[aur-general] I want to update gtkhtml4 in AUR

Sun Jan 27 23:57:42 UTC 2019

On Mon, 2019-01-28 at 07:42 +0800, hagar wrote:
> On 27/1/19 11:27 pm, Eli Schwartz via aur-general wrote:
> > On 1/27/19 6:13 AM, Hagar wrote:
> > > On 27/1/19 7:01 pm, stefan-husmann at t-online.de wrote:
> > > > Hello,
> > > > 
> > > > Can someone please have a look on what happens on server side?
> > > > 
> > > > I want to update gtkhtml4 in AUR adding a long proposed (in the
> > > > comments) patch.
> > > > 
> > > > This fails with
> > > > 
> > > > fatal: unable to access '
> > > > https://aur.archlinux.org/gtkhtml4.git/': The
> > > > requested URL returned error: 403
> > > > 
> > > > I maybe do not see the obvious, but I can update my other
> > > > packages
> > > > without problems, but not thi one, which I newly adopted.
> > > > 
> > > > Best Regards
> > > > 
> > > > Stefan
> > > Its not well documented - but edit the .git/config file an change
> > > the
> > > url from https to ssh:
> > > 
> > > look at the aur page for the package for the exact url.
> > > 
> > > I hit this problem just last week.
> > It is pretty well documented.
> > 
> > - We repeatedly document the use of ssh cloning everywhere in the
> > wiki
> >    page describing the submission process, and make no mention of
> > using
> >    https://
> > 
> > - When logged into the AUR and viewing a package that you maintain,
> > it
> >    lists two clone urls: https:// and ssh:// -- and right after the
> >    https:// link it specifies in parentheses, "read-only". Read-
> > only
> >    means you cannot write to it.
> > 
> > - When viewing a package that you do not maintain or when not even
> >    logged into the AUR, only the https:// clone url is referenced,
> > and it
> >    still states "read-only".
> > 
> > - Other websites which support pushing over https:// will require
> > you to
> >    type in your username and password every time you do, which is
> >    unfriendly and I don't understand why anyone would ever want to
> > do so
> >    in the first place if they could just use ssh.
> > 
> True to an extent.
> 
> You never specifically say to use ssh to check out the package.
> 
> It seems to be just implied. Your examples use both https and ssh.
> 
> 
> The problem lies with the section - Acquire build files.
> 
> in this section you use http://...
> 
> 
> Then later on the instructions for publishing make there is no
> mention 
> of checking the .git.config to ensure that the correct url is in use.
> 
> That simple bit of information is missing.
> 
> Those of us who are unfamiliar with git need to know these simple
> things.
> 
> It would be nice if it was specifically mentioned in the instructions
> -eg.
> 
> 
> Please check the .git/.config file of your repository to ensure that 
> your url
> 
> is of the form ssh://... .If you get a 403 error you have the wrong
> url 
> configured.

A 403 does not mean you have an incorrect URL. A 403 means the server
understood the request and it exists, but you do not have permission to
use that resource. It is rather clear that the https URLs are read only
on the AUR and a 403 error is the correct error to state that you
cannot push over that protocol as you made a request that you do not
have permission to do.

The AUR section you're talking about that mentions acquiring build
files is just that, for building. Not pushing updates to the PKGBUILD.
It is understood that if you read the wiki and follow the directions on
how to publish changes to the AUR, you use the SSH protocol and if you
see a 403 error on HTTP if you make a mistake and use that, that you
will be capable to interpreting that as you made a mistake.

Just my $0.02.

Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190127/46292c7b/attachment.asc>