= bug description =
I can no longer use fedpkg clone.
= bug analysis =
{{{ $ fedpkg clone -a gdb fedpkg clone -a gdb Cloning into 'gdb'... fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Could not execute clone: Command '['git', 'clone', 'git://pkgs.fedoraproject.org/gdb']' returned non-zero exit status 128 }}}
When I use this command from different IPv4 it works.
I run nightly regression testing builds for many variants of GDB, including Fedora releases. This means 4 now (sometimes 6 = Fedora releases x i686+x86_64) fedpkg clones per night (usually around 3AM GMT). If the blacklist reason was that 4-6 clones per night are too heavy server load I could optimize it to only 1 fedpkg clone per night.
According to my logs the blacklisting started 2013-03-29.
I am Red Hat employee jkratoch.
= fix recommendation =
Unblacklist me.
I've removed the denyhosts entry for your ip.
Number of clones should be fine, it adds for incorrect attempts. If someone else using that ip tried to login or you did with the incorrect key, etc, that would do it.
Thanks. This is my own static IPv4 so nobody else can use it. I am not aware I would have any failed authentications. Also during these nightly builds the scripts do anonymous clones anyway.
The blacklisting still remains now - maybe it needs some time to get active in production?
no, it should be immediate.
Are you trying anon or non anon clones?
Whats the error you are seeing with fedpkg -vvv ?
With {{{-vvv}}} there is just additionally {{{ Running git clone git://pkgs.fedoraproject.org/gdb directly on the tty }}}
strace of that git is: {{{ 18626 connect(3, {sa_family=AF_INET, sin_port=htons(9418), sin_addr=inet_addr("209.132.181.4")}, 16) = 0 18626 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 18626 dup(3) = 4 18626 write(4, "0035git-upload-pack /gdb\0host=pkgs.fedoraproject.org\0", 53) = 53 18626 read(3, "", 4) = 0 18626 write(2, "fatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", 126) = 126 }}}
Where the TCP EOF looks as something like {{{/etc/hosts.deny}}}.
After {{{route add pkgs.fedoraproject.org gw XXX}}} to mask myself under another IPv4 it works fine.
These were anonymous clones.
Non-anonymous work fine - they use {{{git clone ssh://jankratochvil@pkgs.fedoraproject.org/gdb}}}.
ok, those are done by xinetd.
So, if you are trying more than 3 clones at a time, it will block you for a time.
it looks like there were some stale connections left over from network issues last week, so perhaps it was seeing those as ones you were doing and rejecting you right off.
I have cleaned those up, can you retry now?
Yes, it works now, thanks.
My scripts should only do 2 clones at once (yes, it is inefficient...), next happen in at least 5 minutes.
yeah, it must have gotten stuck with network issues last week, so some 'phantom' ones were still running and causing it to think you had more than 3.
Login to comment on this ticket.