We have sometimes issue on package upload.
This happens when:
- a new user uploads a package in an existing arborescence tree (s)he does not own
- a user renames a package and creates a new arborescence tree through upload. Next time, if another user uploads a new version for that package, (s)he is hit by the same problem.
Example
anlambert recently renamed the package swh-web-ui to swh-web.
Thus, ardumont can't upload a new version.
tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1.dsc 100% 2004 72.8KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.2MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 55.9KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.9MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 286.8KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 96.6KB/s 00:00 Error 13 creating hardlink of '/srv/softwareheritage/repository/tmp/swh-web_0.0.87-1.dsc' as '/srv/softwareheritage/repository/pool/main/s/swh-web/swh-web_0.0.87-1.dsc': Permission denied There have been errors!
Checking the /srv/softwareheritage/repository/pool/main/s directory, indeed, ardumont cannot write to that directory.
ardumont@pergamon:/srv/softwareheritage/repository% ls -l /srv/softwareheritage/repository/pool/main/s ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxr-sr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ...
As a workaround, fixing the rights to that folder for the group makes it ok.
ardumont@pergamon:/srv/softwareheritage/repository% sudo chmod -v g+w /srv/softwareheritage/repository/pool/main/s/swh-web ardumont@pergamon:/srv/softwareheritage/repository% sudo ls -l /srv/softwareheritage/repository/pool/main/s/ ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxrwsr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ...
Indeed:
tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web The .changes file is already signed. Would you like to use the current signature? [Yn]y Leaving current signature unchanged. swh-web_0.0.87-1.dsc 100% 2004 73.2KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.3MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 51.4KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.7MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 355.0KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 124.3KB/s 00:00 Skipping swh-web_0.0.87-1_amd64.changes because all packages are skipped! signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1~bpo9~swh+1.dsc 100% 2048 80.2KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.5MB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1.debian.tar.xz 100% 1520 65.4KB/s 00:00 python3-swh.web_0.0.87-1~bpo9~swh+1_all.deb 100% 180KB 2.2MB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo 100% 8230 315.5KB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1_amd64.changes 100% 2863 109.0KB/s 00:00 Exporting indices... Deleting files no longer referenced... deleting and forgetting pool/main/s/swh-web/python3-swh.web_0.0.86-1~bpo9~swh+1_all.deb deleting and forgetting pool/main/s/swh-web/swh-web_0.0.86-1~bpo9~swh+1.debian.tar.xz deleting and forgetting pool/main/s/swh-web/swh-web_0.0.86-1~bpo9~swh+1.dsc ... Counting objects: 4, done. Delta compression using up to 4 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 1.92 KiB | 0 bytes/s, done. Total 4 (delta 2), reused 0 (delta 0) To ssh://forge.softwareheritage.org/source/swh-web.git * [new tag] v0.0.87 -> v0.0.87
It would be nice to fix it definitely to not have to deal with such shortcomings once in a while when we are not the main packager.
Solution
short term
Connect to the machine and fix right away the group permission.
That's what's being done regularly.
middle term
As we use mainly pergamon for packaging purposes, we could configure umask to 002 for all our uploader logins.
Note:
- I don't know if it's the proper reasoning nor measure the impacts here. Feel free to enlighten me.
- I'm only seeing pergamon as our debian package repository but i may be wrong.
This intranet page shows pergamon usage as 'sysadm playground', so it seems to go my way.
long term
As we discussed some time ago with @olasd, this may be a hint as to use a specific user for the packaging upload.
This may help in centralizing the (new) uploaders':
- gpg public keys to the same login (against each user needs to setup its gpg public key)
- ssh public key to the same login (~/.ssh/authorized_keys)