We Keep Coding

Google Cloud VM metadata-based keys ssh: handshake failed unable to authenticate and oslogin_cache_refresh: Failure getting groups, quitting

When trying to SSH to GCE VMs using metadata-based SSH keys I get the following error:
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
While troubleshooting I can see the keys in the instance metadata, but they are not being added to the user's authorized_keys file:
$ curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys"
username:ssh-ed25519 AAAAC3NzaC....omitted....
admin:ssh-ed25519 AAAAC3NzaC....omitted....
$ sudo ls -hal /home/**/.ssh/
/home/ubuntu/.ssh/:
total 8.0K
drwx------ 2 ubuntu ubuntu 4.0K Aug 11 23:19 .
drwxr-xr-x 3 ubuntu ubuntu 4.0K Aug 11 23:19 ..
-rw------- 1 ubuntu ubuntu 0 Aug 11 23:19 authorized_keys
# Only result is the default zero-length file for ubuntu user
I also see the following errors in the ssh server auth log and Google Guest Environment services:
$ sudo less /var/log/auth.log
Aug 11 23:28:59 test-vm sshd[2197]: Invalid user admin from 1.2.3.4 port 34570
Aug 11 23:28:59 test-vm sshd[2197]: Connection closed by invalid user admin 1.2.3.4 port 34570 [preauth]
$ sudo journalctl -u google-guest-agent.service
Aug 11 22:24:42 test-vm oslogin_cache_refresh[907]: Refreshing passwd entry cache
Aug 11 22:24:42 test-vm oslogin_cache_refresh[907]: Refreshing group entry cache
Aug 11 22:24:42 test-vm oslogin_cache_refresh[907]: Failure getting groups, quitting
Aug 11 22:24:42 test-vm oslogin_cache_refresh[907]: Failed to get groups, not updating group cache file, removing /etc/oslogin_group.cache.bak.
# or
Aug 11 23:19:37 test-vm GCEGuestAgent[766]: 2022-08-11T23:19:37.6541Z GCEGuestAgent Info: Creating user admin.
Aug 11 23:19:37 test-vm useradd[885]: failed adding user 'admin', data deleted
Aug 11 23:19:37 test-vm GCEGuestAgent[766]: 2022-08-11T23:19:37.6869Z GCEGuestAgent Error non_windows_accounts.go:144:
Error creating user: useradd: group admin exists - if you want to add this user to that group, use -g.

Currently the latest cloud-init and guest-oslogin packages for Ubuntu 20.04.4 LTS (focal) seem to have an issue that causes google-guest-agent.service to exit before completing its task. The issue was fixed and committed but not yet released for focal (and likely other Ubuntu versions).
For now you can try disabling OS Login by setting instance or project metadata enable-oslogin=FALSE. After which you should see the expected results and be able to SSH using those keys:
$ sudo journalctl -u google-guest-agent.service
Aug 11 23:10:33 test-vm GCEGuestAgent[761]: 2022-08-11T23:10:33.0517Z GCEGuestAgent Info: Created google sudoers file
Aug 11 23:10:33 test-vm GCEGuestAgent[761]: 2022-08-11T23:10:33.0522Z GCEGuestAgent Info: Creating user username.
Aug 11 23:10:33 test-vm useradd[881]: new group: name=username, GID=1002
Aug 11 23:10:33 test-vm useradd[881]: new user: name=username, UID=1001, GID=1002, home=/home/username, shell=/bin/bash, from=none
Aug 11 23:10:33 test-vm gpasswd[895]: user username added by root to group ubuntu
Aug 11 23:10:33 test-vm gpasswd[904]: user username added by root to group adm
Aug 11 23:10:33 test-vm gpasswd[983]: user username added by root to group google-sudoers
Aug 11 23:10:33 test-vm GCEGuestAgent[761]: 2022-08-11T23:10:33.7615Z GCEGuestAgent Info: Updating keys for user username.
$ sudo ls -hal /home/username/.ssh/
/home/username/.ssh/:
total 12K
drwx------ 2 username username 4.0K Aug 11 23:19 .
drwxr-xr-x 4 username username 4.0K Aug 11 23:35 ..
-rw------- 1 username username 589 Aug 11 23:19 authorized_keys
The admin user however will not work, since it conflicts with an existing linux group. You should pick a username that does not conflict with any of the name:x:123: names listed at getent group

Django1.11 + Python3.6 + Nginx 1.12 + uWSGI 2.0 deployment with error ImportError: No module named XXX...unable to load app 0 (mountpoint='')

My deploy enviroment is "Django 1.11.13 + Python3.6.5(with virtualenv) + uWSGI 2.0 + Nginx 1.12". Here is my project:
(ncms) [ncms#localhost ncms]$ pwd
/home/ncms/ncms
(ncms) [ncms#localhost ncms]$ ll
总用量 36
drwxrwxr-x 12 ncms ncms 157 5月 17 13:48 apps
-rwxrwxr-x 1 ncms ncms 16384 5月 14 18:49 celerybeat-schedule
drwxrwxr-x 2 ncms ncms 66 5月 17 10:40 db_tools
drwxrwxr-x 4 ncms ncms 41 5月 17 10:40 extra_apps
drwxrwxr-x 5 ncms ncms 233 5月 17 10:40 libs
drwxrwxr-x 2 ncms ncms 152 5月 17 10:40 logfiles
-rwxrwxr-x 1 ncms ncms 855 5月 6 22:23 manage.py
drwxrwxr-x 3 ncms ncms 201 5月 21 14:19 ncms
-rwxrwxr-x 1 ncms ncms 351 5月 15 18:25 ncms.conf
-rwxrwxr-x 1 ncms ncms 2766 5月 17 13:43 notes.md
-rwxrwxr-x 1 ncms ncms 518 5月 14 15:52 requirements.txt
drwxrwxr-x 3 ncms ncms 23 5月 18 16:09 static
drwxrwxr-x 10 ncms ncms 120 5月 18 16:05 static_files
drwxrwxr-x 11 ncms ncms 4096 5月 17 15:38 templates
my virtualenv path and name:
(ncms) [ncms#localhost ncms]$ pwd
/home/ncms/.virtualenvs/ncms
(ncms) [ncms#localhost ncms]$ ll
总用量 8
drwxrwxr-x 3 ncms ncms 4096 5月 21 13:46 bin
drwxrwxr-x 2 ncms ncms 24 5月 15 11:49 include
drwxrwxr-x 3 ncms ncms 23 5月 15 11:49 lib
-rw-rw-r-- 1 ncms ncms 61 5月 15 11:50 pip-selfcheck.json
Three important files you must know:
1./etc/uwsgi/ncms.ini
[uwsgi]
# Django diretory that contains manage.py
chdir = /home/ncms/ncms
module = ncms.wsgi:application
env = DJANGO_SETTINGS_MODULE=ncms.settings
# enable master process manager
master = true
# bind to UNIX socket
socket = /run/uwsgi/ncms.sock
# number of worker processes
processes = 4
# user identifier of uWSGI processes
uid = ncms
# group identifier of uWSGI processes
gid = ncms
#respawn processes after serving 5000 requests
max-requests = 5000
# clear environment on exit
vacuum = true
# the virtualenv you are using (full path)
home = /home/ncms/.virtualenvs/ncms
# set mode and own of created UNIX socket
chown-socket = ncms:nginx
chmod-socket = 660
# place timestamps into log
log-date = true
logto = /var/log/uwsgi.log
no-site = true
2./etc/systemd/system/uwsgi.service
[Unit]
Description=ncms uWSGI service
[Service]
ExecStartPre=/usr/bin/bash -c 'mkdir -p /run/uwsgi; chown ncms:nginx /run/uwsgi'
ExecStart=/usr/bin/uwsgi --emperor /etc/uwsgi
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all
[Install]
WantedBy=graphical.target
3./etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location = favicon.ico { access_log off; log_not_found off; }
location /static {
root /home/ncms/ncms;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/ncms.sock;
}
}
}
After they were configured well:
sudo nginx –t
sudo usermod -a -G ncms nginx
chmod 710 /home/ncms
sudo systemctl daemon-reload
sudo systemctl restart nginx
sudo systemctl restart uwsgi
Then I always got this error at the Operational MODE: preforking step when I looked /var/log/uwsgi.log:
Mon May 21 16:38:35 2018 - SIGINT/SIGQUIT received...killing workers...
Mon May 21 16:38:35 2018 - received message 0 from emperor
Mon May 21 16:38:36 2018 - worker 1 buried after 1 seconds
Mon May 21 16:38:36 2018 - worker 2 buried after 1 seconds
Mon May 21 16:38:36 2018 - worker 3 buried after 1 seconds
Mon May 21 16:38:36 2018 - worker 4 buried after 1 seconds
Mon May 21 16:38:36 2018 - goodbye to uWSGI.
Mon May 21 16:38:36 2018 - VACUUM: unix socket /run/uwsgi/ncms.sock removed.
Mon May 21 16:38:38 2018 - *** Starting uWSGI 2.0.17 (64bit) on [Mon May 21 16:38:38 2018] ***
Mon May 21 16:38:38 2018 - compiled with version: 4.8.5 20150623 (Red Hat 4.8.5-16) on 26 April 2018 05:37:29
Mon May 21 16:38:38 2018 - os: Linux-3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018
Mon May 21 16:38:38 2018 - nodename: localhost.localdomain
Mon May 21 16:38:38 2018 - machine: x86_64
Mon May 21 16:38:38 2018 - clock source: unix
Mon May 21 16:38:38 2018 - pcre jit disabled
Mon May 21 16:38:38 2018 - detected number of CPU cores: 4
Mon May 21 16:38:38 2018 - current working directory: /etc/uwsgi
Mon May 21 16:38:38 2018 - detected binary path: /usr/bin/uwsgi
Mon May 21 16:38:38 2018 - chdir() to /home/ncms/ncms
Mon May 21 16:38:38 2018 - your processes number limit is 7164
Mon May 21 16:38:38 2018 - your memory page size is 4096 bytes
Mon May 21 16:38:38 2018 - detected max file descriptor number: 1024
Mon May 21 16:38:38 2018 - lock engine: pthread robust mutexes
Mon May 21 16:38:38 2018 - thunder lock: disabled (you can enable it with --thunder-lock)
Mon May 21 16:38:38 2018 - uwsgi socket 0 bound to UNIX address /run/uwsgi/ncms.sock fd 3
Mon May 21 16:38:38 2018 - setgid() to 2014
Mon May 21 16:38:38 2018 - setuid() to 2030
Mon May 21 16:38:38 2018 - Python version: 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Mon May 21 16:38:38 2018 - Set PythonHome to /home/ncms/.virtualenvs/ncms
Mon May 21 16:38:38 2018 - *** Python threads support is disabled. You can enable it with --enable-threads ***
Mon May 21 16:38:38 2018 - Python main interpreter initialized at 0x1cea860
Mon May 21 16:38:38 2018 - your server socket listen backlog is limited to 100 connections
Mon May 21 16:38:38 2018 - your mercy for graceful operations on workers is 60 seconds
Mon May 21 16:38:38 2018 - mapped 364600 bytes (356 KB) for 4 cores
Mon May 21 16:38:38 2018 - *** Operational MODE: preforking ***
Traceback (most recent call last):
File "./ncms/__init__.py", line 1, in <module>
from __future__ import absolute_import, unicode_literals
ImportError: No module named __future__
Mon May 21 16:38:38 2018 - unable to load app 0 (mountpoint='') (callable not found or import error)
Mon May 21 16:38:38 2018 - *** no app loaded. going in full dynamic mode ***
Mon May 21 16:38:38 2018 - *** uWSGI is running in multiple interpreter mode ***
Mon May 21 16:38:38 2018 - spawned uWSGI master process (pid: 3456)
Mon May 21 16:38:38 2018 - spawned uWSGI worker 1 (pid: 3458, cores: 1)
Mon May 21 16:38:38 2018 - spawned uWSGI worker 2 (pid: 3459, cores: 1)
Mon May 21 16:38:38 2018 - spawned uWSGI worker 3 (pid: 3460, cores: 1)
Mon May 21 16:38:38 2018 - spawned uWSGI worker 4 (pid: 3462, cores: 1)
When I removed the line "from future import absolute_import, unicode_literals" in my code, it rasied the same error, like:
Mon May 21 16:43:30 2018 - *** Operational MODE: preforking ***
Traceback (most recent call last):
File "./ncms/__init__.py", line 4, in <module>
from .celery import app as celery_app
File "./ncms/celery.py", line 6, in <module>
import os
ImportError: No module named os
Mon May 21 16:43:30 2018 - unable to load app 0 (mountpoint='') (callable not found or import error)
Mon May 21 16:43:30 2018 - *** no app loaded. going in full dynamic mode ***
looks like can't import anything...
When I access my website, the /var/log/uwsgi.log displayed:
Mon May 21 16:55:28 2018 - --- no python application found, check your startup logs for errors ---
[pid: 3812|app: -1|req: -1/3] 192.168.10.1 () {46 vars in 854 bytes} [Mon May 21 16:55:28 2018] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0)
Mon May 21 16:55:28 2018 - --- no python application found, check your startup logs for errors ---
[pid: 3812|app: -1|req: -1/4] 192.168.10.1 () {48 vars in 855 bytes} [Mon May 21 16:55:28 2018] GET /favicon.ico => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (1 switches on core 0)
I've google a lot and tried many time changing here and there, just don't get the right answer.
Anyone could help me? Please!

You can first using uwsgi command line to start app as root
uwsgi --socket 127.0.0.1:8080 --chdir /home/ncms/ncms/ --wsgi-file ncms/wsgi.py
then if ok, debug the config file mode

Silverstripe permissions for assets deployed on AWS

when uploading files in the admin backend of SilverStripe, I always get permission denied.
The apache2 is running under www-data:www-data (checked with "whoami" and in the envvars).
The permissions for the assets folder are the following:
drwxrwxr-x+ 5 git www-data 4.0K Oct 2 08:18 .
drwxrwsr-x+ 17 git users 4.0K Oct 2 09:53 ..
-rwxrwxr-x+ 1 git www-data 1.5K Oct 2 08:18 .htaccess
drwxrwsr-x+ 2 git www-data 4.0K Oct 2 07:28 Uploads
drwxrwsr-x+ 2 git www-data 4.0K Oct 2 08:18 _combinedfiles
drwxrwsr-x+ 2 git www-data 4.0K Oct 2 07:57 books
-rwxrwxr-x+ 1 git www-data 4.5K Oct 1 14:48 error-404.html
-rwxrwxr-x+ 1 git www-data 4.3K Oct 1 14:48 error-500.html
-rwxrwxr-x+ 1 git www-data 4.4K Oct 2 08:18 web.config
Even if I set them to 777, I still get permission denied. It works locally and I can't get my head around why it doesnt work.
Apache ErrorLog:
[Fri Oct 02 10:24:18.364138 2015] [:error] [pid 16008] [client 62.218.34.90:44300] PHP Warning: copy(/var/www/X/assets/books/Mike.png): failed to open stream: Permission denied in /var/www/X/framework/filesystem/Upload.php on line 195, referer: http://x.amazonaws.com/index.php/admin/assets/add/?ID=7
[Fri Oct 02 10:24:18.364615 2015] [:error] [pid 16008] [client 62.218.34.90:44300] PHP Warning: Requirements_Backend::process_combined_files(): Couldn't create '/var/www/X/assets/_combinedfiles//lib.js' in /var/www/X/framework/view/Requirements.php on line 1214, referer: http://x.amazonaws.com/index.php/admin/assets/add/?ID=7
Is this an AWS specific problem? Any clues?

The problem were ACLs.
Using getfacl ./assets/ I could determine, that the ACLs were set to undermine the normal permission model.
With setfacl I was able to advance the ACLs to include the webuser (www-data) into the assets directory with rwx.
Hope this helps someone,
Best regards. G

I would recommend you use a module and store the assets in S3
https://github.com/markguinn/silverstripe-cloudassets

nginx & uwsgi deploy django app get SIGPIPE 502 error

I use nginx and uwsgi deploy my django webapp, the start few minutes all things well but after some time the ngnix will report 502 error and I check the uwsgi stderr log. there are some error marked => generated & SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request such as blow error message:
>[pid: 27427|app: 0|req: 1/1] 10.209.78.30 () {38 vars in 1030 bytes} [Mon Sep 29 15:46:00 2014] GET blabla...(just request url address) => generated 16018 bytes in 1428 msecs (HTTP/1.1 200) 6 headers in 157 bytes (1 switches on core 0)
Mon Sep 29 15:46:03 2014 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request blabla...(just request url address) (ip 10.209.78.30) !!!
Mon Sep 29 15:46:03 2014 - uwsgi_response_writev_headers_and_body_do(): Broken pipe [core/writer.c line 287] during GET blabla...(just request url address) (10.209.78.30)
IOError: write error
[pid: 27425|app: 0|req: 1/2] 10.209.78.30 () {38 vars in 2050 bytes} [Mon Sep 29 15:46:00 2014] GET blabla...(just request url address) => generated 0 bytes in 3578 msecs (HTTP/1.1 200) 6 headers in 0 bytes (0 switches on core 0)
Mon Sep 29 15:46:04 2014 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request blabla...(just request url address) (ip 10.217.95.130) !!!
Mon Sep 29 15:46:04 2014 - uwsgi_response_writev_headers_and_body_do(): Broken pipe [core/writer.c line 287] during GET blabla...(just request url address) (10.217.95.130)
IOError: write error
[pid: 27426|app: 0|req: 1/3] 10.217.95.130 () {38 vars in 1871 bytes} [Mon Sep 29 15:46:00 2014] GET blabla...(just request url address) => generated 0 bytes in 4415 msecs (HTTP/1.1 200) 6 headers in 0 bytes (0 switches on core 0)
Mon Sep 29 15:46:05 2014 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request blabla...(just request url address) (ip 10.217.95.130) !!!
Mon Sep 29 15:46:05 2014 - uwsgi_response_writev_headers_and_body_do(): Broken pipe [core/writer.c line 287] during GET blabla...(just request url address) (10.217.95.130)
IOError: write error
I replace the request url by blabla...
My nginx.conf is bleow:
location / {
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Methods" "GET, OPTIONS";
add_header "Access-Control-Allow-Headers" "origin, authorization, accept";
uwsgi_pass unix:///tmp/djangoapp.sock;
include uwsgi_params;
}
uWSGI launch command:
uwsgi --socket /tmp/djangoapp.sock -p 10 --wsgi-file /opt/graphite/conf/graphite_wsgi.py --chmod-socket=666

