What's new

amtm AC87U - "All download attempts failed"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ah, that appears to be the problem...amtm is hardcoded to the system version of curl
Code:
c_url(){ /usr/sbin/curl -fsNL --connect-timeout 10 --retry 3 --max-time 12 "$@";}

@thelonelycoder : can this be updated to use the entware version if it's available?
 
Last edited:
@Ticki276 When services-start runs the environment variables are set differently because it's not an interactive session. One of the differences is that $HOME is set to '/' instead of '/root'. So you'll need to hard-code the .curlrc filename to be /root/.curlrc or simply use the -k option on curl, e.g. curl -k https://diversion.ch/amtm_fw/amtm_rev.
This didn't work for me. Reboot and test. Can't connect to diversion.ch. I have to manually add
echo insecure >> $HOME/.curlrc
after reboot for it to work. How can I set this up so it persists on reboots?

My /jffs/scripts/services-start
#!/bin/sh
echo insecure > /root/.curlrc
 
Last edited:
This didn't work for me. Reboot and test. Can't connect to diversion.ch. I have to manually add
echo insecure >> $HOME/.curlrc
after reboot for it to work. How can I set this up so it persists on reboots?

My /jffs/scripts/services-start
#!/bin/sh
echo insecure > /root/.curlrc
If you're saying that the insecure line isn't being added to /root/.curlrc that would suggest that your services-start script isn't running.

Check that Enable JFFS custom scripts and configs (Administration - System) is set to Yes. Then run the following commands from SSH:
Code:
dos2unix /jffs/scripts/services-start
chmod 755 /jffs/scripts/services-start
 
For those that want to fix this in a more secure way, here is how I did it for my AC3200.

1. Update your CA certificates
Code:
wget --no-check-certificate https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/rom/certs/ca-bundle.crt -O /jffs/ca-bundle.crt
mount -o bind /jffs/ca-bundle.crt  /etc/ssl/certs/ca-certificates.crt

2. Add the above lines to /jffs/scripts/services-start to have your certs up to date when the router boots

3. Install an updated curl using entware
Code:
opkg install curl

4. Modify amtm to use the entware version of curl.
Code:
nano /jffs/addons/amtm/amtm_rev4.mod
change /usr/sbin/curl to /opt/bin/curl
It should now be
Code:
#!/bin/sh
#bof
c_url(){ /opt/bin/curl -fsNL --connect-timeout 10 --retry 3 --max-time 12 "$@";}
#eof
save.

5. start amtm and you should now be able to update or install scripts!
 
For those that want to fix this in a more secure way, here is how I did it for my AC3200.

1. Update your CA certificates
Code:
wget --no-check-certificate https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/rom/certs/ca-bundle.crt -O /jffs/ca-bundle.crt
mount -o bind /jffs/ca-bundle.crt  /etc/ssl/certs/ca-certificates.crt

2. Add the above lines to /jffs/scripts/services-start to have your certs up to date when the router boots

3. Install an updated curl using entware
Code:
opkg install curl

4. Modify amtm to use the entware version of curl.
Code:
nano /jffs/addons/amtm/amtm_rev4.mod
change /usr/sbin/curl to /opt/bin/curl
It should now be
Code:
#!/bin/sh
#bof
c_url(){ /opt/bin/curl -fsNL --connect-timeout 10 --retry 3 --max-time 12 "$@";}
#eof
save.

5. start amtm and you should now be able to update or install scripts!
How are you getting amtm to load the rev4 file? Seems that step is missing.
 
the rev4 file was already in /jffs/addons/amtm for me.

if that file isn't there, it will not work. There could be other amtm_rev files in there depending on the version of amtm, so adding or modifying the c_url() function to whatever rev file is the latest in that folder should also theoretically work.
 
For those that want to fix this in a more secure way, here is how I did it for my AC3200.

1. Update your CA certificates
Code:
wget --no-check-certificate https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/rom/certs/ca-bundle.crt -O /jffs/ca-bundle.crt
mount -o bind /jffs/ca-bundle.crt  /etc/ssl/certs/ca-certificates.crt

2. Add the above lines to /jffs/scripts/services-start to have your certs up to date when the router boots

3. Install an updated curl using entware
Code:
opkg install curl

4. Modify amtm to use the entware version of curl.
Code:
nano /jffs/addons/amtm/amtm_rev4.mod
change /usr/sbin/curl to /opt/bin/curl
It should now be
Code:
#!/bin/sh
#bof
c_url(){ /opt/bin/curl -fsNL --connect-timeout 10 --retry 3 --max-time 12 "$@";}
#eof
save.

5. start amtm and you should now be able to update or install scripts!
I like this idea. I did exactly as you outlined. Rebooted the router and run amtm. Select u to update and get this message:

! amtm: diversion.ch unreachable
Update(s) aborted, could not retrieve version

To fix, I manually run this command: echo insecure >> $HOME/.curlrc
run amtm again, select u and get the ok message: Everything's up to date (Oct 22 2021 10:47)
 
Last edited:
Tried this exactly as you instructed. Still doesn't work.
If you're saying that the insecure line isn't being added to /root/.curlrc that would suggest that your services-start script isn't running.

Check that Enable JFFS custom scripts and configs (Administration - System) is set to Yes. Then run the following commands from SSH:
Code:
dos2unix /jffs/scripts/services-start
chmod 755 /jffs/scripts/services-start
That works great! Thank you!
 
For those that want to fix this in a more secure way, here is how I did it for my AC3200.

1. Update your CA certificates
Code:
wget --no-check-certificate https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/rom/certs/ca-bundle.crt -O /jffs/ca-bundle.crt
mount -o bind /jffs/ca-bundle.crt  /etc/ssl/certs/ca-certificates.crt

2. Add the above lines to /jffs/scripts/services-start to have your certs up to date when the router boots

3. Install an updated curl using entware
Code:
opkg install curl

4. Modify amtm to use the entware version of curl.
Code:
nano /jffs/addons/amtm/amtm_rev4.mod
change /usr/sbin/curl to /opt/bin/curl
It should now be
Code:
#!/bin/sh
#bof
c_url(){ /opt/bin/curl -fsNL --connect-timeout 10 --retry 3 --max-time 12 "$@";}
#eof
save.

5. start amtm and you should now be able to update or install scripts!
I tried these steps.
I used WinSCP to get into the router, then went to the /jffs/scripts folder. Weirdly enough there was no services-start.sh. So I created a script and used this as the contents:
Code:
#!/bin/sh

wget --no-check-certificate https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/rom/certs/ca-bundle.crt -O /jffs/ca-bundle.crt
mount -o bind /jffs/ca-bundle.crt  /etc/ssl/certs/ca-certificates.crt

I named the script services-start.sh and rebooted the router. I still get the error:
Code:
Getting from fwupdate.asuswrt-merlin.net
! Module diversion.mod download failed
! using fallback server diversion.ch
! Module diversion.mod download failed

When trying to install Diversion. If I try to use opkg in the root (opkg not found) or in amtm (input is not an option) I get an error and it won't run. Something is going wrong but I cannot figure out what. I am using a RT-AC87U running the latest Merlin 384.13-10.
 
It's services-start not services-start.sh
Oops forgot to mention I noticed that and removed the extension after putting it in the folder. The reboot was after that. Maybe my services-start didn't trigger? But then again, running the code manually doesn't work either. The "insecure" option does work but is less preferred.

EDIT: I seem to have figure it out. How I did it:
1. Use
Code:
echo insecure >> $HOME/.curlrc
manually in PuTTy.
2. Install Diversion and amtm with it
3. Create services-start within /jffs/scripts using WinSCP.
4. Add the lines
Code:
#!/bin/sh

wget --no-check-certificate https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/rom/certs/ca-bundle.crt -O /jffs/ca-bundle.crt
mount -o bind /jffs/ca-bundle.crt  /etc/ssl/certs/ca-certificates.crt

To this script.
5. Reboot router.
6. Follow the guide in post 24 from step 3 forwards.
 
Last edited:
I have tried following post 24 but the language is foreign to me.

What is "Install an updated curl using entware" and how do I do that?

Have I done steps 1 and 2 right judging by the picture below? The following script was added to the services-start file
1.JPG
 
Since I consider myself a coder, I scripted these copy and paste instructions in this thread as an automated procedure.

What does ca_cert_check.sh do
- Checks if the script needs to run on your router. Only run it on routers with outdated firmware where you get the dreaded "All download attempts failed, exiting amtm now.".
- Sets curl download to insecure mode temporarily.
- Checks for and downloads when missing /jffs/ca-bundle.crt
(downloaded from https://raw.githubusercontent.com/R...er/release/src/router/rom/certs/ca-bundle.crt).
- Checks for /jffs/scripts/services-start and enters when missing the entry 'mount -o bind /jffs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt # Added by amtm'
- Checks if Entware is installed and if so installs package curl when missing.
- If Entware is not installed it will prompt you to open amtm and install it with ep.
- The full script command posted below must be run again after installing Entware to finish up the check.
- The script does not need to be run again if at the end it says "OK, all done here, Goodbye."
- The script removes the temporary curl insecure mode.
- The script removes itself from the router after each run.
- Running this script repeatedly with the same outcome does not harm your router.

