Cloudsmith repository gives an HTTP 402 status

[ask-compu]

apparently 402 means payment required?

[MarkyMarkDE]

exact the same here ($sudo apt-get update and the Ubuntu Software-Center tells the same), the source is no more signed (sends 402 "Payment Required") and was being automated disabled by my system.
But when i go to Updates / Other Software, i can't find this source (PPA) - really funny.

Is there maybe another PPA for Ubuntu 22.04.2 LTS now?

Sorry, german only:

[Marcos-Gallardo]

Same here, fresh Ubuntu 22.04.2 install...

[ElScotto]

Same for the YUM/DNF (aka "rpm") instances.
It's definitely affecting the entire suite of "etcher" repositories hosted by Cloudsmith.

For people using yum/dnf, add "skip_if_unavailable=True" to each stanza in the "/etc/yum.repos.d/balena-etcher.repo" file. This will at least allow yum/dnf checks and updates to operate whilst the balena-etcher repository is out of commission. I've attached my amended repo configuration file here for reference.
A manual attempt to wget the setup file mentioned in the install notes returns (as others have found) "402 - Payment Required"

$ wget https://dl.cloudsmith.io/public/balena/etcher/setup.rpm.sh
--2023-03-20 09:12:25--  https://dl.cloudsmith.io/public/balena/etcher/setup.rpm.sh
Resolving dl.cloudsmith.io (dl.cloudsmith.io)... 18.67.111.69, 18.67.111.67, 18.67.111.84, ...
Connecting to dl.cloudsmith.io (dl.cloudsmith.io)|18.67.111.69|:443... connected.
HTTP request sent, awaiting response... 402 Payment Required
2023-03-20 09:12:26 ERROR 402: Payment Required.

balena-etcher.repo.txt
balena-etcher.update.fail.txt

[shreefgit]

E: Failed to fetch https://dl.cloudsmith.io/public/balena/etcher/deb/ubuntu/dists/kinetic/InRelease 402 Payment Required [IP: 18.67.111.84 443]
E: The repository 'https://dl.cloudsmith.io/public/balena/etcher/deb/ubuntu kinetic InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

[Thouareg]

E: Failed to fetch https://dl.cloudsmith.io/public/balena/etcher/deb/ubuntu/dists/kinetic/InRelease 402 Payment Required [IP: 18.67.111.84 443] E: The repository 'https://dl.cloudsmith.io/public/balena/etcher/deb/ubuntu kinetic InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Same here too, but for debian repo

[tomstoneham]

Related from last year: #3672

Might be worth moving to an alternative host for deb repos.

[jdrch]

E: Failed to fetch https://dl.cloudsmith.io/public/balena/etcher/deb/ubuntu/dists/kinetic/InRelease 402 Payment Required [IP: 18.67.111.84 443] E: The repository 'https://dl.cloudsmith.io/public/balena/etcher/deb/ubuntu kinetic InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Same here too, but for debian repo

Same here on Debian Bullseye

[jdrch]

Related from last year: #3672

Might be worth moving to an alternative host for deb repos.

I'd agree, except that this is unfortunately PFTC for many packages sourced from 3rd party repos. At least once per year someone forgets to update or renew something and the repo breaks 🤦‍♂️

sn: good find on that issue; I don't even remember posting it 😂

EDIT: Can anyone with a forum account post about the issue there too? https://forums.balena.io/c/etcher/32

[drbornot]

Same here:

E: Failed to fetch https://dl.cloudsmith.io/public/balena/etcher/deb/pop/dists/jammy/InRelease  402  Payment Required [IP: 143.204.89.12 443]
E: The repository 'https://dl.cloudsmith.io/public/balena/etcher/deb/pop jammy InRelease' is no longer signed.

[TomerSchDev]

Also here:
Failed to fetch https://dl.cloudsmith.io/public/balena/etcher/deb/linuxmint/dists/vanessa/InRelease 402 Payment Required [IP: 13.226.2.75 443]The repository 'https://dl.cloudsmith.io/public/balena/etcher/deb/linuxmint vanessa InRelease' is no longer signed.

[liam-clink]

When I do the curl download of the setup script with verbose output it says this: "x-detail: Access to the repository has been restricted."

[jdrch]

When I do the curl download of the setup script with verbose output it says this: "x-detail: Access to the repository has been restricted."

So even initial setup is failing. Yikes.

[ToasterUwU]

Same Here. Why use Cloudsmith anyways? Saw some old issues with the same error info and it seems like cloudsmith requires payment based on amount of downloads.

Why not make a launchpad PPA which doesnt have this issue?

[jdrch]

Why not make a launchpad PPA which doesnt have this issue?

FWIW I've seen PPAs break too. Typically because someone forgot to renew the cert and so the PPA became unsigned. Different failure mode, same end user UX.

[TomerSchDev]

Why not make a launchpad PPA which doesnt have this issue?

FWIW I've seen PPAs break too. Typically because someone forgot to renew the cert and so the PPA became unsigned. Different failure mode, same end user UX.

Is there something that can bw donw to prevent this? I can see it's not the firat time that this is happning and probbley not the last

[jdrch]

Why not make a launchpad PPA which doesnt have this issue?

FWIW I've seen PPAs break too. Typically because someone forgot to renew the cert and so the PPA became unsigned. Different failure mode, same end user UX.

Is there something that can bw donw to prevent this? I can see it's not the firat time that this is happning and probbley not the last

It's generally up to package dev and/or maintainer orgs to manage their corresponding repos.

[ToasterUwU]

FWIW I've seen PPAs break too. Typically because someone forgot to renew the cert and so the PPA became unsigned. Different failure mode, same end user UX.

Yes, but these are all issues that can be prevented with some maintance effort. The repo breaking down because the max download per month limit was reached is neither something that is easily predictable, and also not easily fixable.
If a video goes viral that brings lots of people to download Etcher, it could be easily broken for the rest of the month, unless they pay extra, in which case it takes money and time until the repo works again.
If they would use a Launchpad PPA, they have no issue like this. They can make a little list of things to make sure and if they do it right, they wont run risk of outages for more than a few minutes here and there. With cloudsmith it can break for days and up to almost an entire month.

No solution is perfect, but this current solution is definetly not the best one by far.

[jdrch]

@ToasterUwU Can PPAs be used to host .rpm packages too? Stupid question, but I'm not sure I've seen that before. I believe I have Etcher on my openSUSE installation; wouldn't want to see that disappear.

While we're on the topic, openSUSE's Open Build Service hosts 3rd party packages for multiple distros and distro types. Could be another option.

[ToasterUwU]

@ToasterUwU Can PPAs be used to host .rpm packages too? Stupid question, but I'm not sure I've seen that before. I believe I have Etcher on my openSUSE installation; wouldn't want to see that disappear.

While we're on the topic, openSUSE's Open Build Service 3rd party packages for multiple distros and distro types. Could be another option.

@jdrch fair point. I also have never seen this being used for FeDora based systems. So it's possible this doesn't work. But for those systems there is most certainly something like launchpad.
I mean you can host a repo yourself very easily if you want to as well. With that you don't have to pay per download either, just need a server to run this on, and I'm sure Belena has more than one server which could do this.

[jdrch]

But for those systems there is most certainly something like launchpad.

Maintaining separate repos would increase dev overhead and therefore the likelihood of other more serious errors/outages. Ditto running your own repo server. From my observation, it seems repos generally need someone whose only job is to look after them or bad things happen. I doubt the team has the manpower for that. The repos of larger, for profit orgs like TeamViewer and Microsoft have similar incidents at least once per year, too (I know due to using them).

🤞🤞 this gets fixed soon.

[ElScotto]

It seems to be a regular problem as previously mentioned by @ToasterUwU.
I imagine that if Balena are going to stay with Cloudsmith, they will need to upgrade their plan once more, as they did in Jan 2022 (cf "https://forums.balena.io/t/balenaetcher-deb-repo-requires-payment/350765" and "https://forums.balena.io/t/i-have-a-problem-when-apply-apt-get-update/350767/1")

[jdrch]

Given the lack of dev team attention to this issue, I've reported it on the official forums in the same thread as last year's incident to emphasize that this is a recurring issue. If anyone else wants to chime in to help it get more traction, I'm sure we'd all appreciate it.

[bstivers]

I understand this isn't a dev team issue, but I'm going to mini rant here anyway,

Why would anyone pay for Etcher Pro, when they can't even get the free version? Not a good first impression. I've literally installed thousands of different Linux programs a whole lot more popular (and a whole lot less), and I've absolutely never had this issue with a single piece of software. Yet this is a recurring problem? Aren't software developers, business owners, etc., supposed to learn from their previous mistakes?

Is this their own way of limiting how much profit they make on Etcher Pro?

What's the Pro account money going towards if they can't even keep a simple repo up and working? How much are they paying Cloudsmith now? 26GB/mo is literally less than $100/month. I bet I can host it on my Oracle Cloud account for a heckuva lot cheaper....

Also, 250GB/mo is $700. Are they really going over that? Doubtful. That's literally only 2.5 Pilot Belena subscriptions. Half of the cost of a single Production subscription. You're telling me they don't have 1 single Production subscription or over 2 Pilots? C'mon now. I understand developing software isn't easy. But paying bills when you have a paid platform is.

[aethernet]

Hello

We're actively looking at a solution.

If you must know, the threshold is 2TB and has been hit a couple days before renewal.

We're looking at ways to increase this limit, which is not as simple as it sounds.

If you have any recommendation for a hosting provided for open source software without such limitation, please share.

Worse case scenario it would be reset by same time tomorrow.

[MarkyMarkDE]

Hello

We're actively looking at a solution.

If you must know, the threshold is 2TB and has been hit a couple days before renewal.

We're looking at ways to increase this limit, which is not as simple as it sounds.

If you have any recommendation for a hosting provided for open source software without such limitation, please share.

Worse case scenario it would be reset by same time tomorrow.

@aethernet is it not possible to host on launchpad?
Please feel free to read this: https://help.launchpad.net/legal
I'm not sure, if Balena can fulfill this rules, but if then it is free of charge
But I think this is the most common way for Linux

[ElScotto]

Hello
We're actively looking at a solution.
If you must know, the threshold is 2TB and has been hit a couple days before renewal.
We're looking at ways to increase this limit, which is not as simple as it sounds.
If you have any recommendation for a hosting provided for open source software without such limitation, please share.
Worse case scenario it would be reset by same time tomorrow.

@aethernet is it not possible to host on launchpad? Please feel free to read this: https://help.launchpad.net/legal I'm not sure, if Balena can fulfill this rules, but if then it is free of charge But I think this is the most common way for Linux

FYI @MarkyMarkDE , the actual URL for Launchpad's "Legal" page is https://help.launchpad.net/Legal; the site's URLs are case-sensitive.

So, Launchpad definitely supports PPAs for Ubuntu-based distros, but there are wider use-cases than just Ubuntu and its derivatives.
I can't find anything specific about it, so I'm throwing it out here; "Can RPM repositories be served from Launchpad too?"
Given that Launchpad seems closely allied with Canonical & Ubuntu, my gut feeling is "no". So, if that's the case, what other options are available for RPM & PPA repositories that are cost-effective for projects like Balena-etcher?

[MarkyMarkDE]

Hello
We're actively looking at a solution.
If you must know, the threshold is 2TB and has been hit a couple days before renewal.
We're looking at ways to increase this limit, which is not as simple as it sounds.
If you have any recommendation for a hosting provided for open source software without such limitation, please share.
Worse case scenario it would be reset by same time tomorrow.

@aethernet is it not possible to host on launchpad? Please feel free to read this: https://help.launchpad.net/legal I'm not sure, if Balena can fulfill this rules, but if then it is free of charge But I think this is the most common way for Linux

FYI @MarkyMarkDE , the actual URL for Launchpad's "Legal" page is https://help.launchpad.net/Legal; the site's URLs are case-sensitive.

So, Launchpad definitely supports PPAs for Ubuntu-based distros, but there are wider use-cases than just Ubuntu and its derivatives. I can't find anything specific about it, so I'm throwing it out here; "Can RPM repositories be served from Launchpad too?" Given that Launchpad seems closely allied with Canonical & Ubuntu, my gut feeling is "no". So, if that's the case, what other options are available for RPM & PPA repositories that are cost-effective for projects like Balena-etcher?

@ElScotto sorry, i have hovered the URL in the Footer on the main page and here is "legal" (lower case written) ...
Isn't it possible here on Git?

[ElScotto]

@ElScotto sorry, i have hovered the URL in the Footer on the main page and here is "legal" (lower case written) ... Isn't it possible here on Git?

If you go to the "legal" link rather than the "Legal" link, Launchpad brings up this text:
This page does not exist yet. You can create a new empty page, or use one of the page templates.
I've also captured the page and pasted it here...
Anyway, this bit's getting off-topic, so we should get back to the main issue; Cloudsmith vs Launchpad vs ??? for hosting open-source project package repositories.

[jdrch]

So it looks like we've gotten to the point where this product is available to download only part of the month and the repo breaks system updates during that time it's unavailable, as if the former situation wasn't bad enough. What a sad state of affairs.

[lskillen]

So it looks like we've gotten to the point where this product is available to download only part of the month and the repo breaks system updates during that time it's unavailable, as if the former situation wasn't bad enough. What a sad state of affairs.

To be clear, Cloudsmith bumped the allocation up to a further higher level (15x the standard amount, up from 10x), while Balena decided on what to do. Cloudsmith also implemented the changes previously discussed such that:

1. Installing the repository itself will allow config and GPG key fetches even if bandwidth has run out
2. skip_if_unavailable=true is now present in new pulls of config so it doesn't break system updates.

However, I believe they have now made the decision to discontinue the use of the apt/rpm repositories (with Cloudsmith, at least, they may have an alternative), so things are out of our hands now. Obviously, this is a tough situation, because bandwidth usage is out of their control, and there's pressure on both sides to pay bills.

So, I just wanted to thank Balena and their team for their patronage, and for everyone here who used Cloudsmith or repositories hosted there for the past few years. I'm sorry that we couldn't fully work it out in this case. I'm still a fan of the Balena products, personally. :) All the best to all of you folks!

[aethernet]

Hello,

We're moving out of Cloudsmith as continuing to host the package there would be too costly for us.

We're very thankful for the service and help CloudSmith provided, and would recommend their product for smaller open source app and private packages anytime!

At the moment we don't have the bandwidth (pun intended) to set up an alternative repository but might be moving to self hosted (probably CloudFlare R2 + workers) in the upcoming weeks.

So sorry for the inconvenience and thanks you for your patience.

[galagithub]

just opened #4057 for the same thing !

[jdrch]

Does anyone know (or can you link to) how to set up skip_if_unavailable or its equivalent for zypper & apt?

At the moment we don't have the bandwidth (pun intended) to set up an alternative repository but might be moving to self hosted (probably CloudFlare R2 + workers) in the upcoming weeks.

@aethernet Thanks for the info! What's your recommended course of action for those of us who currently have the Cloudsmith repo installed and for whom many jobs are broken due to that? Should we remove the repo, config our package manager to skip it, purge the package entirely, or something else?

[ElScotto]

Does anyone know (or can you link to) how to set up skip_if_unavailable or its equivalent for zypper & apt?

At the moment we don't have the bandwidth (pun intended) to set up an alternative repository but might be moving to self hosted (probably CloudFlare R2 + workers) in the upcoming weeks.

@aethernet Thanks for the info! What's your recommended course of action for those of us who currently have the Cloudsmith repo installed and for whom many jobs are broken due to that? Should we remove the repo, config our package manager to skip it, purge the package entirely, or something else?

@jdrch, I don't think zypper or apt (currently) support anything like the "skip_if_unavailable=True" option for dnf & yum.
A quick search shows that this is a feature requested for zypper (openSUSE/libzypp/issue/369), although this other link indicates that zypper-1.8.13 does allow one to permanently disable an unreachable repository after using the ignore option.
Further searches indicate that the only option for apt is to manually remove the PPA; there appears to be no option to temporarily bypass an unavailable repository/PPA.
Please note, I do not run Debian/Ubuntu derivatives nor do I run any form of SUSE Linux, so my comments are based purely on internet search results.

[lurch]

What's your recommended course of action for those of us who currently have the Cloudsmith repo installed and for whom many jobs are broken due to that?

@aethernet I guess there's going to be many people in this boat, so maybe it's worth creating a sticky issue at https://github.com/balena-io/etcher/issues ? 🤔

[jdrch]

@ElScotto TYVM!

@lurch Yep, we're in our 2nd breakage in as many months, after all.

[aethernet]

@lurch good call, just did

[aethernet]

@ElScotto

Should we remove the repo

Yes, and probably get a new version from the GH releases page.

[jall0330]

Here is how I solved:

1. Issue doing a sudo apt update (Debian 11)
   /opt/balenaEtcher$ sudo apt update
   Hit:1 https://ocean.surfshark.com/debian stretch InRelease
   Hit:3 https://brave-browser-apt-release.s3.brave.com stable InRelease
   Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
   Hit:5 https://dl.winehq.org/wine-builds/debian bullseye InRelease
   Hit:6 http://deb.debian.org/debian bullseye InRelease
   Hit:7 http://security.debian.org/debian-security bullseye-security InRelease
   Hit:2 https://mxrepo.com/mx/repo bullseye InRelease
   Hit:8 http://ftp.us.debian.org/debian bullseye InRelease
   Err:9 https://dl.cloudsmith.io/public/balena/etcher/deb/debian bullseye InRelease
   402 Payment Required [IP: 18.155.248.62 443]
   Hit:10 http://deb.debian.org/debian bullseye-updates InRelease
   Hit:11 http://deb.debian.org/debian bullseye-backports InRelease
   Hit:12 http://ftp.us.debian.org/debian bullseye-updates InRelease
   Get:13 https://mega.nz/linux/repo/Debian_11 ./ InRelease [2,959 B]
   Reading package lists... Done
   N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' doesn't support architecture 'i386'
   E: Failed to fetch https://dl.cloudsmith.io/public/balena/etcher/deb/debian/dists/bullseye/InRelease 402 Payment Required [IP: 18.155.248.62 443]
   E: The repository 'https://dl.cloudsmith.io/public/balena/etcher/deb/debian bullseye InRelease' is not signed.
   N: Updating from such a repository can't be done securely, and is therefore disabled by default.
   N: See apt-secure(8) manpage for repository creation and user configuration details.

2. Fixed first issues with architecture i386

3. using synaptic uninstalled Balena Etcher version 1.7.9

4. Downloaded latest version 1.18. from git hub

5. installed using dpkg -i balena-etcher_1.18.4_amd64.deb

6. then navigate to /etc/apt/sources.list.d do a ls -ltr

7. ls
   root@debjall0330:/etc/apt/sources.list.d# ls -ltr
   total 28
   -rw-r--r-- 1 root root 201 Jan 29 20:23 google-chrome.list
   -rw-r--r-- 1 root root 1 Jan 29 20:23 spotify.list
   -rw-r--r-- 1 root root 165 Jan 29 20:23 mx.list
   -rw-r--r-- 1 root root 52 Feb 8 20:17 surfshark.list
   -rw-r--r-- 1 root root 104 Apr 27 13:45 megasync.list
   -rw-r--r-- 1 root root 460 May 6 14:00 balena-etcher.list
   -rw-r--r-- 1 root root 135 May 6 14:01 brave-browser-release.list

8. using gedit / nano /vim or any other tool load the balena etcher source list that is giving issue

9. for example: nano balena-etcher-list

10. Source: balena

Site: https://github.com/balena-io/etcher

Repository: balena / etcher

Description: Flash OS images to SD cards & USB drives, safely and easily.

deb [signed-by=/usr/share/keyrings/balena-etcher-archive-keyring.gpg] https://dl.cloudsmith.io/public/balena/etcher/deb/debian bullseye main

deb-src [signed-by=/usr/share/keyrings/balena-etcher-archive-keyring.gpg] https://dl.cloudsmith.io/public/balena/etcher/deb/debian bullseye main

Mark both lines then save
12. then sudo apt update
13. sudo apt update
[sudo] password for jorge:
Hit:1 https://ocean.surfshark.com/debian stretch InRelease
Hit:3 http://deb.debian.org/debian bullseye InRelease
Hit:4 http://security.debian.org/debian-security bullseye-security InRelease
Hit:5 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:6 http://deb.debian.org/debian bullseye-updates InRelease
Hit:7 http://ftp.us.debian.org/debian bullseye InRelease
Hit:8 https://dl.winehq.org/wine-builds/debian bullseye InRelease
Hit:9 http://deb.debian.org/debian bullseye-backports InRelease
Hit:10 http://ftp.us.debian.org/debian bullseye-updates InRelease
Hit:2 https://mxrepo.com/mx/repo bullseye InRelease
Get:11 https://mega.nz/linux/repo/Debian_11 ./ InRelease [2,959 B]
Fetched 2,959 B in 2s (1,837 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

Issue is fixed and balena etcher lastest version is installed

[jdrch]

@jall0330 Thanks, but I already purged the package & removed the repo from all my machines.

[MarkyMarkDE]

Is the repository at cloudsmith online again? Since yesterday, I not get the status "payment required" back, seems that the update has already finished successfully ...

[jdrch]

Is the repository at cloudsmith online again? Since yesterday, I not get the status "payment required" back, seems that the update has already finished successfully ...

The dev told us either here or in another issue that the cloudsmith repo is effectively dead.

[lurch]

The dev told us either here or in another issue that the cloudsmith repo is effectively dead.

Yep, see #4059

[MarkyMarkDE]

The dev told us either here or in another issue that the cloudsmith repo is effectively dead.

Yep, see #4059

okay, have now removed sudo unlink /etc/apt/sources.list.d/balena-etcher.list from my /etc/apt/sources.list.d Folder and updated my ppa repos sudo apt-get update and now the entry is gone - but it's hilarious, the ppa is down, but it gives NOT an error back.

[yahyayossef]

All errors are solved,thank you very much

[dvileta]

this is insane.
For anyone else who landed here, download a package from https://github.com/balena-io/etcher/releases/ and be done with this headache.

[Verstelbaar]

@dvileta I used Cloudsmith to install balena etcher on a NUC with Ubuntu. I am not experienced in this, just used a guide and command lines that were prescribed. How do use this package to get Balena etcher on my NUC? Just download it on my NUC and run ? Thanks in advance!

[Flash858]

Well this issue is back. Maybe a GoFundMe is in order? ;)

[lurch]

@Flash858 In #4059 it says "We're moving out of Cloudsmith..."

[MarkyMarkDE]

Well this issue is back. Maybe a GoFundMe is in order? ;)

So I understand: there are (currently?) no Repository for etcher - so u can unlink your source-list in /ect/apt/sources.list.d for etcher
see additional #4059