Upgrading from behind restrictive firewall

I have several systems that I’m upgrading to F35 that are behind firewalls that do not permit access to http:// sites (only https).

This causes a problem with upgrading openh264 packages. The upgrade fails because the Cisco site only provides http:// URLs for the packages.
I’ve worked around this by downloading the three RPMs elsewhere, copying them to the problem system, and installing them before the Fedora upgrade process.
This is a pain and also means that updates to these packages will not work.
Is there a better alternative for repos or mirrors that use http ?

2 Likes

Tree - rpms/fedora-repos - src.fedoraproject.org
Isn’t it supposed to use HTTPS?

The metalink should redirect to https://codecs.fedoraproject.org/.

1 Like

When you get the final URLs for the package from the mirrors they are all http for the fedora-cisco-openh264 repo.

2 Likes

Options:

  • Solve the issue with your network administrator by creating a permissive firewall exception.
  • Bypass the firewall restriction using a VPN or some overlay network such as Tor.

For example, you can use vpngate.net for free over 443/TCP:

sudo dnf --disablerepo fedora-cisco-openh264 upgrade; \
sudo nmcli connection up vpngate; \
sudo dnf upgrade; \
sudo nmcli connection down vpngate
2 Likes