https://github.com/osquery/osquery logo
Join Slack
Powered by
Sorry if this is the wrong channel… can’t find a m...
# general
m
Sorry if this is the wrong channel… can’t find a more specific one that looks appropriate. Is it just me, or is the Yum repo for osquery broken? Following the instructions on the website from a fresh VM, I get the snippet that I’m including in the thread:
Copy code
$ curl -L <https://pkg.osquery.io/rpm/GPG> | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
...snip...
$ sudo yum-config-manager --add-repo <https://pkg.osquery.io/rpm/osquery-s3-rpm.repo>
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
adding repo from: <https://pkg.osquery.io/rpm/osquery-s3-rpm.repo>
grabbing file <https://pkg.osquery.io/rpm/osquery-s3-rpm.repo> to /etc/yum.repos.d/osquery-s3-rpm.repo
repo saved to /etc/yum.repos.d/osquery-s3-rpm.repo
$ sudo yum-config-manager --enable osquery-s3-rpm
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
$ sudo yum install osquery
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
<https://s3.amazonaws.com/osquery-packages/rpm/x86_64/repodata/repomd.xml>: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
...snip...
failure: repodata/repomd.xml from osquery-s3-rpm-repo: [Errno 256] No more mirrors to try.
<https://s3.amazonaws.com/osquery-packages/rpm/x86_64/repodata/repomd.xml>: [Errno 14] HTTPS Error 403 - Forbidden
t
Ah, let me fix this
It looks like I messed up permission on bucket objects. It will take me a few hours to fix since I have a few things to do before I can jump onto a laptop this morning.
I just corrected the permissions, can you try again?
r
I am following this issue regarding rpm packages: https://github.com/osquery/osquery/issues/6653 We are seeing this yum error:
Copy code
"Error: requested datatype primary not available"
Full log output:
Copy code
---- Begin output of yum -q -y makecache --disablerepo=* --enablerepo=osquery ----
       STDOUT: 
       STDERR: Error: requested datatype primary not available
       ---- End output of yum -q -y makecache --disablerepo=* --enablerepo=osquery ----
       Ran yum -q -y makecache --disablerepo=* --enablerepo=osquery returned 1
a little bit more information on the error:
Copy code
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>PermanentRedirect</Code><Message>The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.</Message><Endpoint><http://osquery-packages.s3.amazonaws.com|osquery-packages.s3.amazonaws.com></Endpoint><Bucket>osquery-packages</Bucket><RequestId>8280D830C4E0E8E6</RequestId><HostId>JRa9l1M9/PlK//UZNt1Zq+Mnw2X63P+pNYEbaPH9QJQeAdlZr7uzXLXP7QfcDYnGJAgV9z7AdKQ=</HostId></Error>
Our yum config:
Copy code
[osquery]
name=Yum Repository
baseurl=<https://s3.amazonaws.com/osquery-packages/rpm/$basearch/>
enabled=1
fastestmirror_enabled=0
gpgcheck=1
gpgkey=<https://pkg.osquery.io/rpm/GPG>
Found that 
<https://osquery-packages.s3.amazonaws.com/rpm/$basearch/>
works! https://stackoverflow.com/a/39889337 Looks like this will need to be updated: https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
t
I will move the bucket back to us-east-1 in a few hours. I moved it to another account that has all infra on east-2.
But I’ll see if I can update that repo file
If I update that repo file then it fixes it for new installs right? But not for those with the yum repo already added.
r
I believe so, it appears the migration worked and is working now
t
Yeap, I think the correct thing to do was to move the bucket back to us-east-1.
m
My teammate is having the following problem now:
Copy code
+ sh -c apt-get update -qq >/dev/null
E: Failed to fetch <https://osquery-packages.s3.amazonaws.com/deb/dists/deb/InRelease>  301  Moved Permanently [IP: 52.219.100.196 443]
E: The repository '<https://osquery-packages.s3.amazonaws.com/deb> deb InRelease' is no longer signed.
(Obviously for a debian-based install on the most recent one)
t
I think this is an AWS/CloudFront caching bug. Let me know if it still occurs after a few retries.
2 Views
Open in Slack
PreviousNext
Powered by