Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1404194
Summary: | fedpkg new-sources complains about 302 to https://src.fedoraproject.org/repo/pkgs/upload.cgi | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Pazdziora <jpazdziora> |
Component: | fedpkg | Assignee: | cqi |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 24 | CC: | anto.trande, bochecha, cqi, dennis, jpazdziora, kvolny, lsedlar, mschorm, pahan, pbabinca, s, zsvetlik |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-03-02 12:07:18 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Pazdziora
2016-12-13 10:02:35 UTC
Please try with fedpkg-1.26-3 and pyrpkg-1.47-5 from updates-testing. This is related to using well known SSL certificate: https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016 Thanks, that changed the response to Could not execute new_sources: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> which I assume is a good thing. Same problem on fedora 25. Version-Release number of selected component (if applicable): fedpkg-1.25-1.fc25.noarch That is on it's way to be a good thing. It means you most likely don't have a kerberos ticket. It can be obtained by kinit <your_fas_login>@FEDORAPROJECT.ORG Also, to be sure building works correctly, make sure you have koji-1.11.0-1 installed and /etc/koji.conf is up-to-date. (In reply to Lubomír Sedlář from comment #1) > Please try with fedpkg-1.26-3 and pyrpkg-1.47-5 from updates-testing. I encountered the same issue. I confirm, that I updated those 2 packages and it works fine now. (In reply to Lubomír Sedlář from comment #4) > That is on it's way to be a good thing. It means you most likely don't have > a kerberos ticket. It can be obtained by > kinit <your_fas_login>@FEDORAPROJECT.ORG hmmmmm .... $ kinit kvolny Password for kvolny: Password expired. You must change it now. Enter new password: Enter it again: kinit: Cannot find KDC for realm "FEDORAPROJECT.ORG" while getting initial credentials > Also, to be sure building works correctly, make sure you have koji-1.11.0-1 $ rpm -q koji koji-1.11.0-1.fc25.noarch > installed and /etc/koji.conf is up-to-date. which means ...? $ stat -c %y /etc/koji.conf 2016-12-09 15:55:40.000000000 +0100 ... raising priority/severity, hope someone can resolve this quickly, it blocks me from fixing security vulnerability (arbitrary code execution) :-( Make sure you have $ rpm -qf /etc/krb5.conf.d/fedoraproject_org fedora-packager-0.6.0.0-1.fc25.noarch Also, check that your /etc/krb5.conf has includedir /etc/krb5.conf.d/ in it. If you've tweaked /etc/krb5.conf, the stock might be in /etc/krb5.conf.rpmnew. (In reply to Jan Pazdziora from comment #7) > Make sure you have thanks, but: > $ rpm -qf /etc/krb5.conf.d/fedoraproject_org > fedora-packager-0.6.0.0-1.fc25.noarch $ rpm -qf /etc/krb5.conf.d/fedoraproject_org fedora-packager-0.6.0.0-1.fc25.noarch > Also, check that your /etc/krb5.conf has > > includedir /etc/krb5.conf.d/ > > in it. If you've tweaked /etc/krb5.conf, the stock might be in > /etc/krb5.conf.rpmnew. $ grep includedir /etc/krb5.conf includedir /etc/krb5.conf.d/ ... other suggestions? You could try going through Kerberos information from Fedora Infrastructure team. https://fedoraproject.org/wiki/Infrastructure/Kerberos This is not a bug in fedpkg, so please follow up on #fedora-infra on IRC or file a ticket at https://pagure.io/fedora-infrastructure/ sorry, but throwing html source at the user, as described in comment #2, really is not a nice thing to do, no matter what configuration did the user omit Hi Karel, how about use another bug to track this improvement? why? - look at the description again, this one started exactly with the same problem, fedpkg outputting html source instead of handling that more gracefully This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. Hi Karel, could you please have a look at the problem you mentioned in comment 12? Currently, fedpkg is able to handle the error and not throw HTML source to user. (In reply to cqi from comment #14) > Hi Karel, could you please have a look at the problem you mentioned in > comment 12? Currently, fedpkg is able to handle the error and not throw HTML > source to user. well, obviously I cannot reproduce the original problem, however trying new-sources without valid ticket, I'm now getting Could not execute new_sources: Request is unauthorized. which looks much better than the output in comment #2, thanks Thanks for you feedback. |