search

corretto / corretto-11

Amazon Corretto 11 is a no-cost, multi-platform, production-ready distribution of OpenJDK 11
GNU General Public License v2.0
672 stars 106 forks source link

Refresh of RPM repository fails on older SLES installations #226

Open matthiasblaesing opened 2 years ago

matthiasblaesing commented 2 years ago

Installation of Amazon Corretto on SLES 12.5 fails when the repositories are refreshed. The issue seems to be, that the repository returns an access denied error for the URL:

https://yum.corretto.aws/x86_64/media.1/media

In newer versions rpm seems to ignore the access denied error, but the version from SLES 12.5 shows this behaviour:

XXXXXXX@YYYYYYY:/home/XXXXXXX> sudo zypper addrepo https://yum.corretto.aws/corretto.repo                                                                                                                      
Adding repository 'Amazon Corretto' ......................................................................................................................................................................................................[done]
Repository 'Amazon Corretto' successfully added

URI         : https://yum.corretto.aws/x86_64
Enabled     : Yes                            
GPG Check   : Yes                            
Autorefresh : No                             
Priority    : 99 (default priority)          

Repository priorities are without effect. All enabled repositories share the same priority.
XXXXXXX@YYYYYYY:/home/XXXXXXX> sudo zypper refresh                                                                                                                                                                                           
Retrieving repository 'Amazon Corretto' metadata .........................................................................................................................................................................................[done]
Building repository 'Amazon Corretto' cache ..............................................................................................................................................................................................[done]
Repository 'SLE-Module-Web-Scripting12-Pool' is up to date.                                                                                                                                                                                     
Repository 'SLE-Module-Web-Scripting12-Updates' is up to date.                                                                                                                                                                                  
Repository 'SLE-SDK12-SP5-Pool' is up to date.                                                                                                                                                                                                  
Repository 'SLE-SDK12-SP5-Updates' is up to date.                                                                                                                                                                                               
Repository 'SLES12-SP5-Pool' is up to date.                                                                                                                                                                                                     
Repository 'SLES12-SP5-Updates' is up to date.                                                                                                                                                                                                  
Repository 'adoptopenjdk' is up to date.                                                                                                                                                                                                        
Repository 'Network Utilities (SLE_12)' is up to date.                                                                                                                                                                                          
Repository 'Server Monitoring Software (SLE_12)' is up to date.                                                                                                                                                                                 
All repositories have been refreshed.
XXXXXXX@YYYYYYY:/home/XXXXXXX> sudo zypper refresh
Permission to access 'https://yum.corretto.aws/x86_64/media.1/media' denied.
Abort, retry, ignore? [a/r/i/...? shows all options] (a): a                                                                                                                                                                                     
ABORT request: Aborting requested by user
XXXXXXX@YYYYYYY:/home/XXXXXXX> sudo zypper -v refresh
Verbosity: 1
Initializing Target
Specified repositories: 
Checking whether to refresh metadata for Amazon Corretto
Retrieving: repomd.xml ...................................................................................................................................................................................................................[done]
Permission to access 'https://yum.corretto.aws/x86_64/media.1/media' denied.
Abort, retry, ignore? [a/r/i/...? shows all options] (a): a                                                                                                                                                                                     
ABORT request: Aborting requested by user
XXXXXXX@YYYYYYY:/home/XXXXXXX>

To Reproduce

  1. Instead of SLES 12.5 OpenSuse 42.3 (freely available with similar base distribution) can be used to reproduce: http://ftp5.gwdg.de/pub/opensuse/discontinued/distribution/leap/42.3/iso/openSUSE-Leap-42.3-DVD-x86_64.iso
  2. Create a VM from the above download (or from a local SLES 12.5 copy)
  3. Run sudo zypper addrepo https://yum.corretto.aws/corretto.repo
  4. Run sudo zypper refresh and accept the unknown repository key
  5. Run sudo zypper -v refresh

Result:

2021-12-16 15_54_31-Window

If refresh is forced, it will work, but that is not a good state to run in production.

Expected behavior

No error is reported, the repository data is up-to-date.

Additional infos

This issue from SuSE diagnoses, that the server should return a 404 for a non existing path and not 403, which sound reasonable:

https://bugzilla.opensuse.org/show_bug.cgi?id=1032348

Maybe the directory settings just need to be changed, so that not existing files are reported as not existing files.

lutkerd commented 2 years ago

Thank you for bringing this to our attention.

We will investigate and see if we can change this behavior without causing other issues.

matthiasblaesing commented 2 years ago

To work around this issue I now used a local apache server to filter out the broken URL. I create a local proxy (first line ensures the media.1/media url generates a 404, and in other cases proxies to the repository):

        ProxyPass /corretto/x86_64/media.1/media https://HOSTNAME/notexisting
        ProxyPass /corretto https://yum.corretto.aws

and use that with the corresponding repo definition:

[AmazonCorretto]
name=Amazon Corretto
baseurl=https://HOSTNAME/corretto/$basearch
enabled=1
gpgkey=https://yum.corretto.aws/corretto.key
gpgcheck=1

While that works, it is not a solution for a production system.