tickets #134657
closedCDN fails signature
80%
Description
from http://cdn.opensuse.org/tumbleweed/repo/oss/repodata/repomd.xml
and all sampled mirrors
signature verification failed for file 'repomd.xml' from repository 'repo-non-oss'.
warning: this file was modified after it has been signed ...
Files
Updated by luc14n0 9 months ago
Hi there,
I suppose you meant http://cdn.opensuse.org/tumbleweed/repo/non-oss/repodata/repomd.xml instead.
But I can attest the problem. I have seen this issue with the non-oss repomd.xml file at least
a couple times before.
Despite that I'm trying to remember if switching to download.opensuse.org/tumbleweed/repo/non-oss/ as the Non-OSS repo. I'm fairly sure I did that and the issue got solved, but I believe I only tested that once.
Let's see what other folks have to say about this.
Kind regards,
Luciano
Updated by bmwiedemann 9 months ago
- % Done changed from 0 to 30
One problem is that cdn.o.o already gets handed out randomly to some users of download.opensuse.org.
I fixed one issue with cache-invalidation for tumbleweed, so it might be fixed now. Let's see how it works out for the next TW releases.
Updated by smthsweet@protonmail.ch 9 months ago
my issue occured on the OSS CDN repo too. depends on the locale for english, going with 'english US' at the beginning of an installation for latest makes repo CDN (can for attest i586 image only) whereas going with 'english UK' set it to download.*
regards to all who read
Updated by bmwiedemann 9 months ago
- Status changed from New to In Progress
- % Done changed from 30 to 60
I found that the CDN purge does not work as expected and filed https://support.fastly.com/hc/en-us/requests/692665
I adjusted the CDN.o.o config to re-check repomd.xml more often, so we should see much less of these signature validation failures in future. Maybe we can revert that when the CDN-purge gets fixed.
Updated by luc14n0 9 months ago
bmwiedemann wrote in #note-4:
One problem is that cdn.o.o already gets handed out randomly to some users of download.opensuse.org.
I fixed one issue with cache-invalidation for tumbleweed, so it might be fixed now. Let's see how it works out for the next TW releases.
Probably it's not that randomly. If one didn't change the baseurl in their repos files, probably they have the openSUSE-repos-Tumbleweed package installed (https://code.opensuse.org/leap/features/issue/128).
Updated by luc14n0 9 months ago
smthsweet@protonmail.ch wrote in #note-5:
my issue occured on the OSS CDN repo too. depends on the locale for english, going with 'english US' at the beginning of an installation for latest makes repo CDN (can for attest i586 image only) whereas going with 'english UK' set it to download.*
regards to all who read
Hmm, this sounds like a bug.
Updated by luc14n0 8 months ago
- Status changed from In Progress to Resolved
I believe we can say this has been solved. Tumbleweed is picking up the pace again, and I haven't seen people complaining in the community support channels. Personally, I haven't seen this specific issue for a long time now.
So, I suppose we can close this one. What do you think Bernhard?
Updated by bmwiedemann 8 months ago
Yes, it is probably good for now. Though we might need to raise the TTL of repodata files again to get better cache-hit-rates and that could cause similar trouble if purging gets broken.
Updated by bmwiedemann 8 months ago
- % Done changed from 60 to 80
I tested the purge and it all works fine now.
repodata TTL is increased to 10000 seconds.