Tiny Tiny RSS: Community

After update, all digest-authenticated feeds report 401 errors

I recently updated Tiny Tiny RSS (last pull was some time in May) as well as my OS (from Raspbian Stretch to Raspbian Buster) and now find that all my feeds with digest access authentication (i.e., those for which I’ve entered a username and password in the “Authentication” section of the feed properties) are showing “HTTP/1.1 401 Unauthorized” errors.

The problem also occurs when using update.php from the command line:

$ /update.php --debug-feed 134 --force-refetch --force-rehash 
[21:21:16/18125] Lock: update.lock
[21:21:16/18125] start
[21:21:16/18125] local cache will not be used for this feed
[21:21:16/18125] last unconditional update request: 2019-10-29 09:35:55
[21:21:16/18125] maximum allowed interval for conditional requests exceeded, forcing refetch
[21:21:16/18125] fetching [https://morwen.dreamwidth.org/data/rss?auth=digest] (force_refetch: 1)...
[21:21:17/18125] fetch done.
[21:21:17/18125] source last modified: 
[21:21:17/18125] unable to fetch: HTTP/1.1 401 Unauthorized [401]

I’ve verified that the username and password are correct as they still work when logging in from a web browser. I’ve tried retyping them into the feed properties, but that didn’t help. In my config.php, FEED_CRYPT_KEY is and always has been empty. Can anyone help me fix this?

I am using Tiny Tiny RSS v19.8 (f609065) on Raspbian Buster with Apache 2.4.38, PostgreSQL 9.6.13, and PHP 7.0.33.

i think http digest is only supported using curl, check that you have php-curl installed for the version of php you’re running (there could be multiple, especially after dist-upgrade).

I think you’re right—the upgrade to Buster left my PHP version at 7.0, but the only available version of php-curl is for 7.3. I did some digging and apparently apt refused to upgrade PHP from 7.0 to 7.3 because libapache2-mod-php7.3 depends on php7.3-cli, which depends on php7.3-readline, which depends on libncurses6, which depends on an uninstallable version of libtinfo6:

# apt-get install libncurses6
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libncurses6 : Depends: libtinfo6 (= 6.1+20181013-2+deb10u1) but 6.1+20191019-1 is to be installed
E: Unable to correct problems, you have held broken packages.

So unless I have somehow borked my package management configuration, it looks like the Raspbian (or maybe the upstream Debian) packagers have made a mistake. Unfortunately, downgrading to PHP 7.0 doesn’t seem possible (at least, not using official packages).

I’ll keep looking for a solution and post it or link to it here if I find it. I can’t be the only one running Tiny Tiny RSS on Raspbian Buster; maybe others are having the same issue and just haven’t reported it yet.

you probably screwed up your repository configuration.

$ apt policy libtinfo6
  Installed: 6.1+20181013-2+deb10u1
  Candidate: 6.1+20181013-2+deb10u1
  Version table:
 *** 6.1+20181013-2+deb10u1 500
        500 http://httpredir.debian.org/debian buster/main armhf Packages
        100 /var/lib/dpkg/status

I have been using the updated Debian packages from deb.sury.org for a couple of months on ttrss.info

The new packages have fixed issues I was having with the standard Debian Apache2 packages and allowed me to upgrade to PHP 7.3

More security and reliability.

Hope that helps.

you probably screwed up your repository configuration.

Maybe. For me, “apt policy libtinfo6” shows that I have 6.1+20191019-1 installed, with 6.1+20181013-2+deb10u1 available from the Raspbian Buster repository. But when I try to downgrade to that specific version, apt complains that raspbian-archive-keyring has an unmet dependency on gnupg, even though the versions of raspbian-archive-keyring and gnupg I have installed are exactly the same ones that are in the repository.

I guess this is veering off into Raspbian troubleshooting rather than Tiny Tiny RSS troubleshooting so I’ll just take this issue to a Raspbian support forum.

After learning how to enable debug logging for apt, I’ve solved the problem. In case anyone is in the same situation, the solution was to simultaneously downgrade libtinfo6 and libncursesw6 to the Buster repository versions: apt install libncursesw6=6.1+20181013-2+deb10u1 libtinfo6=6.1+20181013-2+deb10u1

see, this is why frankendebian is always a terrible idea. especially now when better solutions for out-of-repo stuff like containers exist.