Two file distribution servers return 403

Andreas Fuchs's Avatar

Andreas Fuchs

01 Apr, 2015 09:23 PM

Hi all,

I'm writing an autopkg recipe to keep gpgtools updated across our organization, without having to educate every employee on how to safely use Sparkle updates. However, checking if there are new downloads available works about 50% of the time. I'm pretty sure this is because some file servers that releases.gpgtools.org resolves to are broken.

As per http://dns.squish.net/traverses/a9edae8a546999dcaae555c8df3cf075/de..., the addresses resolved for releases.gpgtools.org are:

gpgtools.scnr.is.    600 IN  A   79.134.234.224
gpgtools.scnr.is.   600 IN  A   5.35.250.62
gpgtools.scnr.is.   600 IN  A   46.246.94.107
gpgtools.scnr.is.   600 IN  A   93.95.227.212
gpgtools.scnr.is.   600 IN  A   199.167.129.178
gpgtools.scnr.is.   600 IN  A   46.246.108.30

Two out of these servers return 403 Forbidden errors when downloading the GPG tools releases from the sparkle feed: 46.246.108.30 and 93.95.227.212. Observe:

$ curl -D- --insecure --header 'Host: releases.gpgtools.org' https://46.246.108.30/MacGPG2-2.0.27b6.dmg
HTTP/1.1 403 Forbidden
Date: Wed, 01 Apr 2015 21:16:18 GMT
Server: Apache/2.2.22 (Debian)
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /MacGPG2-2.0.27b6.dmg
on this server.</p>
</body></html>

and

$ curl -D- --insecure --header 'Host: releases.gpgtools.org' https://93.95.227.212/MacGPG2-2.0.27b6.dmg
HTTP/1.1 403 Forbidden
Date: Wed, 01 Apr 2015 21:15:59 GMT
Server: Apache/2.2.22 (Debian)
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /MacGPG2-2.0.27b6.dmg
on this server.</p>
</body></html>

Both of these servers also present an invalid certificate chain. Can you remove those from the rotation? It would make our recipes that much more reliable & improve my life a lot. (I believe I have seen downloads via regular Sparkle from these servers fail, also.)

Cheers,
Andreas.

  1. 1 Posted by Mento on 24 Jun, 2015 02:10 PM

    Mento's Avatar

    Hallo Andreas,

    als erstes Entschuldigung für die späte Antwort.
    curl verhält sich, wenn es so wie von dir verwendet wird, nicht korrekt. Warum auch immer.
    Die Server antworten nur korrekt wenn sie tatsächlich als releases.gpgtools.org angesprochen werden. Wenn du also keinen bestimmten Grund hast manuell einer der Server zu wählen empfehle ich dir einfach nur:

    curl https://releases.gpgtools.org/GPG_Suite-2015.06.dmg
    

    Solltest du einen bestimmten Server verwenden wollen könntest du etwas in der Art machen:

    openssl s_client -connect 93.95.227.212:443 -servername releases.gpgtools.org -ign_eof <<-EOT
    HEAD /GPG_Suite-2015.06.dmg HTTP/1.1
    Host: releases.gpgtools.org
    Connection: close


    EOT

    Grüsse, Mento

  2. Steve closed this discussion on 05 Nov, 2015 10:39 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac