Error: Unauthorized: Unauthorized.
Opened this issue · 6 comments
This is my attic
NixOS config:
port: { config, inputs, ... }:
let
portStr = toString port;
in
{
imports = [
inputs.attic.nixosModules.atticd
];
config = {
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.atticd.path;
settings = {
listen = "[::]:${portStr}";
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
};
}
It also seems to be healthy (output of sudo systemctl status
atticd.service`):
● atticd.service
Loaded: loaded (/etc/systemd/system/atticd.service; enabled; preset: enabled)
Active: active (running) since Mon 2024-09-02 00:55:25 CEST; 9min ago
Main PID: 1640779 (atticd)
IP: 1.8K in, 1.1K out
IO: 0B read, 32.0K written
Tasks: 8 (limit: 38215)
Memory: 2.9M (peak: 3.7M)
CPU: 61ms
CGroup: /system.slice/atticd.service
└─1640779 /nix/store/k98rsc5md431frxfdnz98wb0cz983yz7-attic-server-0.1.0/bin/atticd -f /nix/store/mjaav1x8rpqqf4qy0mbbml7j7lk5qcp1-checked-attic-server.toml --mode monolithic
Sep 02 00:55:25 nas systemd[1]: Started atticd.service.
Sep 02 00:55:25 nas atticd[1640779]: Attic Server 0.1.0 (release)
Sep 02 00:55:25 nas atticd[1640779]: Running migrations...
Sep 02 00:55:25 nas atticd[1640779]: Starting API server...
Sep 02 00:55:25 nas atticd[1640779]: Listening on [::]:49400...
I created then a token with the following command:
# somehow I'm getting a `cd permission denied` error if I'm in my home-directory, so I'm going to the `/tmp` directory
# where everyone can write to it
cd /tmp
sudo atticd-atticadm make-token --sub main --validity "99 years" --pull "main" --push "main"> ~/attic_token.txt
afterwards, on a client, I'm executing:
attic login --set-default nas http://nas:49400 <token>
attic cache create test
but attic cache create test
gives me the following error message:
Error: Unauthorized: Unauthorized.
does anyone know why this happens?
That's because the create-cache
permission is separate from the push
and pull
permissions. If you want to be able to create caches with that token, you'll need to give it that permission.
I created the token with
sudo atticd-atticadm make-token --sub "main" --validity "99 years" --pull "main" --push "main" --de
lete "main" --create-cache "main" --configure-cache "main" --configure-cache-retention "main" --destr
oy-cache "main" > ~/attic_token.txt
now, but I'm still getting the error message on one of my clients after executing:
attic login --set-default nas http://nas:49400 <token>
attic cache create main
Different approach
Somehow I'm getting a different error message, if I use a file for the token:
On my server, I'm executing:
cd /tmp
sudo atticd-atticadm make-token --sub "main" --validity "99 years" --pull "main" --push "main" --delete "main" --create-cache "main" --configure-cache "main" --configure-cache-retention "main" --destroy-cache "main" > attic_token.txt
# send the token to my pc (client)
rsync ./attic_token.txt pc:/home/tornax
then on my pc:
attic login --set-default nas http://nas:49400 $(cat attic_token.txt)
attic cache create main
thread 'main' panicked at client/src/api/mod.rs:242:79:
called `Result::unwrap()` on an `Err` value: InvalidHeaderValue
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
What does your ~/.config/attic/config.toml
look like after all this? Remember to redact the actual endpoint and the tokens.
What does your
~/.config/attic/config.toml
look like after all this? Remember to redact the actual endpoint and the tokens.
default-server = "nas"
[servers.nas]
endpoint = "http://nas:49400"
token = "<chars>\r"
That extra \r
seems to be the issue. Could you try removing it?
The Attic client should just strip out trailing line endings when adding the token. Adding a todo for later.
That extra
\r
seems to be the issue. Could you try removing it?The Attic client should just strip out trailing line endings when adding the token. Adding a todo for later.
Now I'm getting
thread 'main' panicked at client/src/api/mod.rs:242:79:
called `Result::unwrap()` on an `Err` value: InvalidHeaderValue
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace