Description of problem: On freshly installed fedpkg setup (with fresh /etc/rpkg/fedpkg.conf), attempt to run fedpkg new-sources name-version.tar.gz fails with Could not execute new_sources: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://src.fedoraproject.org/repo/pkgs/upload.cgi">here</a>.</p> </body></html> Version-Release number of selected component (if applicable): fedpkg-1.25-1.fc24.noarch How reproducible: Deterministic. Steps to Reproduce: 1. Have some file around that you want to upload to the lookaside cache. 2. Run fedpkg new-sources name-version.tar.gz Actual results: Could not execute new_sources: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://src.fedoraproject.org/repo/pkgs/upload.cgi">here</a>.</p> </body></html> Expected results: No error. Additional info: If the code cannot or does not want to handle the redirect, I should likely ship lookaside_cgi = https://src.fedoraproject.org/repo/pkgs/upload.cgi in etc/rpkg/fedpkg.conf.
Please try with fedpkg-1.26-3 and pyrpkg-1.47-5 from updates-testing. This is related to using well known SSL certificate: https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016
Thanks, that changed the response to Could not execute new_sources: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> which I assume is a good thing.
Same problem on fedora 25. Version-Release number of selected component (if applicable): fedpkg-1.25-1.fc25.noarch
That is on it's way to be a good thing. It means you most likely don't have a kerberos ticket. It can be obtained by kinit <your_fas_login>@FEDORAPROJECT.ORG Also, to be sure building works correctly, make sure you have koji-1.11.0-1 installed and /etc/koji.conf is up-to-date.
(In reply to Lubomír Sedlář from comment #1) > Please try with fedpkg-1.26-3 and pyrpkg-1.47-5 from updates-testing. I encountered the same issue. I confirm, that I updated those 2 packages and it works fine now.
(In reply to Lubomír Sedlář from comment #4) > That is on it's way to be a good thing. It means you most likely don't have > a kerberos ticket. It can be obtained by > kinit <your_fas_login>@FEDORAPROJECT.ORG hmmmmm .... $ kinit kvolny Password for kvolny: Password expired. You must change it now. Enter new password: Enter it again: kinit: Cannot find KDC for realm "FEDORAPROJECT.ORG" while getting initial credentials > Also, to be sure building works correctly, make sure you have koji-1.11.0-1 $ rpm -q koji koji-1.11.0-1.fc25.noarch > installed and /etc/koji.conf is up-to-date. which means ...? $ stat -c %y /etc/koji.conf 2016-12-09 15:55:40.000000000 +0100 ... raising priority/severity, hope someone can resolve this quickly, it blocks me from fixing security vulnerability (arbitrary code execution) :-(
Make sure you have $ rpm -qf /etc/krb5.conf.d/fedoraproject_org fedora-packager-0.6.0.0-1.fc25.noarch Also, check that your /etc/krb5.conf has includedir /etc/krb5.conf.d/ in it. If you've tweaked /etc/krb5.conf, the stock might be in /etc/krb5.conf.rpmnew.
(In reply to Jan Pazdziora from comment #7) > Make sure you have thanks, but: > $ rpm -qf /etc/krb5.conf.d/fedoraproject_org > fedora-packager-0.6.0.0-1.fc25.noarch $ rpm -qf /etc/krb5.conf.d/fedoraproject_org fedora-packager-0.6.0.0-1.fc25.noarch > Also, check that your /etc/krb5.conf has > > includedir /etc/krb5.conf.d/ > > in it. If you've tweaked /etc/krb5.conf, the stock might be in > /etc/krb5.conf.rpmnew. $ grep includedir /etc/krb5.conf includedir /etc/krb5.conf.d/ ... other suggestions?
You could try going through Kerberos information from Fedora Infrastructure team. https://fedoraproject.org/wiki/Infrastructure/Kerberos This is not a bug in fedpkg, so please follow up on #fedora-infra on IRC or file a ticket at https://pagure.io/fedora-infrastructure/
sorry, but throwing html source at the user, as described in comment #2, really is not a nice thing to do, no matter what configuration did the user omit
Hi Karel, how about use another bug to track this improvement?
why? - look at the description again, this one started exactly with the same problem, fedpkg outputting html source instead of handling that more gracefully
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Hi Karel, could you please have a look at the problem you mentioned in comment 12? Currently, fedpkg is able to handle the error and not throw HTML source to user.
(In reply to cqi from comment #14) > Hi Karel, could you please have a look at the problem you mentioned in > comment 12? Currently, fedpkg is able to handle the error and not throw HTML > source to user. well, obviously I cannot reproduce the original problem, however trying new-sources without valid ticket, I'm now getting Could not execute new_sources: Request is unauthorized. which looks much better than the output in comment #2, thanks
Thanks for you feedback.