Bug 7676 - mkupdates produces different files with the same filenames causing issues with caching proxies
Summary: mkupdates produces different files with the same filenames causing issues wit...
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Website/Infrastructure (show other bugs)
Version: unspecified
Hardware: All All
: P2 major
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-05 09:20 UTC by Simon Arlott
Modified: 2019-01-05 09:20 UTC (History)
0 users



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Arlott 2019-01-05 09:20:08 UTC
https://wiki.apache.org/spamassassin/InfraNotes2017 documents when mkupdates is run:

At 02:25 it "creates ${REVISION}.tar.gz ${REVISION}.tar.gz.sha1 and ${REVISION}.tar.gz.asc in /var/www/automc.spamassassin.org/updates for mirrors to pull"
At 08:30 it "creates ${REVISION}.tar.gz ${REVISION}.tar.gz.sha1 and ${REVISION}.tar.gz.asc in /var/www/automc.spamassassin.org/updates for mirrors to pull"

Several mirrors are not serving content directly, they're behind Cloudflare's caching proxy.

User A downloads "${REVISION}.tar.gz" and "${REVISION}.tar.gz.sha1" at 03:00. They have GPG checking disabled, probably because of this issue.
They get the content of the 02:25 files and everything works.

User B downloads "${REVISION}.tar.gz", "${REVISION}.tar.gz.sha1" and "${REVISION}.tar.gz.asc" at 09:00.
Cloudflare has cached "${REVISION}.tar.gz" and "${REVISION}.tar.gz.sha1". They get the content of 02:25 files.
No one has requested "${REVISION}.tar.gz.asc" so Cloudflare does not have it cashed. They get the content of the 08:30 files.

The content is different between the two runs of mkupdates but has the same filenames because the revision hasn't changed. I don't know why that is necessary or desirable but it does not interact well with caching proxies.

The workaround is to block access to Cloudflare, but then bug 7662 happens.