Intermittent 403 errors

[soapergem]

I use deb-s3 to publish my apt repository to a private S3 bucket, and apt-transport-s3 to install the software I've published onto Raspberry Pis. At first it all seemed to work great; however lately I've been noticing that I will intermittently get unexplained Forbidden errors. As far as I can tell I have everything set up correctly; my /etc/apt/s3auth.conf file looks something like this:

AccessKeyId = ABC... SecretAccessKey = 123... Region = 'us-east-1' Token = ''

And I include this line in my /etc/apt/sources.list file:

deb s3://myaptrepo.s3.amazonaws.com/ stable main

Earlier today, every time I tried hitting apt-get update, it would fail with the following output:

pi@raspberrypi:~ $ sudo apt-get update Ign s3://myaptrepo.s3.amazonaws.com stable InRelease Hit http://mirrordirector.raspbian.org jessie InRelease Hit http://archive.raspberrypi.org jessie InRelease Ign s3://myaptrepo.s3.amazonaws.com stable Release.gpg Ign s3://myaptrepo.s3.amazonaws.com stable Release Hit http://archive.raspberrypi.org jessie/main armhf Packages Hit http://mirrordirector.raspbian.org jessie/main armhf Packages Hit http://mirrordirector.raspbian.org jessie/contrib armhf Packages Hit http://mirrordirector.raspbian.org jessie/non-free armhf Packages Hit http://archive.raspberrypi.org jessie/ui armhf Packages Hit http://mirrordirector.raspbian.org jessie/rpi armhf Packages Err s3://myaptrepo.s3.amazonaws.com stable/main armhf Packages 403 Forbidden Ign s3://myaptrepo.s3.amazonaws.com stable/main Translation-en_GB Ign s3://myaptrepo.s3.amazonaws.com stable/main Translation-en Ign http://archive.raspberrypi.org jessie/main Translation-en_GB Ign http://mirrordirector.raspbian.org jessie/contrib Translation-en_GB Ign http://mirrordirector.raspbian.org jessie/contrib Translation-en Ign http://archive.raspberrypi.org jessie/main Translation-en Ign http://archive.raspberrypi.org jessie/ui Translation-en_GB Ign http://mirrordirector.raspbian.org jessie/main Translation-en_GB Ign http://mirrordirector.raspbian.org jessie/main Translation-en Ign http://mirrordirector.raspbian.org jessie/non-free Translation-en_GB Ign http://archive.raspberrypi.org jessie/ui Translation-en Ign http://mirrordirector.raspbian.org jessie/non-free Translation-en Ign http://mirrordirector.raspbian.org jessie/rpi Translation-en_GB Ign http://mirrordirector.raspbian.org jessie/rpi Translation-en W: Failed to fetch s3://myaptrepo.s3.amazonaws.com/dists/stable/main/binary-armhf/Packages 403 Forbidden E: Some index files failed to download. They have been ignored, or old ones used instead.

But then I waited a bit, and eventually calling apt-get update worked without issue. I can't explain that as in between the time it failed and worked again, I had made no alterations to anything. I don't like unexplained problems! Is this something anyone else has noticed? Is there any file, log or otherwise, that I could provide to help get to the bottom of this issue? I love this package but it should work 100% of the time, not intermittently.

[soapergem]

I turned on server logging for that S3 bucket and figured out the problem... I saw a bunch of entries for "403 RequestTimeTooSkewed" in the logs. Turns out my Raspberry Pi had its clock set wrong. Apparently if the time is more than 15 minutes off from reality, the GetObject request fails and therefore so does apt-transport-s3. It might be nice if more information could be included on the client side though, i.e. instead of just saying "403 Forbidden" maybe say "403 Forbidden RequestTimeTooSkewed," that is if the specific error code is made available.