-
-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish API returns 202 Accepted
even though GPG Signing fails
#1268
Comments
this might be fixed with #1271 are you using async mode for the API calls (_async=true) ? could you check with latest ?
Where DIST needs to be changed to the distribution: buster / bullseye / bookworm (Debian) or focal / jammy (Ubuntu). |
Sorry for late reply. Just checked it, but doesn't seem to have fixed it. I'll dump some details below for context in hopes that it helps: Detailsaptly version
aptly publish
aptly logs
|
Could you try adding the Signing parameters (Batch, GpgKey and PassphraseFile) ?
|
What I meant with this issue is: the HTTP 202 Accepted is kinda misleading. Is it possible to return a different status code (e.g. 400 Bad Request) if the request is faulty? That way, one can work on the returned status code to determine whether the action was successful or not. As seen in issue #1266, it works with the signing options set just fine now. But the returned status code is kind of not helpful. I'd technically have to check the list of published repos to ensure whether it was successful or not. In the best case, it'd be great to be able to distinguish between various errors using the HTTP status codes (missing Signing options, bad/wrong passphrase, etc.), but just being able to distinguish between "successful" and "didn't work" would be a great improvement as well |
Thanks for the clarifications ! I tried to reproduce with latest CI build (from master):
while the aptly logs show:
it returns a 500 Internal Server Error, which is not a good choice, but I could not reproduce the 202 you are seeing. Could you maybe try again with latest aptly ? |
When calling the Publish API without the Signing Options even though aptly uses an encrypted GPG key, signing RELEASE file and publishing obviously fails, but the API returns
202 Accepted
Detailed Description
When using a GPG key that was generated with a passphrase, calling the Publish API without Signing Options unexpectedly return
202 Accepted
instead of 4xx:Meanwhile the logs on the server side look like this:
and a simple
GET
request to list published repos shows that the repo was not published.Context
When utilizing the REST API to build own applications around it, it's common to assume a 2xx response code usually means that the API call was fine. There is no clear error message visible to the caller. Instead, it's only visible within the server only. It's best practice to return a status code indicating an issue.
Possible Implementation
Modify returned HTTP status code to e.g.
400 Bad Request
Your Environment
Docker with Dockerfile (excerpt):
The text was updated successfully, but these errors were encountered: