# Blacklisting a portage mirror

## NP_complete

My Gentoo box syncs against a seemingly stale mirror: for the first time ever, there haven't been updates for almost a week. During emerge --sync, I get: 

```
MOTD autogenerated by update-rsync-motd on Mon Dec 19 00:41:37 UTC 2016
```

 So, I want this mirror blacklisted and therefore installed mirrorselect and ran 

```
mirrorselect -s3 -b10 -D
```

 I got 

```
* Downloading mirrorselect-test files from each mirror... [103 of 155]

deeptime(): md5sum error for file: mirrorselect-test

         expected: bdf077b2e683c506bf9e8f2494eeb044

         got.....: d813cc34165f7154de3da988bd2ce7dc

         host....: gentoo.iteam.net.ua, 62.138.238.45

* Downloading mirrorselect-test files from each mirror... [115 of 155]Traceback (most recent call last):

  File "/usr/lib/python-exec/python3.4/mirrorselect", line 61, in <module>

    MirrorSelect().main(sys.argv)

  File "/usr/lib64/python3.4/site-packages/mirrorselect/main.py", line 376, in main

    urls = self.select_urls(hosts, options)

  File "/usr/lib64/python3.4/site-packages/mirrorselect/main.py", line 325, in select_urls

    selector = Deep(hosts, options, self.output)

  File "/usr/lib64/python3.4/site-packages/mirrorselect/selectors.py", line 226, in __init__

    self.deeptest()

  File "/usr/lib64/python3.4/site-packages/mirrorselect/selectors.py", line 253, in deeptest

    mytime, ignore = self.deeptime(host, maxtime)

  File "/usr/lib64/python3.4/site-packages/mirrorselect/selectors.py", line 338, in deeptime

    ip, ips[ips.index(ip):])

  File "/usr/lib64/python3.4/site-packages/mirrorselect/selectors.py", line 421, in _test_connection

    f = url_open(test_url)

  File "/usr/lib64/python3.4/urllib/request.py", line 161, in urlopen

    return opener.open(url, data, timeout)

  File "/usr/lib64/python3.4/urllib/request.py", line 464, in open

    response = self._open(req, data)

  File "/usr/lib64/python3.4/urllib/request.py", line 482, in _open

    '_open', req)

  File "/usr/lib64/python3.4/urllib/request.py", line 442, in _call_chain

    result = func(*args)

  File "/usr/lib64/python3.4/urllib/request.py", line 1226, in https_open

    context=self._context, check_hostname=self._check_hostname)

  File "/usr/lib64/python3.4/urllib/request.py", line 1183, in do_open

    h.request(req.get_method(), req.selector, req.data, headers)

  File "/usr/lib64/python3.4/http/client.py", line 1137, in request

    self._send_request(method, url, body, headers)

  File "/usr/lib64/python3.4/http/client.py", line 1182, in _send_request

    self.endheaders(body)

  File "/usr/lib64/python3.4/http/client.py", line 1133, in endheaders

    self._send_output(message_body)

  File "/usr/lib64/python3.4/http/client.py", line 963, in _send_output

    self.send(msg)

  File "/usr/lib64/python3.4/http/client.py", line 898, in send

    self.connect()

  File "/usr/lib64/python3.4/http/client.py", line 1287, in connect

    server_hostname=server_hostname)

  File "/usr/lib64/python3.4/ssl.py", line 362, in wrap_socket

    _context=self)

  File "/usr/lib64/python3.4/ssl.py", line 580, in __init__

    self.do_handshake()

  File "/usr/lib64/python3.4/ssl.py", line 815, in do_handshake

    match_hostname(self.getpeercert(), self.server_hostname)

  File "/usr/lib64/python3.4/ssl.py", line 286, in match_hostname

    % (hostname, dnsnames[0]))

ssl.CertificateError: hostname '2a02:8300:8000:3::49' doesn't match 'mirror.dkm.cz'
```

  Tried 

```
emerge =app-portage/mirrorselect-9999
```

 Same problem. Tried --ipv4 on mirrorselect. Basically, the same problem: 

```
ssl.CertificateError: hostname '86.49.49.49' doesn't match 'mirror.dkm.cz'
```

 Any thoughts?

Many thanks.

[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu]

----------

## fedeliallalinea

See this bug

----------

## NP_complete

Thank you, fedeliallalinea.  However, the bug I ran into looks different: the error (see above) is different, AND the purported fix (through additing --t20) didn't fix it for me (same error).

Any other thoughts, folks, on how to get around this mirrorselect bug?  Python 3.4 seems to have problems with SSL certificates.

Many thanks.

----------

## Helena

I ran into this same error today, albeit for a different reason: I just wanted to update my mirror list. I am also interested in a solution.

----------

## pudlez

I also encountered this error today. While I would prefer all testing against all of the mirrors, I got around this by limiting to North America with

mirrorselect -R 'North America' -s3 -b10 -D

You can also limit it to a country (-c) but figured the region (-R) would give better results... If you want to try different regions/countries, please refer to the list from https://www.gentoo.org/downloads/mirrors/

----------

## Helena

 *pudlez wrote:*   

> I also encountered this error today. While I would prefer all testing against all of the mirrors, I got around this by limiting to North America with
> 
> mirrorselect -R 'North America' -s3 -b10 -D
> 
> You can also limit it to a country (-c) but figured the region (-R) would give better results... If you want to try different regions/countries, please refer to the list from https://www.gentoo.org/downloads/mirrors/

 I know. In my case I had already tried to limit the search to region Europe but since the offending mirror is in that region it did not help. And the number of mirrors in one country alone can be quite small.

----------

## pudlez

I was going to submit a bug about it but someone already did. I tried the patch right before going to bed last night and it worked!

https://bugs.gentoo.org/show_bug.cgi?id=604968

----------