Your router should again be able to run amtm without errors, even after a reboot.

What does ca_cert_check.sh not do
- It does not remove your hand pasted commands into files from this thread - you have to do that yourself first.

Copy and paste the full ca_cert_check.sh line into your routers SSH terminal an press Enter
Code:
curl -Os https://diversion.ch/scripts/ca_cert_check.sh && sh ca_cert_check.sh
If nothing happens after the above step, you will need to initially set your router to download in insecure mode from my website.
Paste this into the SSH terminal and press Enter
Code:
echo insecure >> $HOME/.curlrc
After this, copy and paste the ca_cert_check.sh line again. It should run now. The insecure mode will be disabled when completing the ca_cert_check.sh checks.
 
Last edited:
1) Reverted all the previous changes that were suggested in this thread.
2) Reboot Router
3) Ran from SSH (I had to run this code first or else nothing would work)
Code:
echo insecure >> $HOME/.curlrc
Then
Code:
curl -Os https://diversion.ch/scripts/ca_cert_check.sh && sh ca_cert_check.sh

Everything now works
Thank you
 

Attachments

  • Capture.JPG
    Capture.JPG
    69.5 KB · Views: 214
  • Capture2.JPG
    Capture2.JPG
    55.6 KB · Views: 195
  • Capture3.JPG
    Capture3.JPG
    66.3 KB · Views: 174
  • Capture4.JPG
    Capture4.JPG
    39.3 KB · Views: 167
  • Capture5.JPG
    Capture5.JPG
    100.7 KB · Views: 195
Last edited:
Since I consider myself a coder, I scripted these copy and paste instructions in this thread as an automated procedure.

What does ca_cert_check.sh do
- Checks if the script needs to run on your router. Only run it on routers with outdated firmware where you get the dreaded "All download attempts failed, exiting amtm now.".
- Sets curl download to insecure mode temporarily.
- Checks for and downloads when missing /jffs/ca-bundle.crt
(downloaded from https://raw.githubusercontent.com/R...er/release/src/router/rom/certs/ca-bundle.crt).
- Checks for /jffs/scripts/services-start and enters when missing the entry 'mount -o bind /jffs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt # Added by amtm'
- Checks if Entware is installed and if so installs package curl when missing.
- If Entware is not installed it will prompt you to open amtm and install it with ep.
- The full script command posted below must be run again after installing Entware to finish up the check.
- The script does not need to be run again if at the end it says "OK, all done here, Goodbye."
- The script removes the temporary curl insecure mode.
- The script removes itself from the router after each run.
- Running this script repeatedly with the same outcome does not harm your router.

Your router should again be able to run amtm without errors, even after a reboot.

What does ca_cert_check.sh not do
- It does not remove your hand pasted commands into files from this thread - you have to do that yourself first.

Copy and paste the full ca_cert_check.sh line into your routers SSH terminal an press Enter
Code:
curl -Os https://diversion.ch/scripts/ca_cert_check.sh && sh ca_cert_check.sh
If nothing happens after the above step, you will need to initially set your router to download in insecure mode from my website.
Paste this into the SSH terminal and press Enter
Code:
echo insecure >> $HOME/.curlrc
After this, copy and paste the ca_cert_check.sh line again. It should run now. The insecure mode will be disabled when completing the ca_cert_check.sh checks.

Hi, I had a clean install of merlin 384.19 on my RT-AC66U_B1, this script did worked first time, but after I log back in amtm still gives error messages when installing a module or doing an update.
Did follow your instructions, the script did say "all done here" after first run. Running it again didn't help.
 

Attachments

  • 1641866680646.png
    1641866680646.png
    17 KB · Views: 137
  • 1641866738031.png
    1641866738031.png
    15.7 KB · Views: 161
Hi, I had a clean install of merlin 384.19 on my RT-AC66U_B1, this script did worked first time, but after I log back in amtm still gives error messages when installing a module or doing an update.
Did follow your instructions, the script did say "all done here" after first run. Running it again didn't help.
I see where it goes wrong with your firmware version, it cannot use the newly installed Entware curl binary.

To correct this I have made some changes to the amtm firmware version and ca_cert_check.sh file.

Run this first in the terminal to again set curl download to insecure:
Code:
echo insecure >> $HOME/.curlrc
Then open amtm and force update it by entering uu.
Then exit amtm and run the ca_cert_check.sh line again in the terminal to make sure all is set correctly now.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top