403 from centos repo

[Przemasso]

Hi, I'm getting 403 error when reaching repo:

http://download.draios.com/stable/rpm/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden

if checking via browser, 403 is returned as well:

403 Forbidden Code: AccessDenied Message: Access Denied

curl from vm returns 403 as well. Any ideas what may be causing it?

[therealbobo]

Hi @Przemasso! We are experiencing problems with the repos and we are trying to solve it. I'll ping you once we find a solution 👍

[therealbobo]

We resolved the issue! Could you please check if is it all good? @Przemasso

[Przemasso]

@therealbobo thanks for swift response! Unfortunately all attempts ends with 403 (via browser, curl, yum). I've cleaned yum cache as well but didn't helped as well.

[therealbobo]

I checked and I can reproduce the issue on browser and curl but yum works fine on my side. @Przemasso

[Przemasso]

Hi @therealbobo - I've finally managed to get rid of 403 but had to change 2 things in repo config:

baseurl from: baseurl=http://download.draios.com/stable/rpm/$basearch to: baseurl=https://download.sysdig.com/stable/rpm/$basearch

and gpg key from: gpgkey=https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public to: gpgkey=https://download.sysdig.com/DRAIOS-GPG-KEY.public

are those two something which have changed recently?

[therealbobo]

The gpg is there from a long time and I think https as well. 🤔

[AndriyKhymera]

Hey guys, after I fixed the 403 error above I got "GPG check FAILED" error. If I'm using '--nogpgcheck' parameter I get another error

package sysdig-0.32.0-1.aarch64 does not verify: Header V4 RSA/SHA1 Signature, key ID ec51e8c4: BAD

I'm using Rocky Linux 9 on arm. Have any of you faced this error?

[therealbobo]

Hi @AndriyKhymera! Are you using sysdig from the rocky linux 9 repository?

[AndriyKhymera]

@therealbobo, I'm using the following repo:

[draios]
name=draios
baseurl=https://download.sysdig.com/stable/rpm/$basearch
enabled=False
gpgcheck=True
gpgkey=https://download.sysdig.com/DRAIOS-GPG-KEY.public

Installing with:

dnf -d 10 -e 10  -y --enablerepo=draios install sysdig

kernel-devel

kernel-devel    aarch64      5.14.0-284.18.1.el9_2  appstream                                   

[therealbobo]

Uhm, I getting this error:

warning: Signature not supported. Hash algorithm SHA1 not available.
warning: Signature not supported. Hash algorithm SHA1 not available.

And this is probably related to this https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9 . Are you getting the same error? @AndriyKhymera

[AndriyKhymera]

hey, @therealbobo yeah, that's exactly the problem I have. Using this solved my problem with the installation

update-crypto-policies --set DEFAULT:SHA1

I guess '--nogpgcheck' doesn't work as I expected it to work. Thanks a lot for providing this article

[agelormini]

Yes, packages should be signed with SHA256 now because in Linux 9 SHA1 has been deprecated.

https://access.redhat.com/articles/6846411

use this after installation to remove sha1 sudo update-crypto-policies --set DEFAULT:NO-SHA1

[therealbobo]

Hey @coinnect-project! I totally forgot to ping you! We solved this issue on 0.34.1 😄