Apt-cacher-ng and fedora: "Cannot prepare internal mirrorlist: Status code: 403"

parulin · December 15, 2023, 10:30pm

I’ve read a lot of topics about apt-cacher-ng and fedora and I still don’t understand why I can’t get it to work. So, this is my setup:

I followed the notes of unman, setting up a template for a test-cacher VM, editing qrexec policy, I’ve got a fedora-38-test-cached-3 and a debian-11-test-cached-3 VM (yes, I made several attempts). I’ve changed https:// into http://HTTPS/// in the debian template and I can update it and see it in the test-cacher logs.

With fedora, I used this command:

sudo sed -i "s^metalink=https://\(\S\+\)$basearch^metalink=http://HTTPS///\1$basearch\&protocol=http^" /etc/yum.repos.d/*.repo
sudo sed -i "s^https://^http://HTTPS///^" /etc/yum.repos.d/qubes-r4.repo

I copied the fedora_mirrors in test_cacher

Then, upgrading, I got this:

Error: Failed to download metadata for repo ‘fedora’: Cannot prepare internal mirrorlist: Status code: 403 for http://HTTPS///mirrors.fedoraproject.org/metalink?repo=fedora-38&arch=x86_64&protocol=http (IP: 127.0.0.1)

This is what I tried:

In fedora-38-cached-test-3:

sudo dnf upgrade --refresh

In test-cacher:

sudo rm -r /var/cache/apt-cacher-ng/fedora

Same error after adding some lines to acng.conf in test-cacher:

VfilePatternEx: .*fedora.*updateinfo.*xml.zck$
DontCache: .*fedora.*updates.*updateinfo.xml.zck

Copying the acng.conf from shaker don’t change the problem…

So, I think there is something I don’t understand but what?

unman · December 16, 2023, 5:01am

Status code 403 is a Forbidden error.
You will often see this with fedora mirrors accessed via Tor.
I also see it when using apt-cacher-ng via clearnet.

Since it is an error at the server side, there’s little you can do.
Sometimes a little patience is all you need.

Working with Fedora can be frustrating at times, but generally it will
work. Sometimes it’s necessary to clear the cacher before trying another
update.

parulin · December 16, 2023, 8:04am

Ok, thank you for clarifying the message. The thing is: I got this error while trying apt-cacher-ng during my other attempts so I wasn’t sure if there was a problem from my side or no.

I will consider changing some of my templates to debian because I really need to use apt-cache-ng.

unman · December 18, 2023, 3:30am

As an example, last night I could not update Fedora-38 based templates.
This morning, they updated using apt-cacher-ng.
In one case I had to intervene and manually run sudo dnf clean all
before updating. Then all was well.

I believe that a significant cause of these issues is the Fedora mirror
system, particularly for updates repositories.
With some patience (and cleaning), apt-cacher-ng works fine with Fedora
templates.

parulin · December 18, 2023, 7:44pm

Yeah but I couldn’t get it to work even once. I suspect that my most of the time poor connection is resulting in this 403 error.

By cleaning, you mean something more than this?

removing everything related to fedora in /var/cache/apt-cacher-ng in the cacher VM
running dnf clean all and removing everything in in /var/cache/dnf in the fedora template to update