How a device registers itself after adding a pass

When I add a pass in a device, I see on the console like this:
Mar 26 14:32:36 CamMobs-iPod4 passd[7128] <Warning>: Card has more than 10 locations. Capping.
Mar 26 14:32:38 CamMobs-iPod4 MobileSafari[7115] <Warning>: Warning: Attempt to dismiss from view controller <BrowserRootViewController: 0x1ed546a0> while a presentation or dismiss is in progress!
Mar 26 14:32:39 CamMobs-iPod4 backboardd[52] <Warning>: CoreAnimation: updates deferred for too long
Mar 26 14:32:39 CamMobs-iPod4 locationd[41] <Notice>: Location icon should now be in state 'Active'
Mar 26 14:32:50 CamMobs-iPod4 locationd[41] <Notice>: Location icon should now be in state 'Inactive'
Mar 26 14:32:52 CamMobs-iPod4 profiled[7122] <Notice>: (Note ) profiled: Idled.
Mar 26 14:32:52 CamMobs-iPod4 profiled[7122] <Notice>: (Note ) profiled: Service stopping.
Mar 26 14:33:31 CamMobs-iPod4 locationd[41] <Warning>: Launch Services: Registering unknown app identifier com.apple.PassKit failed
Mar 26 14:33:31 CamMobs-iPod4 locationd[41] <Warning>: Launch Services: Unable to find app identifier com.apple.PassKit
Mar 26 14:33:33 CamMobs-iPod4 configd[50] <Notice>: network changed: v4(en0:192.168.1.109) DNS Proxy
Mar 26 14:33:53 CamMobs-iPod4 backboardd[52] <Notice>: Posting 'com.apple.iokit.hid.displayStatus' notifyState=0
.....
Why it tries to register to com.apple.PassKit ?
In my server, I use some codes in index.php like the following:
<?php
// Transfer Request URL into array
$request = explode("/", substr(#$_SERVER['REQUEST_URI'], 1));
//$request = explode("/", substr(#$_SERVER['REQUEST_URI'], 1));
print_r($_SERVER['REQUEST_URI']);
if (strtoupper($_SERVER['REQUEST_METHOD']) === "POST"
&& isset($_SERVER['HTTP_AUTHORIZATION'])
&& strpos($_SERVER['HTTP_AUTHORIZATION'], 'ApplePass') === 0
&& $request[2] === "devices"
&& $request[4] === "registrations") {
$auth_key = str_replace('ApplePass ', '', $_SERVER['HTTP_AUTHORIZATION']);
$device_id = $request[3];
$pass_id = $request[5];
$serial = $request[6];
echo $request[3];
//$device_id = $_POST[''];
echo $device_id;
echo $pass_id;
echo $serial ;
// Catch the JSON post and decode it
$dt = #file_get_contents('php://input');
// $dt = #file_get_contents('php://input');
//$device_token = json_decode($dt);
//$device_token = $device_token->pushToken;
$pushtoken=json_decode($dt)->pushToken;
if (!$device_token) die('No Token Found'); // Token wasn't found
$dbhost = 'localhost:8889';
$dbuser = 'root';
$dbpass = 'root';
$dbname = 'passesdb';
$conn = mysql_connect($dbhost, $dbuser, $dbpass)
or die ('Error connecting to mysql'.mysql_error());
mysql_select_db($dbname);
mysql_query("SET NAMES UTF8");
mysql_query($sql,$conn);
$table = 'Devices';
$sql = mysql_query("insert into Devices values('$device_id','$pushtoken')");
mysql_query($sql);
exit;
}
?>

