Processing Cask -- curl SSL issue with 302 redirect

jsundram commented 4 years ago

General troubleshooting steps

[X] I understand that if I ignore these instructions, my issue may be closed without review.
[X] I have retried my command with --force.
[X] I ran brew update-reset && brew update and retried my command.
[X] I ran brew doctor, fixed as many issues as possible and retried my command.
[X] I have checked the instructions for reporting bugs.
[X] I made doubly sure this is not a checksum does not match error.

Description of issue

the formula for Processing points to a url that is a redirect.
running brew cask install Processing yields an error curl: (60) SSL certificate problem: certificate has expired (see verbose error info below)

However, running curl on the url in the formula curl "https://download.processing.org/processing-3.5.4-macosx.zip" yields a clear redirect.

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://github.com/processing/processing/releases/download/processing-0270-3.5.4/processing-3.5.4-macosx.zip">here</a>.</p>
</body></html>

It looks like this redirect is not followed by curl (the -L option would allow this). I'm not sure if the best way to resolve this is just to update the formula to point to https://github.com/processing/processing/releases/download/processing-0270-#{version}/processing-#{version}-macosx.zip or if this is a general problem that could/should be fixed by adding -L to the curl command to follow redirects.

Command that failed

brew cask install Processing

Output of command with `--force --verbose --debug`

/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/2.4.11\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 10.15.5\)\ curl/7.64.1 --retry 3 --location --silent --head --request GET https://download.processing.org/processing-3.5.4-macosx.zip
==> Downloading https://download.processing.org/processing-3.5.4-macosx.zip
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/2.4.11\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 10.15.5\)\ curl/7.64.1 --retry 3 --location --range 0-1 --dump-header - --write-out \%\{http_code\} --output /dev/null https://download.processing.org/processing-3.5.4-macosx.zip
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/2.4.11\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 10.15.5\)\ curl/7.64.1 --fail --retry 3 --location --remote-time --continue-at 0 --output /Users/jsundram/Library/Caches/Homebrew/downloads/69a58d3da61e60537b051f80d40b16c28bcc29546a0c1d3ecca2b79e3a12a39d--processing-3.5.4-macosx.zip.incomplete https://download.processing.org/processing-3.5.4-macosx.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Error: Download failed on Cask 'processing' with message: Download failed: https://download.processing.org/processing-3.5.4-macosx.zip
/usr/local/Homebrew/Library/Homebrew/download_strategy.rb:306:in `rescue in fetch'
/usr/local/Homebrew/Library/Homebrew/download_strategy.rb:303:in `fetch'
/usr/local/Homebrew/Library/Homebrew/cask/download.rb:42:in `fetch'
/usr/local/Homebrew/Library/Homebrew/cask/download.rb:20:in `perform'
/usr/local/Homebrew/Library/Homebrew/cask/installer.rb:152:in `download'
/usr/local/Homebrew/Library/Homebrew/cask/installer.rb:62:in `fetch'
/usr/local/Homebrew/Library/Homebrew/cask/installer.rb:90:in `install'
/usr/local/Homebrew/Library/Homebrew/cask/cmd/install.rb:22:in `block in run'
/usr/local/Homebrew/Library/Homebrew/cask/cmd/install.rb:16:in `each'
/usr/local/Homebrew/Library/Homebrew/cask/cmd/install.rb:16:in `run'
/usr/local/Homebrew/Library/Homebrew/cask/cmd/abstract_command.rb:36:in `run'
/usr/local/Homebrew/Library/Homebrew/cask/cmd.rb:155:in `run'
/usr/local/Homebrew/Library/Homebrew/cask/cmd.rb:97:in `run'
/usr/local/Homebrew/Library/Homebrew/cmd/cask.rb:9:in `cask'
/usr/local/Homebrew/Library/Homebrew/brew.rb:112:in `<main>'
Error: Kernel.exit
/usr/local/Homebrew/Library/Homebrew/cask/cmd.rb:160:in `exit'
/usr/local/Homebrew/Library/Homebrew/cask/cmd.rb:160:in `rescue in run'
/usr/local/Homebrew/Library/Homebrew/cask/cmd.rb:145:in `run'
/usr/local/Homebrew/Library/Homebrew/cask/cmd.rb:97:in `run'
/usr/local/Homebrew/Library/Homebrew/cmd/cask.rb:9:in `cask'
/usr/local/Homebrew/Library/Homebrew/brew.rb:112:in `<main>'

