Thank you for testing out @bcb! I just tried on another machine, and it works.
On my server somehow most of the tests fail, but makepkg --nocheck works. I will compare the build logs then. You do not have to wait for me, thanks :J
Search Criteria
Package Details: jupyterhub 4.1.5-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/jupyterhub.git (read-only, click to copy) |
|---|---|
| Package Base: | jupyterhub |
| Description: | Multi-user server for Jupyter notebooks |
| Upstream URL: | https://jupyter.org/hub |
| Licenses: | BSD-3-Clause |
| Submitter: | xantares |
| Maintainer: | bcb |
| Last Packager: | bcb |
| Votes: | 9 |
| Popularity: | 0.000002 |
| First Submitted: | 2015-03-12 14:00 (UTC) |
| Last Updated: | 2024-04-14 11:23 (UTC) |
Dependencies (33)
- ipython (ipython-gitAUR)
- nodejs-configurable-http-proxyAUR
- python-alembic
- python-async_generatorAUR
- python-certipyAUR
- python-entrypoints
- python-jinja
- python-jsonschema
- python-jupyter_telemetryAUR
- python-oauthlib
- python-packaging
- python-pamelaAUR
- python-prometheus_client
- python-requests
- python-sqlalchemy (python-sqlalchemy-gitAUR, python-sqlalchemy1.3AUR)
- python-tornado
- python-traitlets
- npm (corepackerAUR) (make)
- python-build (make)
- python-installer (python-installer-gitAUR) (make)
- Show 13 more dependencies...
Required by (6)
Sources (3)
leuko commented on 2021-05-02 19:21 (UTC)
bcb commented on 2021-05-02 09:46 (UTC)
@leuko: The tests (including the one you mentioned) pass on two different machines for me, including in a clean chroot with just the package dependencies. It could be an interaction with another package you have installed I guess. Does jupyterhub run if you skip the checks (makepkg --nocheck)? Can you you upload the full build log from one of these failures to a pastebin and post the link here?
And thanks for pointing out the pycurl optional dependency. I'll add it to the PKGBUILD -- I'll wait a little while before I upload a new PKGBUILD in case we can figure out something for the check failures in the same upload.
leuko commented on 2021-04-28 05:24 (UTC)
I get a lot of errors during check(), e.g.,
jupyterhub/tests/test_proxy.py::test_add_get_delete[host.name/path/] ERROR
and many tornado.httpclient.HTTPClientError: HTTP 403 errors. Does someone else have this problem?
leuko commented on 2021-04-28 05:20 (UTC)
python-pycurl seems to be an optional dependency
bcb commented on 2021-04-26 17:35 (UTC)
@lonaowna glad it wasn't too hard to solve. I've started a wiki page at https://wiki.archlinux.org/index.php/JupyterHub and have added some details about file permissions to the section on the PAM authenticator.
lonaowna commented on 2021-04-26 16:15 (UTC)
@bcb spot on! Turns out my /etc/shadow had permissions 000 instead of 600. No idea how that happened. After fixing that, jupyterhub works with just CAP_SETUID CAP_SETGID. Thanks so much!
bcb commented on 2021-04-26 07:01 (UTC)
So its a file permissions problem. What are the file permissions on /etc/shadow? It needs to be able to read that to check the password.
The PAM authenticator uses the pamela library to perform the authentication, and the library can be used from the command line. If you do sudo su - to get a root shell, and then python -m pamela -a <regular username> in that root shell, does the authentication succeed?
lonaowna commented on 2021-04-25 20:59 (UTC)
@bcb: I'm just using jupyterhub.service as provided by you, so that runs as root. When logging in, I use my regular non-root user.
I've been trying some other capabilities, and CAP_DAC_OVERRIDE seems to work. That seems to be a pretty broad capability though. I'm not sure if there is another, more specific one, that would also do the trick. Any suggestions?
bcb commented on 2021-04-25 19:57 (UTC)
@lonaowna: are you running the server as root or as a non-root user?
Removing the line removes all capability restrictions -- its not that CAP_SETUID and CAP_SETGID are wrong, but that there is at least one more capability needed in that line.
lonaowna commented on 2021-04-25 19:37 (UTC)
@bcb: thanks for taking over maintainership, and adding the service file!
Unfortunately, I can't use jupyterhub with your service file. This seems to be caused by the following line:
CapabilityBoundingSet=CAP_SETUID CAP_SETGID
With this line in the service file, I can't log in: it shows Invalid username or password in the web interface and jupyterhub[5696]: [JupyterHub auth:1042] PAM Authentication failed: [PAM Error 6] Permission denied in the journal.
If I remove the line, it works fine.
Pinned Comments
bcb commented on 2021-12-05 16:27 (UTC)
Note that version upgrades may require you to upgrade the database before the new version will start. Always check the documentation, in particular the changelog before upgrading.