You are not logged in.
Hi - I'm stuck and can't perform an update using the command
pacman -Syu
or
pacman -Syyuu
I get this error no matter which of the dozens of mirrors I've tried.
pacman -Syu
:: Synchronizing package databases...
core is up to date
error: failed retrieving file 'extra.db' from mirror.archlinux32.org : The requested URL returned error: 403
error: failed to update extra (failed to retrieve some files)
error: failed retrieving file 'community.db' from mirror.archlinux32.org : The requested URL returned error: 403
error: failed to update community (failed to retrieve some files)
error: failed to synchronize all databases
I can see community.db and extra.db when I visit https://mirror.archlinux32.org/i686/extra/ or https://mirror.archlinux32.org/i686/community but I do get this error if I try to click on them in the browser:
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
mirror.archlinux32.org
Apache/2.4.46 (Unix) OpenSSL/1.1.1i PHP/7.4.13
Are community and extra no longer available?
Last edited by Zohnsaxen (2020-12-26 18:50:46)
Offline
Yeah, have the same problem. And if I force the refresh by
sudo pacman -Syyu
(I know, it's not recommended, but at this point, whatever.)
After using reflector to refresh the mirrorlist, I got the message that the local package versions are newer than the mirror's. Using reflector again, I got
there is nothing to do
They are probably refreshing the mirrors. Nothing we can do but wait.
Offline
I see that some DB files are missing on the master mirror, could be some script went wrong.
I'm trying to restore them from a backup..
@deep42thought: I also see some .~tmp~ files which seem rather old and the permissions on
the master mirror make my rsync script fail.. shouldn't all files belong to mirror/mirror?
Offline
On the master mirror:
lrwxrwxrwx 1 mirror mirror 15 Feb 2 2020 extra.db -> extra.db.tar.gz
-rw------- 1 mirror mirror 2058536 Dec 24 07:22 extra.db.tar.gz
-rw------- 1 mirror mirror 2058621 Dec 24 00:22 extra.db.tar.gz.old
on my mirror there is only the symlink:
lrwxrwxrwx 1 mirror mirror 15 Feb 2 2020 extra.db -> extra.db.tar.gz
rsyncd doens't run archlinux32 as mirror/mirror, but as nobody?, so some files are not visible this way.
Offline
Yes, only miror/mirror should be able to read the target of that symlink. Others and group have no access to the real file, so you'll only get the symlink if you rsync it (assuming it's not following symlinks, else it'd just fail to get anything).
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline
This problem propagates also to staging.db etc, The build slaves are not able to find the databases on the master
mirror. Also some script is destroying the databases, I presume..
Offline
Looks like it's working now. Extra and community were downloaded and updated with
pacman -Syu
Any additional insight into what caused the issue?
Offline
This is strange. rsyncd was always running as nobody:nobody and the mirror was always run as mirror:mirror - I guess, some umask now diallows read-access for "anybody".
Offline
maybe, we should run rsyncd as nobody:mirror, hmmm
Offline
Wait, you're running rsyncd as a user? Normally under arch you start that using systemd as a service so effectively I assume it's running as root. Or did you misspeak and you're actually talking about the credentials you're logged in on the receiving server and using rsync (no 'd').
Personally I'm set up sshd on my server and always get things using rsync to a ssh user@server:/remote_path local_path, and my logins are controlled under /home/user/.sshd/ on the server.
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline
We run rsyncd via the systemd service, which drops privileges.
I had another look at rsyncd's config: nobody:nobody is the default, but all (relevant) modules use mirror:mirror, so they should see everything which was uploaded by user mirror.
Offline
Ah, okay, I don't even have a group called nothing, but that's perhaps because I've not configured rsyncd.service to be active. If you ran it as nobody:mirror and the privs on those files were still as they were posted here, it wouldn't help because the actual .db files had no access to groups or other, so matching groups won't help. Presumably now those privs have been fixed so that it allows access.
