[opensuse-buildservice] Re: blocked by the acl with the new 2.1
Hello, I progress in the understanding of the issue. I was using osc 0.129 which is delivered with the appliance on the appliance itself. A simple switch to run the osc on an other pc (un ubuntu running osc 0.125) has fixed the issue and runing with the osc 1.28 provided by the MeeGo Tool page also works well. Odd. I do not know if the problem is specific to the osc delivered with the appliance 2.1 (osc 0.129) or to the fact that we were runing the osc command on the obs server appliance itself (our goal was to transfer a full set of repo, running the script on the appliance was saving network traffic). But there is a compatibility issue somewhere either with osc 0.129 or I guess more loikly when osc is runon the obs-server directly. Regards Dominique P.S. A good documentation on the acl would be welcomed. 2010/11/10 Dominique Le Foll <dominig@fridu.net>:
Hello,
I have just loaded a new OBS appliance on a brand new server. The version of the day was -> obs-server.x86_64-2.1.1-Build1.7.raw.bz2
The install went as usual (I use a raid soft with an lvm and copy the raw appliance on the disk /dev/sda.
I then created a user and try to copy my project from my source obs to my new target, there started the problem. I was rejected with an error (no permission).
To narrow down the issue I have restarted from scratch and created a user amino, with that user I have created a project in my home directory and uploaded a file in a package named test via the WebUI -> no Issue until there.
Then I have checked out my package test in my home directory with osc (version 0.129) Modified the file locally on my PC and try to check it back in -> ERROR.
I have the same error osc ci WARNING: validator directory /usr/lib/osc/source_validators configured, but not existing (please install osc-source_validator). Skipping ... Sending test.txt Transmitting file data .Server returned an error: HTTP Error 403: Forbidden Insufficient permissions to store file in package test2, project home:amino
I have also added the full log with the option -H at the end of this mail.
It looks like an acl issue but I have not changed the default. Do I have to do any thing special with that new release. My preparation test with the release obs-server.x86_64-2.1.0-Build2.3.raw.bz2 did not prepared me to that issue.
- Where sits the acl? - are they activated by default ? - do I need a special version of osc ? - other ? -- Dominig
osc -H ci WARNING: validator directory /usr/lib/osc/source_validators configured, but not existing (please install osc-source_validator). Skipping ...
-- GET http://obs-server.bluestreaktech.com:81/source/home:amino send: 'GET /source/home:amino HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: obs-server.bluestreaktech.com:81\r\nConnection: close\r\nUser-Agent: osc/0.129\r\n\r\n' reply: 'HTTP/1.1 200 OK\r\n' header: ETag: "a6b6786cb9159000047999d2966129b3" header: X-Opensuse-APIVersion: 2.1.0 header: Content-Type: text/xml; charset=utf-8 header: X-Runtime: 4 header: Content-Length: 82 header: Cache-Control: private, max-age=0, must-revalidate header: Connection: close header: Date: Wed, 10 Nov 2010 15:01:37 GMT header: Server: lighttpd/1.4.26
-- GET http://obs-server.bluestreaktech.com:81/source/home:amino/test2?rev=latest send: 'GET /source/home:amino/test2?rev=latest HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: obs-server.bluestreaktech.com:81\r\nConnection: close\r\nUser-Agent: osc/0.129\r\n\r\n' reply: 'HTTP/1.1 200 OK\r\n' header: X-Opensuse-APIVersion: 2.1.0 header: Content-Transfer-Encoding: binary header: X-Runtime: 10 header: Content-Type: text/xml header: Content-Disposition: attachment header: Content-Length: 192 header: Cache-Control: private header: Connection: close header: Date: Wed, 10 Nov 2010 15:01:37 GMT header: Server: lighttpd/1.4.26 Sending test.txt Transmitting file data .
-- PUT http://obs-server.bluestreaktech.com:81/source/home:amino/test2/test.txt?rev... send: 'PUT /source/home:amino/test2/test.txt?rev=upload HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 11\r\nHost: obs-server.bluestreaktech.com:81\r\nContent-Type: application/octet-stream\r\nConnection: close\r\nUser-Agent: osc/0.129\r\n\r\n' send: 'test\ntest2\n' reply: 'HTTP/1.1 403 Forbidden\r\n' header: X-Opensuse-APIVersion: 2.1.0 header: Content-Type: application/xml; charset=utf-8 header: X-Runtime: 11 header: X-Opensuse-Errorcode: put_file_no_permission header: Content-Length: 207 header: Cache-Control: no-cache header: Connection: close header: Date: Wed, 10 Nov 2010 15:01:37 GMT header: Server: lighttpd/1.4.26
-- POST http://obs-server.bluestreaktech.com:81/source/home:amino/test2?cmd=deleteup... send: 'POST /source/home:amino/test2?cmd=deleteuploadrev HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 0\r\nHost: obs-server.bluestreaktech.com:81\r\nContent-Type: application/x-www-form-urlencoded\r\nConnection: close\r\nUser-Agent: osc/0.129\r\n\r\n' reply: 'HTTP/1.1 403 Forbidden\r\n' header: X-Opensuse-APIVersion: 2.1.0 header: Content-Type: application/xml; charset=utf-8 header: X-Runtime: 12 header: X-Opensuse-Errorcode: cmd_execution_no_permission header: Content-Length: 187 header: Cache-Control: no-cache header: Connection: close header: Date: Wed, 10 Nov 2010 15:01:37 GMT header: Server: lighttpd/1.4.26 Server returned an error: HTTP Error 403: Forbidden Insufficient permissions to store file in package test2, project home:amino amino@obs-server:~/BLUE/home:amino/test2>
-- Dominique Le Foll -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Donnerstag, 11. November 2010, 23:24:12 schrieb Dominique Le Foll: ...
2010/11/10 Dominique Le Foll <dominig@fridu.net>:
...
I have the same error osc ci WARNING: validator directory /usr/lib/osc/source_validators configured, but not existing (please install osc-source_validator). Skipping ... Sending test.txt Transmitting file data .Server returned an error: HTTP Error 403: Forbidden Insufficient permissions to store file in package test2, project home:amino
Just to clarify. We always had an ACL implementation. The only thing what was new with 2.1 was that this one got extented to handle also read access limitations. However, in this case, it complains about write access permissions. You used osc on a system which is configured as the anonymous webui (this is by default enabled on the appliance), so api switched to anonymous user. Which indeed has no write permissions. I added a fix in git to use the anonymous mode only for the webui client now. It will be part of OBS 2.1.3 or next 2.2 alpha snapshot. bye adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (2)
-
Adrian Schröter
-
Dominique Le Foll