Change Details

We have sometimes issue on package upload. This happens when: - a new user uploads a package in an existing arborescence tree (s)he does not own - a user renames a package and creates a new arborescence tree through upload. Next time, if another user uploads a new version for that package, (s)he is hit by the same problem. # Example anlambert recently renamed the package swh-web-ui to swh-web. Thus, ardumont can't upload a new version. ```  tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1.dsc 100% 2004 72.8KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.2MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 55.9KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.9MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 286.8KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 96.6KB/s 00:00 Error 13 creating hardlink of '/srv/softwareheritage/repository/tmp/swh-web_0.0.87-1.dsc' as '/srv/softwareheritage/repository/pool/main/s/swh-web/swh-web_0.0.87-1.dsc': Permission denied There have been errors! ``` Checking the /srv/softwareheritage/repository/pool/main/s directory, indeed, ardumont cannot write to that directory. ``` ardumont@pergamon:/srv/softwareheritage/repository% ls -l /srv/softwareheritage/repository/pool/main/s ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxr-sr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ... ``` As a workaround, fixing the rights to that folder for the group makes it ok. ``` ardumont@pergamon:/srv/softwareheritage/repository% sudo chmod -v g+w /srv/softwareheritage/repository/pool/main/s/swh-web ardumont@pergamon:/srv/softwareheritage/repository% sudo ls -l /srv/softwareheritage/repository/pool/main/s/ ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxrwsr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ... ``` It would be nice to fix it definitely to not have to deal with such shortcomings once in a while when we are not the main packager. # Solution # short term Connect to the machine and fix right away the group permission. That's what's being done regularly. # middle term As we use mainly pergamon for packaging purposes, we could configure `umask` to 002 for all our uploader logins. Note: - I don't know if it's the proper reasoning nor measure the impacts here. Feel free to enlighten me. - I'm only seeing pergamon as our debian package repository but i may be wrong. [[ https://intranet.softwareheritage.org/index.php?title=Network_configuration | This intranet page shows pergamon usage as 'sysadm playground' ]], so it seems to go my way. # long term As we discussed some time ago with @olasd, this may be a hint as to use a specific user for the packaging upload. This may help in centralizing the (new) uploaders': - gpg public keys to the same login (against each user needs to setup its gpg public key) - ssh public key to the same login (~/.ssh/authorized_keys)

We have sometimes issue on package upload. This happens when: - a new user uploads a package in an existing arborescence tree (s)he does not own - a user renames a package and creates a new arborescence tree through upload. Next time, if another user uploads a new version for that package, (s)he is hit by the same problem. # Example anlambert recently renamed the package swh-web-ui to swh-web. Thus, ardumont can't upload a new version. ``` tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1.dsc 100% 2004 72.8KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.2MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 55.9KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.9MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 286.8KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 96.6KB/s 00:00 Error 13 creating hardlink of '/srv/softwareheritage/repository/tmp/swh-web_0.0.87-1.dsc' as '/srv/softwareheritage/repository/pool/main/s/swh-web/swh-web_0.0.87-1.dsc': Permission denied There have been errors! ``` Checking the /srv/softwareheritage/repository/pool/main/s directory, indeed, ardumont cannot write to that directory. ``` ardumont@pergamon:/srv/softwareheritage/repository% ls -l /srv/softwareheritage/repository/pool/main/s ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxr-sr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ... ``` As a workaround, fixing the rights to that folder for the group makes it ok. ``` ardumont@pergamon:/srv/softwareheritage/repository% sudo chmod -v g+w /srv/softwareheritage/repository/pool/main/s/swh-web ardumont@pergamon:/srv/softwareheritage/repository% sudo ls -l /srv/softwareheritage/repository/pool/main/s/ ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxrwsr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ... ``` Indeed: ``` tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web The .changes file is already signed. Would you like to use the current signature? [Yn]y Leaving current signature unchanged. swh-web_0.0.87-1.dsc 100% 2004 73.2KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.3MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 51.4KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.7MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 355.0KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 124.3KB/s 00:00 Skipping swh-web_0.0.87-1_amd64.changes because all packages are skipped! signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1~bpo9~swh+1.dsc 100% 2048 80.2KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.5MB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1.debian.tar.xz 100% 1520 65.4KB/s 00:00 python3-swh.web_0.0.87-1~bpo9~swh+1_all.deb 100% 180KB 2.2MB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo 100% 8230 315.5KB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1_amd64.changes 100% 2863 109.0KB/s 00:00 Exporting indices... Deleting files no longer referenced... deleting and forgetting pool/main/s/swh-web/python3-swh.web_0.0.86-1~bpo9~swh+1_all.deb deleting and forgetting pool/main/s/swh-web/swh-web_0.0.86-1~bpo9~swh+1.debian.tar.xz deleting and forgetting pool/main/s/swh-web/swh-web_0.0.86-1~bpo9~swh+1.dsc ... Counting objects: 4, done. Delta compression using up to 4 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 1.92 KiB | 0 bytes/s, done. Total 4 (delta 2), reused 0 (delta 0) To ssh://forge.softwareheritage.org/source/swh-web.git * [new tag] v0.0.87 -> v0.0.87 ``` It would be nice to fix it definitely to not have to deal with such shortcomings once in a while when we are not the main packager. # Solution # short term Connect to the machine and fix right away the group permission. That's what's being done regularly. # middle term As we use mainly pergamon for packaging purposes, we could configure `umask` to 002 for all our uploader logins. Note: - I don't know if it's the proper reasoning nor measure the impacts here. Feel free to enlighten me. - I'm only seeing pergamon as our debian package repository but i may be wrong. [[ https://intranet.softwareheritage.org/index.php?title=Network_configuration | This intranet page shows pergamon usage as 'sysadm playground' ]], so it seems to go my way. # long term As we discussed some time ago with @olasd, this may be a hint as to use a specific user for the packaging upload. This may help in centralizing the (new) uploaders': - gpg public keys to the same login (against each user needs to setup its gpg public key) - ssh public key to the same login (~/.ssh/authorized_keys)

