Two file distribution servers return 403
Hi all,
I'm writing an autopkg recipe to keep gpgtools updated across our organization, without having to educate every employee on how to safely use Sparkle updates. However, checking if there are new downloads available works about 50% of the time. I'm pretty sure this is because some file servers that releases.gpgtools.org resolves to are broken.
As per http://dns.squish.net/traverses/a9edae8a546999dcaae555c8df3cf075/de..., the addresses resolved for releases.gpgtools.org are:
gpgtools.scnr.is. 600 IN A 79.134.234.224
gpgtools.scnr.is. 600 IN A 5.35.250.62
gpgtools.scnr.is. 600 IN A 46.246.94.107
gpgtools.scnr.is. 600 IN A 93.95.227.212
gpgtools.scnr.is. 600 IN A 199.167.129.178
gpgtools.scnr.is. 600 IN A 46.246.108.30
Two out of these servers return 403 Forbidden errors when downloading the GPG tools releases from the sparkle feed: 46.246.108.30 and 93.95.227.212. Observe:
$ curl -D- --insecure --header 'Host: releases.gpgtools.org' https://46.246.108.30/MacGPG2-2.0.27b6.dmg
HTTP/1.1 403 Forbidden
Date: Wed, 01 Apr 2015 21:16:18 GMT
Server: Apache/2.2.22 (Debian)
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /MacGPG2-2.0.27b6.dmg
on this server.</p>
</body></html>
and
$ curl -D- --insecure --header 'Host: releases.gpgtools.org' https://93.95.227.212/MacGPG2-2.0.27b6.dmg
HTTP/1.1 403 Forbidden
Date: Wed, 01 Apr 2015 21:15:59 GMT
Server: Apache/2.2.22 (Debian)
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /MacGPG2-2.0.27b6.dmg
on this server.</p>
</body></html>
Both of these servers also present an invalid certificate chain. Can you remove those from the rotation? It would make our recipes that much more reliable & improve my life a lot. (I believe I have seen downloads via regular Sparkle from these servers fail, also.)
Cheers,
Andreas.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Mento on 24 Jun, 2015 02:10 PM
Hallo Andreas,
als erstes Entschuldigung für die späte Antwort.
curl verhält sich, wenn es so wie von dir verwendet wird, nicht korrekt. Warum auch immer.
Die Server antworten nur korrekt wenn sie tatsächlich als releases.gpgtools.org angesprochen werden. Wenn du also keinen bestimmten Grund hast manuell einer der Server zu wählen empfehle ich dir einfach nur:
Solltest du einen bestimmten Server verwenden wollen könntest du etwas in der Art machen:
Grüsse, Mento
Steve closed this discussion on 05 Nov, 2015 10:39 PM.