Page 1 of 1

Apt problem - ssh access to repository hangs

Posted: Sat Nov 04, 2017 12:25 am
by bioe007
I'm trying to set up a private repository for packages. I don't want to host over http and was pleasantly surprised to find that apt supports ssh also.

The basics of the setup is a repository (using reprepro) on the host machine and connect over ssh from a Pi 3.

My attempts from a Pi seem to get stuck trying to fetch the repository information. `apt-get update` always gets stuck a few hundred bytes into downloading `InRelease` from the repository.

From another linux machine, a VM running Ubuntu 17.10, I am able to connect to the repository and install packages without problems.

Host setup -
- Ubuntu 16.04.1
- setup with reprepro under /home/updateuser/packages
- openssh, add client public ssh key to '/home/updateuser/.ssh/authorized_keys'
- create GPG key for repo signing and export public key
- add test package to repository

Code: Select all

reprepro -b . includedeb my-staging ~/foo_0.0.1_armhf.deb
Warning: strange section 'unknown'!
/home/updateuser/foo_0.0.1_armhf.deb: component guessed as 'main'
On the server side, reprepro seems happy enough:

Code: Select all

reprepro -b . list odc-staging
odc-staging|main|amd64: example-helloworld 1.0.0.0
odc-staging|main|armhf: foo 0.0.1
NOTE - I added the amd64 'example-helloworld' package to test LAN against my Ubuntu VM.


Pi/client setup
- pi 3, raspbian stretch
- root can ssh to Host without password
- added sources.list.d/my.list

Code: Select all

deb ssh://packages.host.com/home/updateuser/packages my-staging main
- add Host repo public key

Code: Select all

apt-get add-key mypublic.key
OK
What happens on the piStatus -

Code: Select all

apt-get update
Get:1 ssh://packages.host.com/home/updateuser/packages odc-staging InRelease [5,319 B]
Get:2 http://mirrordirector.raspbian.org/raspbian stretch InRelease [15.0 kB]
Get:3 http://mirrordirector.raspbian.org/raspbian stretch/main armhf Packages [11.7 MB]
Get:4 http://archive.raspberrypi.org/debian stretch InRelease [25.3 kB]
Get:5 http://archive.raspberrypi.org/debian stretch/main armhf Packages [123 kB]
Get:6 http://archive.raspberrypi.org/debian stretch/ui armhf Packages [27.0 kB]
0% [1 InRelease 3,271 B/5,319 B 61%]
<bunch of 'Ign' becuase of missing translation stuff>
Err:12 ssh://packages.host.com/home/updateuser/packages odc-staging/main armhf Packages
  Data socket timed out
Ign:13 ssh://packages.host.com/home/updateuser/packages odc-staging/main Translation-en_GB
Fetched 12.0 MB in 10min 2s (19.9 kB/s)
Reading package lists... Done
W: The repository 'ssh://packages.host.com/home/updateuser/packages odc-staging Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch ssh://packages.host.com/home/updateuser/packages/dists/odc-staging/main/binary-armhf/Packages  Data socket timed out
E: Some index files failed to download. They have been ignored, or old ones used instead.
...and that's about where I'm stuck, apt will keep trying to pull the InRelease, Release files etc. but none will download.

as root, I am able to `scp` the files from the `packages.host` with no problem:

Code: Select all

scp packages.host.com:/home/updateuser/packages/dists/my-staging/InRelease .
this 'just works' and the InRelease file seems legit enough (not that I am always looking into these things)

I'm not seeing any errors other than the failed downloads of metadata files from the repository.

Pretty much stumped now.. I'm wondering is there something kooky about trying to host Raspbian packages on an Ubuntu server??

Re: Apt problem - ssh access to repository hangs

Posted: Sat Nov 04, 2017 1:55 am
by bioe007
Now I've compared the InRelease files (found in 'var/lib/apt/lists' ) from two repositories: official raspbian and my own/

My repositories InRelease file ends up in the 'partial' directory with suffixed of 'FAILED'

What I notice is the InRelease file is missing the beginning!

It looks something like this:

Code: Select all

c0fd9d8 137 main/source/Release
 da39a3ee5e6b4b0d3255bfef95601890afd80709 0 non-free/binary-amd64/Packages
 46c6643f07aa7f6bfe7118de926b86defc5087c4 20 non-free/binary-amd64/Packages.gz
 e591dc6c04ffa0eec39359cde2bb567740a5bf5e 140 non-free/binary-amd64/Release
 da39a3ee5e6b4b0d3255bfef95601890afd80709 0 non-free/binary-armhf/Packages
 46c6643f07aa7f6bfe7118de926b86defc5087c4 20 non-free/binary-armhf/Packages.gz
 20ee0351878fc6b6c0ead51121cc0db4c32cacca 140 non-free/binary-armhf/Release
 da39a3ee5e6b4b0d3255bfef95601890afd80709 0 non-free/source/Sources
 46c6643f07aa7f6bfe7118de926b86defc5087c4 20 non-free/source/Sources.gz
 a555b905adef649ee3d76bee0fefa31b79bd3466 141 non-free/source/Release

no first line of:
"-----BEGIN PGP SIGNED MESSAGE-----"

anyone ever seen this before?

I double checked and my VM with Ubuntu is getting the InRelease (and others) files just fine...

Re: Apt problem - ssh access to repository hangs

Posted: Mon Feb 05, 2018 3:30 pm
by bbinet
Hi,

I have the exact same issue on raspbian jessie.
Apt-get update hangs in the same way when trying to reach my own apt repo over ssh.
I have no clue though...
Have you been able to fix this issue on your side?

Thanks.
Bruno