We have sometimes issue on package upload. This happens when: - a new user uploads a package in an existing arborescence tree (s)he does not own - a user renames a package and creates a new arborescence tree through upload. Next time, if another user uploads a new version for that package, (s)he is hit by the same problem. # Example anlambert recently renamed the package swh-web-ui to swh-web. Thus, ardumont can't upload a new version. ```  tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1.dsc 100% 2004 72.8KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.2MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 55.9KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.9MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 286.8KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 96.6KB/s 00:00 Error 13 creating hardlink of '/srv/softwareheritage/repository/tmp/swh-web_0.0.87-1.dsc' as '/srv/softwareheritage/repository/pool/main/s/swh-web/swh-web_0.0.87-1.dsc': Permission denied There have been errors! ``` Checking the /srv/softwareheritage/repository/pool/main/s directory, indeed, ardumont cannot write to that directory. ``` ardumont@pergamon:/srv/softwareheritage/repository% ls -l /srv/softwareheritage/repository/pool/main/s ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxr-sr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ... ``` As a workaround, fixing the rights to that folder for the group makes it ok. ``` ardumont@pergamon:/srv/softwareheritage/repository% sudo chmod -v g+w /srv/softwareheritage/repository/pool/main/s/swh-web ardumont@pergamon:/srv/softwareheritage/repository% sudo ls -l /srv/softwareheritage/repository/pool/main/s/ ... drwxrwsr-x 2 olasd swhdev 4096 Jun 30 13:02 swh-storage drwxrwsr-x 2 anlambert swhdev 4096 Sep 8 12:11 swh-web ... ``` Indeed: ``` tony@.../repo/swh/swh-environment $ ./bin/make-package -u swh-web The .changes file is already signed. Would you like to use the current signature? [Yn]y Leaving current signature unchanged. swh-web_0.0.87-1.dsc 100% 2004 73.2KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.3MB/s 00:00 swh-web_0.0.87-1.debian.tar.xz 100% 1480 51.4KB/s 00:00 python3-swh.web_0.0.87-1_all.deb 100% 180KB 1.7MB/s 00:00 swh-web_0.0.87-1_amd64.buildinfo 100% 8137 355.0KB/s 00:00 swh-web_0.0.87-1_amd64.changes 100% 2671 124.3KB/s 00:00 Skipping swh-web_0.0.87-1_amd64.changes because all packages are skipped! signfile dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc 0D10C3B8 fixup_buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo signfile buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo 0D10C3B8 fixup_changes dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1.dsc /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes fixup_changes buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes signfile changes /home/tony/work/inria/repo/swh/swh-environment/packages/swh-web_0.0.87-1~bpo9~swh+1_amd64.changes 0D10C3B8 Successfully signed dsc, buildinfo, changes files swh-web_0.0.87-1~bpo9~swh+1.dsc 100% 2048 80.2KB/s 00:00 swh-web_0.0.87.orig.tar.gz 100% 195KB 1.5MB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1.debian.tar.xz 100% 1520 65.4KB/s 00:00 python3-swh.web_0.0.87-1~bpo9~swh+1_all.deb 100% 180KB 2.2MB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1_amd64.buildinfo 100% 8230 315.5KB/s 00:00 swh-web_0.0.87-1~bpo9~swh+1_amd64.changes 100% 2863 109.0KB/s 00:00 Exporting indices... Deleting files no longer referenced... deleting and forgetting pool/main/s/swh-web/python3-swh.web_0.0.86-1~bpo9~swh+1_all.deb deleting and forgetting pool/main/s/swh-web/swh-web_0.0.86-1~bpo9~swh+1.debian.tar.xz deleting and forgetting pool/main/s/swh-web/swh-web_0.0.86-1~bpo9~swh+1.dsc ... Counting objects: 4, done. Delta compression using up to 4 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 1.92 KiB | 0 bytes/s, done. Total 4 (delta 2), reused 0 (delta 0) To ssh://forge.softwareheritage.org/source/swh-web.git * [new tag] v0.0.87 -> v0.0.87 ``` It would be nice to fix it definitely to not have to deal with such shortcomings once in a while when we are not the main packager. # Solution # short term Connect to the machine and fix right away the group permission. That's what's being done regularly. # middle term As we use mainly pergamon for packaging purposes, we could configure `umask` to 002 for all our uploader logins. Note: - I don't know if it's the proper reasoning nor measure the impacts here. Feel free to enlighten me. - I'm only seeing pergamon as our debian package repository but i may be wrong. [[ https://intranet.softwareheritage.org/index.php?title=Network_configuration | This intranet page shows pergamon usage as 'sysadm playground' ]], so it seems to go my way. # long term As we discussed some time ago with @olasd, this may be a hint as to use a specific user for the packaging upload. This may help in centralizing the (new) uploaders': - gpg public keys to the same login (against each user needs to setup its gpg public key) - ssh public key to the same login (~/.ssh/authorized_keys)