Output of `brew cask doctor`

==> Homebrew Version
2.4.11-99-g6803bf5
==> macOS
10.15.5
==> SIP
Enabled
==> Java
N/A
==> Homebrew Cask Staging Location
/usr/local/Caskroom
==> Homebrew Cask Taps:
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask (3637 casks)
==> $LOAD_PATHS
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/ruby-macho-2.2.0/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/rubocop-rspec-1.42.0/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/rubocop-performance-1.7.1/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/plist-3.5.0/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/patchelf-1.2.0/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/mechanize-2.7.6/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/elftools-1.1.2/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/bindata-2.4.8/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/activesupport-6.0.3.2/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/zeitwerk-2.4.0/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/tzinfo-1.2.7/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/thread_safe-0.3.6/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/i18n-1.8.5/lib
/usr/local/Homebrew/Library/Homebrew/vendor/bundle/bundler/../ruby/2.6.0/gems/concurrent-ruby-1.1.7/lib/concurrent-ruby
/Library/Ruby/Site/2.6.0
/Library/Ruby/Site/2.6.0/universal-darwin19
/Library/Ruby/Site
/System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/vendor_ruby/2.6.0
/System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/vendor_ruby/2.6.0/universal-darwin19
/System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/vendor_ruby
/System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/2.6.0
/System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/2.6.0/universal-darwin19
/usr/local/Homebrew/Library/Homebrew
==> Cask Environment Variables:
BUNDLE_PATH
CHRUBY_VERSION
GEM_HOME
GEM_PATH
HOMEBREW_CASK_OPTS
LC_ALL
PATH
RBENV_VERSION
RUBYLIB
RUBYOPT
RUBYPATH
SHELL

Output of `brew tap`

homebrew/cask
homebrew/core

core-code commented 4 years ago

what i find weird here is that 1.) its a known fact that our downloader follows redirects and 2.) i have no problems downloading processing with 'brew cask fetch'

any idea why this only affects some users?

miccal commented 4 years ago

i have no problems downloading processing with 'brew cask fetch'

Nor do I, but I use a brew'ed curl and I supposed this was related to https://github.com/Homebrew/homebrew-cask/issues/83481 and the system curl.

core-code commented 4 years ago

hm, i've uninstalled the homebrew'ed curl but still wasn't able to reproduce this

miccal commented 4 years ago

hm, i've uninstalled the homebrew'ed curl but still wasn't able to reproduce this

Same here ...

@jsundram can you please post the output of which -a curl and curl -sLI https://download.processing.org/processing-3.5.4-macosx.zip | grep HTTP, thanks.

jsundram commented 4 years ago

$ which -a curl
/usr/local/anaconda3/bin/curl
/usr/bin/curl

$ curl -sLI https://download.processing.org/processing-3.5.4-macosx.zip | grep HTTP
HTTP/1.1 302 Found
HTTP/1.1 302 Found
HTTP/1.1 403 Forbidden

@miccal -- it looks like this may be a path issue with anaconda?

$ echo $PATH
/usr/local/sbin:/usr/local/anaconda3/bin:/usr/local/anaconda3/condabin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Library/TeX/texbin:/opt/homebrew/bin

miccal commented 4 years ago

Most definitely -- the fact that /usr/local/anaconda3/bin/curl appears before /usr/bin/curl in the output of which -a curl is strange.

I have no experience with anaconda, so I am not sure what to suggest, sorry.

jsundram commented 4 years ago

@miccal, thanks for your help!

I'm going to run conda remove curl; after doing that which -a curl no longer lists /usr/local/anaconda3/bin/curl, so this should no longer shadow the system curl, which I think means that brew cask will no longer accidentally hit anaconda's curl in the future.

core-code commented 4 years ago

i guess 'brew cask doctor' should include the output of 'which -a curl' ?

miccal commented 4 years ago

@core-code I am fairly certain that brew uses the system curl via /usr/bin/curl unless HOMEBREW_FORCE_BREWED_CURL is set; hence the output of which -a curl would not be required.

I wanted to see @jsundram's output of which -a curl because they were getting two different results for brew cask install processing and curl https://download.processing.org/processing-3.5.4-macosx.zip, which was initially confusing -- the reason, as it turns out, was that brew cask install processing used /usr/bin/curl while curl https://download.processing.org/processing-3.5.4-macosx.zip used /usr/local/anaconda3/bin/curl.

None of this explains the random SSL certificate error, though :(

core-code commented 4 years ago

thanks for the explanation - indeed its quite weird

Homebrew / homebrew-cask