This is what a successful registration looks like in the console:
1. Mar 26 17:00:03 iPhone5 passd[6262] <Warning>: Generating POST request with URL <https:/afr.passk.it/v1/devices/7864dc8fdcfe739273cf7362a0db2b35/registrations/pass.it.passk.developer3/1wqdDAqHydkRURA9YCjbq>
2. Mar 26 17:00:03 iPhone5 passd[6262] <Warning>: Request contains header field <Authorization: ApplePass 5cdddad65324384efa39575a4cf22424>
3. Mar 26 17:00:03 iPhone5 passd[6262] <Warning>: Request contains body dictionary {
pushToken = 0bbe54794500332b789a3ddb69827386d5c9aad1cb035c9f2725761d419950b2;
}
4. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Register task (for device 7864dc8fdcfe739273cf7362a0db2b35, pass type pass.it.passk.developer3, serial number 1wqdDAqHydkRURA9YCjbq; with web service url https://afr.passk.it/) got response with code 201
5. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Generating GET request with URL <https:/afr.passk.it/v1/devices/7864dc8fdcfe739273cf7362a0db2b35/registrations/pass.it.passk.developer3?passesUpdatedSince=1364287618>
6. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Generating GET request with URL <https:/afr.passk.it/v1/passes/pass.it.passk.developer3/1wqdDAqHydkRURA9YCjbq>
7. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Request contains header field <If-Modified-Since: Tue, 26 Mar 2013 07:35:33 GMT>
8. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Request contains header field <Authorization: ApplePass 5cdddad65324384efa39575a4cf22424>
9. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Get serial #s task (for device 7864dc8fdcfe739273cf7362a0db2b35, pass type pass.it.passk.developer3, last updated 1364287618; with web service url https://afr.passk.it/) got response with code 204
10. Mar 26 17:00:04 iPhone5 passd[6262] <Warning>: Get serial numbers task completed with update tag (null), serial numbers (null)
11. Mar 26 17:00:05 iPhone5 passd[6262] <Warning>: Get pass task (pass type pass.it.passk.developer3, serial number 1wqdDAqHydkRURA9YCjbq, if-modified-since Tue, 26 Mar 2013 07:35:33 GMT; with web service url https://afr.passk.it/) got response with code 304
What you have posted above is only the last line of this process, (where passd has picked up that you have more than 10 locations in your pass.json).
If you examine the above you can see the flow of events that your web service needs to respond to:
Row 1: Device sends a POST request to:
https://webserviceURL/v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber}`
Row 2: POST request is sent with the header field:
Authorization: ApplePass {authenticationToken}
Row 3: POST body contains the JSON Dictionary:
{
pushToken = {pushToken};
}
Provided your rewrite rule is correct, your PHP code should analyse the URL and capture the deviceLibraryIdentifier and pushToken and store it in the database, linked to the pass record containing the serialNumber, authenticationToken and passTypeIdentifier.
Then Row 4: Your web service responds to the device with a 201 code to indicate that the registration was successful.
On Row 5: The device then generates a GET request to your web service to check if there is a newer versions pof passes for the same certificate:
https:/webserviceURL/v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}?passesUpdatedSince={lastUpdateTag}
On Row 6, 7 and 8: The device generates a GET request to your web service to check if there is a newer version of this specific pass. It provides an If-Modified-Since header containing the date provided in the header of the last downloaded .pkpass bundle (Row 7), and provides another Authorization header containing Applepass {authenticationToken} (Row 8) so that your web service can validate the request against by checking the database record for the serialNumber.
https:/webserviceURL/v1/passes/{passTypeIdentifier}/{serialNumber}
Header: If-Modified-Since: {last modified date}
Header: Authorization: ApplePass {authenticationToken}
On Row 9: the web service responds with a 204 response, indicating that there are no serialNumbers for the passTypeIdentifier that require updating. Row 10 confirms this.
Finally, on Row 11, the device receives a 304 response from your web service, confirming that the pass it has just installed is the latest version of the pass.
The above outlines precisely what your web service will receive and the responses it needs to provide to successfully register a device.