Thank you for testing out @bcb! I just tried on another machine, and it works.
On my server somehow most of the tests fail, but makepkg --nocheck
works. I will compare the build logs then. You do not have to wait for me, thanks :J
Git Clone URL: | https://aur.archlinux.org/jupyterhub.git (read-only, click to copy) |
---|---|
Package Base: | jupyterhub |
Description: | Multi-user server for Jupyter notebooks |
Upstream URL: | https://jupyter.org/hub |
Licenses: | BSD-3-Clause |
Submitter: | xantares |
Maintainer: | bcb |
Last Packager: | bcb |
Votes: | 9 |
Popularity: | 0.000002 |
First Submitted: | 2015-03-12 14:00 (UTC) |
Last Updated: | 2024-04-14 11:23 (UTC) |
Thank you for testing out @bcb! I just tried on another machine, and it works.
On my server somehow most of the tests fail, but makepkg --nocheck
works. I will compare the build logs then. You do not have to wait for me, thanks :J
@leuko: The tests (including the one you mentioned) pass on two different machines for me, including in a clean chroot with just the package dependencies. It could be an interaction with another package you have installed I guess. Does jupyterhub run if you skip the checks (makepkg --nocheck
)? Can you you upload the full build log from one of these failures to a pastebin and post the link here?
And thanks for pointing out the pycurl optional dependency. I'll add it to the PKGBUILD -- I'll wait a little while before I upload a new PKGBUILD in case we can figure out something for the check failures in the same upload.
I get a lot of errors during check()
, e.g.,
jupyterhub/tests/test_proxy.py::test_add_get_delete[host.name/path/] ERROR
and many tornado.httpclient.HTTPClientError: HTTP 403
errors. Does someone else have this problem?
python-pycurl
seems to be an optional dependency
@lonaowna glad it wasn't too hard to solve. I've started a wiki page at https://wiki.archlinux.org/index.php/JupyterHub and have added some details about file permissions to the section on the PAM authenticator.
@bcb spot on! Turns out my /etc/shadow
had permissions 000
instead of 600
. No idea how that happened. After fixing that, jupyterhub works with just CAP_SETUID CAP_SETGID
. Thanks so much!
So its a file permissions problem. What are the file permissions on /etc/shadow
? It needs to be able to read that to check the password.
The PAM authenticator uses the pamela library to perform the authentication, and the library can be used from the command line. If you do sudo su -
to get a root shell, and then python -m pamela -a <regular username>
in that root shell, does the authentication succeed?
@bcb: I'm just using jupyterhub.service
as provided by you, so that runs as root. When logging in, I use my regular non-root user.
I've been trying some other capabilities, and CAP_DAC_OVERRIDE
seems to work. That seems to be a pretty broad capability though. I'm not sure if there is another, more specific one, that would also do the trick. Any suggestions?
@lonaowna: are you running the server as root or as a non-root user?
Removing the line removes all capability restrictions -- its not that CAP_SETUID and CAP_SETGID are wrong, but that there is at least one more capability needed in that line.
@bcb: thanks for taking over maintainership, and adding the service file!
Unfortunately, I can't use jupyterhub with your service file. This seems to be caused by the following line:
CapabilityBoundingSet=CAP_SETUID CAP_SETGID
With this line in the service file, I can't log in: it shows Invalid username or password
in the web interface and jupyterhub[5696]: [JupyterHub auth:1042] PAM Authentication failed: [PAM Error 6] Permission denied
in the journal.
If I remove the line, it works fine.
Pinned Comments
bcb commented on 2021-12-05 16:27 (UTC)
Note that version upgrades may require you to upgrade the database before the new version will start. Always check the documentation, in particular the changelog before upgrading.