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline
I had quite a nightmarish experience with rsyncd on the buldmaster yesterday, incoming chmod being ignored,
permission denied errors (code 95), some endless loops in rsync_failsafe, when rsync has errors, etc.
So far I can say that build slaves upload their files to transfer, and the final databases and packages got lost or had
--r------ permissions, rendering them inaccessible to the web server. I put the 'http' user into the 'mirror' group.
Given that all operations happen as user mirror, group mirror with the right umasks, this should result
in a working master mirror.
I also think, there is a bug in the intention log logic, I had endless loops there when build scripts tried to
upload their packages.
There was a staging folder inside a staging folder from 2018, which I deleted.
There are stall files in .transfer, Don't know why they didn't get moved.
There are .~tmp~ directories everywhere which contain files from October (looked like
an interrupted sync of sorts, I deleted those folders).
Offline
After a build libxmls2 on a slave I changed the permissions by hand with:
find /srv/http/mirror/mirror.archlinux32.org/ -type f -exec chmod -c ug+r "{}" \;
This shows:
mode of '/srv/http/mirror/mirror.archlinux32.org/pool/libxml2-2.9.10-8.0-i686.pkg.tar.zst' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/pool/libxml2-2.9.10-8.0-i686.pkg.tar.zst.sig' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/.transfer/libxml2-2.9.10-8.0-i686.pkg.tar.zst' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/.transfer/libxml2-2.9.10-8.0-i686.pkg.tar.zst.sig' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/i686/staging/staging.db.tar.gz' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/i686/staging/staging.files.tar.gz.old' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/i686/staging/staging.files.tar.gz' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/i686/staging/staging.db.tar.gz.old' changed from 0600 (rw-------) to 0640 (rw-r-----)
mode of '/srv/http/mirror/mirror.archlinux32.org/lastupdate' changed from 0600 (rw-------) to 0640 (rw-r-----)
I don't understand several things: why is "incoming chmod" ignored in /etc/rsyncd.conf, why are the packages not removed from .transfer after being published?
The rsyncd logfile tells me:
Dec 27 12:54:52 buildmaster.archlinux32.org rsyncd[2857162]: recv smtp.andreasbaumann.cc [83.150.2.48] transfer32 () which-2.21-5.5-i686.pkg.tar.zst.sig 310 rw-r--r--
The files are then:
-rw------- 2 mirror mirror 310 Dec 27 12:54 /srv/http/mirror/mirror.archlinux32.org/pool/which-2.21-5.5-i686.pkg.tar.zst.sig
-rw------- 1 mirror mirror 310 Dec 27 12:54 /srv/http/mirror/mirror.archlinux32.org/.transfer/which-2.21-5.5-i686.pkg.tar.zst.sig
To me it looks like the local packages32 rsyncs are messing with the permissions..
Offline
uploading a simple testfile with -rw-r--r-- via rsyncd replaces the permissions with -rw-------
I'm not too familiar, how linux derives the file permissions, but my suspicion would be some umask of rsyncd which prevents it from giving go+r to newly created files
Offline
I think under open (3) the combination of O_ flags you supply sets the user mask, although from reading the man page I can't work out how your meant to set execute combined with anything else. chmod (2) seems to let you set a full perm mask. All I know from the terminal is that doing a touch foo gives you a foo perm mask of -rw-r--r--, but you can chmod any other mask (including making a file non readable and non-writable but still being able to recover it) but you can't chown it even to yourself under another group you belong to without raising your privileges.
From reading man rsyncd.conf it tells me that incoming chmod only affects files coming on to the server running rsyncd. If the build machine is running rsyncd and you're getting things from there on to your web server, the transition's going in the wrong direction to be affected by that option. Maybe outgoing chmod is what you want, but the docs refer to other things I've not read yet so I'm not sure. Also of interest in that doc is the name convert option which mentions an example python program called name-convert which doesn't seem to be installed as part of the rsync package.
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline
ok, we went the dirty way and use bindfs now to bind-mount the directory with modified owner - for the http server.
Offline
Okay, as long as that's reproducible (maybe by being properly documented somewhere) then that's good.
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline