zhaofengli/attic

Error: Unauthorized: Unauthorized.

Opened this issue · 6 comments

This is my attic NixOS config:

port: { config, inputs, ... }:
let
  portStr = toString port;
in
{
  imports = [
    inputs.attic.nixosModules.atticd
  ];

  config = {
    services.atticd = {
      enable = true;

      credentialsFile = config.age.secrets.atticd.path;

      settings = {
        listen = "[::]:${portStr}";
        chunking = {
          # The minimum NAR size to trigger chunking
          #
          # If 0, chunking is disabled entirely for newly-uploaded NARs.
          # If 1, all NARs are chunked.
          nar-size-threshold = 64 * 1024; # 64 KiB

          # The preferred minimum size of a chunk, in bytes
          min-size = 16 * 1024; # 16 KiB

          # The preferred average size of a chunk, in bytes
          avg-size = 64 * 1024; # 64 KiB

          # The preferred maximum size of a chunk, in bytes
          max-size = 256 * 1024; # 256 KiB
        };
      };
    };
  };
}

It also seems to be healthy (output of sudo systemctl status atticd.service`):

● atticd.service
     Loaded: loaded (/etc/systemd/system/atticd.service; enabled; preset: enabled)
     Active: active (running) since Mon 2024-09-02 00:55:25 CEST; 9min ago
   Main PID: 1640779 (atticd)
         IP: 1.8K in, 1.1K out
         IO: 0B read, 32.0K written
      Tasks: 8 (limit: 38215)
     Memory: 2.9M (peak: 3.7M)
        CPU: 61ms
     CGroup: /system.slice/atticd.service
             └─1640779 /nix/store/k98rsc5md431frxfdnz98wb0cz983yz7-attic-server-0.1.0/bin/atticd -f /nix/store/mjaav1x8rpqqf4qy0mbbml7j7lk5qcp1-checked-attic-server.toml --mode monolithic
                                                                                                                                                                                             
Sep 02 00:55:25 nas systemd[1]: Started atticd.service.
Sep 02 00:55:25 nas atticd[1640779]: Attic Server 0.1.0 (release)
Sep 02 00:55:25 nas atticd[1640779]: Running migrations...
Sep 02 00:55:25 nas atticd[1640779]: Starting API server...
Sep 02 00:55:25 nas atticd[1640779]: Listening on [::]:49400...

I created then a token with the following command:

# somehow I'm getting a `cd permission denied` error if I'm in my home-directory, so I'm going to the `/tmp` directory
# where everyone can write to it
cd /tmp
sudo atticd-atticadm make-token --sub main --validity "99 years" --pull "main" --push "main">  ~/attic_token.txt

afterwards, on a client, I'm executing:

attic login --set-default nas http://nas:49400 <token>
attic cache create test

but attic cache create test gives me the following error message:

Error: Unauthorized: Unauthorized.

does anyone know why this happens?

That's because the create-cache permission is separate from the push and pull permissions. If you want to be able to create caches with that token, you'll need to give it that permission.

I created the token with

sudo atticd-atticadm make-token --sub "main" --validity "99 years" --pull "main" --push "main" --de
lete "main" --create-cache "main" --configure-cache "main" --configure-cache-retention "main" --destr
oy-cache "main" > ~/attic_token.txt

now, but I'm still getting the error message on one of my clients after executing:

attic login --set-default nas http://nas:49400 <token>
attic cache create main

Different approach

Somehow I'm getting a different error message, if I use a file for the token:
On my server, I'm executing:

cd /tmp
sudo atticd-atticadm make-token --sub "main" --validity "99 years" --pull "main" --push "main" --delete "main" --create-cache "main" --configure-cache "main" --configure-cache-retention "main" --destroy-cache "main" > attic_token.txt
# send the token to my pc (client)
rsync ./attic_token.txt pc:/home/tornax

then on my pc:

attic login --set-default nas http://nas:49400 $(cat attic_token.txt)
attic cache create main

    thread 'main' panicked at client/src/api/mod.rs:242:79:
    called `Result::unwrap()` on an `Err` value: InvalidHeaderValue
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

What does your ~/.config/attic/config.toml look like after all this? Remember to redact the actual endpoint and the tokens.

What does your ~/.config/attic/config.toml look like after all this? Remember to redact the actual endpoint and the tokens.

default-server = "nas"

[servers.nas]
endpoint = "http://nas:49400"
token = "<chars>\r"

That extra \r seems to be the issue. Could you try removing it?

The Attic client should just strip out trailing line endings when adding the token. Adding a todo for later.

That extra \r seems to be the issue. Could you try removing it?

The Attic client should just strip out trailing line endings when adding the token. Adding a todo for later.

Now I'm getting

thread 'main' panicked at client/src/api/mod.rs:242:79:
called `Result::unwrap()` on an `Err` value: InvalidHeaderValue
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace