Refine mirror list

[koppor]

Currently, mirros have issues:

 TeXLive::TLUtils::check_file_and_remove: checksums differ for /tmp/biOptVIJLz/MBaWiRwgOp/texlive-scripts.tar.xz:
TeXLive::TLUtils::check_file_and_remove:   tlchecksum=1e6f3c68cb1d2dd3ffb51dd653d4e40ec4c53a64ba4c2fc5197d9c5acf7fb00b51ebcb001f52590237c452d472d9afdae17bae8d6ce5e329e1952ce9549426e1, arg=03cb469858557dfa27162f872c51f0279cc4cfad4c50977657f977dc98bc22682d5905a3cd89e50d4113c3717977b80a10079ad3a45f9211925704b67b257b4c

1.688 ./install-tl: signature verification error of /tmp/HxzsHjFjZz/isn4t9qyo0 from https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb: cryptographic signature verification of
1.688   /tmp/HxzsHjFjZz/5JwqK9ILg5
1.688 against
1.688   https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
1.688 failed. Output was:
1.688 gpg: Signature made Fri Jan 10 00:50:41 2025 UTC
1.688 gpg:                using RSA key D8F2F86057A857E42A88106A4CE1877E19438C70
1.688 gpg: BAD signature from "TeX Live Distribution <[email protected]>" [ultimate]

/tmp/install-texlive/install-tl: signature verification error of /tmp/k_5wvCHAde/dh8W0VJHCk from https://us.mirrors.cicku.me/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb: cryptographic signature verification of
  /tmp/k_5wvCHAde/8Y_ukEGk_i
against
  https://us.mirrors.cicku.me/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
failed. Output was:
gpg: Signature made Fri Jan 10 00:50:41 2025 UTC
gpg:                using RSA key D8F2F86057A857E42A88106A4CE1877E19438C70
gpg: BAD signature from "TeX Live Distribution <[email protected]>" [ultimate]

0.409 Loading https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb
1.600
1.600 ./install-tl: checksum error when downloading /tmp/8AqKaRUYF8/X1RYLOwIF4 from https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb: digest disagree

It would be nice if only mirrors with correct checksums would be used.

[zauguin]

The question is why the checksums don't match. The reasons I can immediately think of would be:

1. There is data corruption on the mirror.
2. There is an update in progress and we see different versions of the checksum file and the actual file
3. The checksums are generated invalid upstream.
4. The mirror is manipulating data.

These need to be handled somewhat differently. In case 4 they should probably be removed from all the error lists and it should be investigated more closely, but that's usually least likely. (Especially since there isn't much to gain given that all significant users of the file in question should do signature validation).
In case 3 selecting a different mirror wouldn't help but the issue should be much more common, so let's assume that that's not the case.

In case 2 we shouldn't exclude the server since it's likely to be up to date shortly afterwards. This shouldn't happen often though. In option 1 this should either self-correct after the next update or the disk is dying and the server should be excluded.

Avoiding this automatically is hard since validating checksums effectively needs to download all relevant files.

So either we do something like #56 or we collect lists of broken servers and explicitly exclude them.
If the problem are broken servers, then excluding them is much more reliable. If this is distributed over all servers then we basically need retries.

So I guess the tl;dr; is: Do you know if it's always the same mirror(s) causing trouble or are all mirrors affected?

[koppor]

Avoiding this automatically is hard since validating checksums effectively needs to download all relevant files.

I was thinking to do a "best guess". Maybe, downloading the file https://us.mirrors.cicku.me/ctan/systems/texlive/tlnet/archive/texlive-scripts.tar.xz and checking the checksum?

In case 2 we shouldn't exclude the server since it's likely to be up to date shortly afterwards. This shouldn't happen often though.

I was also assuming that the mirror list is updated each hour. Thus, a mirror is removed and added in a timely manner.

It would be interesting to have an overview of invalid checksums. I am constantly getting these the last days. Maybe, it is because of case 3?

10 [5/5] RUN xargs tlmgr install --repository https://ctan.org/tex-archive/systems/texlive/tlnet < "/work/src/Texlivefile" &&  sha256sum "/work/src/Texlivefile" > "/work/tmp/Texlivefile.sha" &&  tlmgr path add
#10 6.039 
#10 6.039 /usr/local/bin/tlmgr: signature verification error of /tmp/4Z34zKendk/8oeDj3IBE7 from https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb: cryptographic signature verification of
#10 6.039   /tmp/4Z34zKendk/WYxp2P0f55
#10 6.039 against
#10 6.039   https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
#10 6.039 failed. Output was:
#10 6.039 gpg: Signature made Wed Jan 15 00:46:19 2025 UTC
#10 6.039 gpg:                using RSA key D8F2F86057A857E42A88106A4CE1877E19438C70
#10 6.039 gpg: BAD signature from "TeX Live Distribution <[email protected]>" [ultimate]
#10 6.039 
#10 6.039 Please try from a different mirror and/or wait a few minutes
#10 6.039 and try again; usually this is because of transient updates.
#10 6.039 If problems persist, feel free to report to [email protected].
#10 6.039 
#10 ERROR: process "/bin/sh -c xargs tlmgr install --repository https://ctan.org/tex-archive/systems/texlive/tlnet < \"/work/src/Texlivefile\" &&  sha256sum \"/work/src/Texlivefile\" > \"/work/tmp/Texlivefile.sha\" &&  tlmgr path add" did not complete successfully: exit code: 123
------
 > [5/5] RUN xargs tlmgr install --repository https://ctan.org/tex-archive/systems/texlive/tlnet < "/work/src/Texlivefile" &&  sha256sum "/work/src/Texlivefile" > "/work/tmp/Texlivefile.sha" &&  tlmgr path add:
6.039   https://ctan.org/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
6.039 failed. Output was:
6.039 gpg: Signature made Wed Jan 15 00:46:19 2025 UTC
6.039 gpg:                using RSA key D8F2F86057A857E42A88106A4CE1877E19438C70
6.039 gpg: BAD signature from "TeX Live Distribution <[email protected]>" [ultimate]
6.039 
6.039 Please try from a different mirror and/or wait a few minutes
6.039 and try again; usually this is because of transient updates.
6.039 If problems persist, feel free to report to [email protected].
6.039 
------

Internal link: Source: https://github.com/latextemplates/generator-latex-template/actions/runs/12804565481/job/35699213578?pr=330

Note that this is ctan.org, which I assume should have no data curruption 😅.

[koppor]

State of today - seems that this mirror has continously errors:

tlmgr: package repository https://us.mirrors.cicku.me/ctan/systems/texlive/tlnet/ (verified)
tlmgr: no self-updates for tlmgr available
[1/4, ??:??/??:??] update: hyphen-base [23k] (73522 -> 73526) ... done
[2/4, 00:00/00:00] update: siunitx [68k] (73499 -> 73546) ... done
[3/4, 00:00/00:00] update: texlive-scripts [112k] (73520 -> 73564) ... TeXLive::TLUtils::check_file_and_remove: checksums differ for /tmp/PQpA7MTEI6/2a4oLMpx5m/texlive-scripts.tar.xz:
TeXLive::TLUtils::check_file_and_remove:   tlchecksum=70f47b6c217f81842642ca32b8d71f180f4e2ce44e3482bd0022b5d846f32a22a7d2302b99ca362be815466f1d02dd76585b5bd6f8744fd4c4159e9cc2684543, arg=8d747038a39c1f4ad8f2f16f02f45c9f6f1e9d22c7f40264f7cd5db5a128587590dfa8773502f00fad16e909a5b7040d3775ead6e9eabe0e8e122fe2752604df
TeXLive::TLUtils::check_file_and_remove: backtrace:
 -> /home/runner/texlive/tlpkg/TeXLive/TLUtils.pm:2768: TeXLive::TLUtils::check_file_and_remove
 -> /home/runner/texlive/tlpkg/TeXLive/TLPDB.pm:1989: TeXLive::TLUtils::unpack
 -> /home/runner/texlive/tlpkg/TeXLive/TLPDB.pm:1806: TeXLive::TLPDB::_install_data
 -> /home/runner/texlive/tlpkg/TeXLive/TLPDB.pm:1722: TeXLive::TLPDB::not_virtual_install_package
 -> /home/runner/texlive/bin/x86_64-linux/tlmgr:3490: TeXLive::TLPDB::install_package
 -> /home/runner/texlive/bin/x86_64-linux/tlmgr:810: main::action_update
 -> /home/runner/texlive/bin/x86_64-linux/tlmgr:716: main::execute_action
 -> /home/runner/texlive/bin/x86_64-linux/tlmgr:374: main::main
TeXLive::TLUtils::check_file_and_remove:   removing /tmp/PQpA7MTEI6/2a4oLMpx5m/texlive-scripts.tar.xz, but saving copy in /tmp/sLlQZT6Gzq
TLPDB::_install_data: downloading did not succeed (check_file_and_remove failed) for https://us.mirrors.cicku.me/ctan/systems/texlive/tlnet/archive/texlive-scripts.tar.xz
tlmgr: Installation of new version of texlive-scripts failed, trying to unwind.
tlmgr: Restoring of old package did NOT succeed.
tlmgr: Error message from unpack: don't know how to unpack
tlmgr: Most likely repair: run tlmgr install texlive-scripts and hope.
done
[4/4, 00:00/00:00] update: tracklang [20k] (73456 -> 73561) ... tlmgr: action update returned an error; continuing.
done

[zauguin]

Note that this is ctan.org, which I assume should have no data curruption 😅.

Actually ctan.org is particularly likely to trigger this error since it redirects to mirrors.ctan.org which redirects to a random mirror, so by downloading from ctan.org the actual file and the signature are likely coming from different mirrors and therefore might be different versions.

[zauguin]

For now I explicitly excluded the problematic mirror, please let me know if you still get issues with other mirrors.