum type="sha256">b4e0b9342ef85d3059ff095fa7f140f654c2cb492837de689a58c581207d9632</checksum><location xml:base="media://1385726732.061157#1" href="repodata/b4e0b9342ef85d3059ff095fa7f140f654c2cb492837de689a58c581207d9632-c6-x86_64-comps.xml"/><timestamp>1385726992.63</timestamp><size>1220797</size>
</data>
<data type="filelists"><checksum type="sha256">6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d</checksum><open-checksum type="sha256">94e6b785bf5990ce8d806b2b3f369104ec05b135e5a4b052cd5374e170588f3b</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz"/><timestamp>1385726972</timestamp><size>5475008</size><open-size>71286426</open-size>
</data>
<data type="group_gz"><checksum type="sha256">ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66</checksum><open-checksum type="sha256">b4e0b9342ef85d3059ff095fa7f140f654c2cb492837de689a58c581207d9632</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz"/><timestamp>1385726992.61</timestamp><size>225591</size>
</data>
<data type="primary"><checksum type="sha256">495d3964f864fbab835ea1afb8a5272352cd12ded13d607205109fefaddd0ab6</checksum><open-checksum type="sha256">e8032322f7f5f06bd3485583420d81c54b5d3782b17b60cb054f4ee2b53206a8</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/495d3964f864fbab835ea1afb8a5272352cd12ded13d607205109fefaddd0ab6-primary.xml.gz"/><timestamp>1385726972</timestamp><size>2625479</size><open-size>17198556</open-size>
</data>
<data type="primary_db"><checksum type="sha256">0dafccfdbf892f02acca8267ade4bdcee7280a682e65dc7e29145f3341fd7a8c</checksum><open-checksum type="sha256">4b2eb9c43c432dde3528fe5bd88fc9ba4f01ef5eb5e0ca2ea8f7665eefd6dd86</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/0dafccfdbf892f02acca8267ade4bdcee7280a682e65dc7e29145f3341fd7a8c-primary.sqlite.bz2"/><timestamp>1385726992.5</timestamp><database_version>10</database_version><size>4595171</size><open-size>20478976</open-size>
</data>
<data type="other_db"><checksum type="sha256">fdd542ef36b0cde54ee0521fae90b98911db06483163aa1c049995b6d109349b</checksum><open-checksum type="sha256">969cff0b4ced02852da2df6b6b7ba964561e37c3f817f7b98266216097ae22b5</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/fdd542ef36b0cde54ee0521fae90b98911db06483163aa1c049995b6d109349b-other.sqlite.bz2"/><timestamp>1385726976.09</timestamp><database_version>10</database_version><size>2835495</size><open-size>12257280</open-size>
</data>
<data type="other"><checksum type="sha256">5af8199bd0ffb441c34ef946582d0d06c1ad770755e631690771e0bceb0ad222</checksum><open-checksum type="sha256">661feb7628bd6d3d73b37bdc7371c7fd4ad6b056c296932d6d36fa7bd1a859cf</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/5af8199bd0ffb441c34ef946582d0d06c1ad770755e631690771e0bceb0ad222-other.xml.gz"/><timestamp>1385726972</timestamp><size>3148903</size><open-size>12981292</open-size>
</data>
<data type="filelists_db"><checksum type="sha256">594d4bb4a79ed01d66635adbcf76c45ca4a85b30fc3e3c3c28316e64f0a83f21</checksum><open-checksum type="sha256">74459fc0aaf65a4603c3b47dbcbc241d2cabbd2a382271f8273c830806152074</open-checksum><location xml:base="media://1385726732.061157#1" href="repodata/594d4bb4a79ed01d66635adbcf76c45ca4a85b30fc3e3c3c28316e64f0a83f21-filelists.sqlite.bz2"/><timestamp>1385726986.64</timestamp><database_version>10</database_version><size>6121534</size><open-size>33275904</open-size>
</data>
</repomd>
* Remembering we are in dir "centos6.5/media/repodata/"
< 226 Transfer complete.
* Connection #0 to host 10.172.1.206 left intact#跟踪调试
strace -f yum makecache|grep -iE '(curl|ssl)'

三、附录

1）FTP启动脚本

#!/bin/bash
#
# vsftpd      This shell script takes care of starting and stopping
#             standalone vsftpd.
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program
#              that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd/vsftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/local/sbin/vsftpd ] || exit 0
RETVAL=0
prog="vsftpd"
start() {# Start daemons.if [ -d /etc/vsftpd ] ; thenfor i in `ls /etc/vsftpd/*.conf`; dosite=`basename $i .conf`echo -n $"Starting $prog for $site: "/usr/local/sbin/vsftpd $i &RETVAL=$?[ $RETVAL -eq 0 ] && {touch /var/lock/subsys/$progsuccess $"$prog $site"}echodoneelseRETVAL=1fireturn $RETVAL
}
stop() {# Stop daemons.echo -n $"Shutting down $prog: "killproc $progRETVAL=$?echo[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$progreturn $RETVAL
}
# See how we were called.
case "$1" instart)start;;stop)stop;;restart|reload)stopstartRETVAL=$?;;condrestart)if [ -f /var/lock/subsys/$prog ]; thenstopstartRETVAL=$?fi;;status)status $progRETVAL=$?;;*)echo $"Usage: $0 {start|stop|restart|condrestart|status}"exit 1
esac
exit $RETVAL