search

MRtrix3 / mrtrix3

MRtrix3 provides a set of tools to perform various advanced diffusion MRI analyses, including constrained spherical deconvolution (CSD), probabilistic tractography, track-density imaging, and apparent fibre density
http://www.mrtrix.org
Mozilla Public License 2.0
294 stars 181 forks source link

dev build failing to pull NIfTI headers #2984

Closed Lestropie closed 2 months ago

Lestropie commented 2 months ago

Follows #2979.

Full cmake output ``` CMake Error at nifti2-stamp/download-nifti2.cmake:170 (message): Each download failed! error: downloading 'https://nifti.nimh.nih.gov/pub/dist/src/nifti2/nifti2.h' failed status_code: 22 status_string: "HTTP response code said error" log: --- LOG BEGIN --- Trying 156.40.187.114:443... Trying 2607:f220:419:4103::114:443... Immediate connect fail for 2607:f220:419:4103::114: Network is unreachable Connected to nifti.nimh.nih.gov (156.40.187.114) port 443 (#0) ALPN, offering h2 ALPN, offering http/1.1 TLSv1.0 (OUT), TLS header, Certificate Status (22): [5 bytes data] TLSv1.3 (OUT), TLS handshake, Client hello (1): [512 bytes data] TLSv1.2 (IN), TLS header, Certificate Status (22): [5 bytes data] TLSv1.3 (IN), TLS handshake, Server hello (2): [93 bytes data] TLSv1.2 (IN), TLS header, Certificate Status (22): [5 bytes data] TLSv1.2 (IN), TLS handshake, Certificate (11): [5121 bytes data] TLSv1.2 (IN), TLS header, Certificate Status (22): [5 bytes data] TLSv1.2 (IN), TLS handshake, Server key exchange (12): [333 bytes data] TLSv1.2 (IN), TLS header, Certificate Status (22): [5 bytes data] TLSv1.2 (IN), TLS handshake, Server finished (14): [4 bytes data] TLSv1.2 (OUT), TLS header, Certificate Status (22): [5 bytes data] TLSv1.2 (OUT), TLS handshake, Client key exchange (16): [70 bytes data] TLSv1.2 (OUT), TLS header, Finished (20): [5 bytes data] TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): [1 bytes data] TLSv1.2 (OUT), TLS header, Certificate Status (22): [5 bytes data] TLSv1.2 (OUT), TLS handshake, Finished (20): [16 bytes data] TLSv1.2 (IN), TLS header, Finished (20): [5 bytes data] TLSv1.2 (IN), TLS header, Certificate Status (22): [5 bytes data] TLSv1.2 (IN), TLS handshake, Finished (20): [16 bytes data] SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 ALPN, server did not agree to a protocol Server certificate: subject: CN=*.nimh.nih.gov start date: Jul 31 19:17:00 2024 GMT expire date: Sep 1 19:17:00 2025 GMT subjectAltName: host "nifti.nimh.nih.gov" matched cert's "*.nimh.nih.gov" issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2 SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway. TLSv1.2 (OUT), TLS header, Supplemental data (23): [5 bytes data] GET /pub/dist/src/nifti2/nifti2.h HTTP/1.1 Host: nifti.nimh.nih.gov User-Agent: curl/7.81.0 Accept: */* TLSv1.2 (IN), TLS header, Supplemental data (23): [5 bytes data] Mark bundle as not supporting multiuse HTTP/1.1 403 Forbidden Date: Tue, 03 Sep 2024 02:56:36 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 The requested URL returned error: 403 Closing connection 0 TLSv1.2 (IN), TLS header, Supplemental data (23): [5 bytes data] TLSv1.2 (OUT), TLS header, Unknown (21): [5 bytes data] TLSv1.2 (OUT), TLS alert, close notify (256): [2 bytes data] --- LOG END --- ```

I can also do:

$ curl https://nifti.nimh.nih.gov/pub/dist/src/nifti2/nifti2.h
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /pub/dist/src/nifti2/nifti2.h
on this server.</p>
</body></html>

Hope they didn't spot the request traffic and close up shop...

Lestropie commented 2 months ago

Also related, I think the pulling of those data is at a higher verbosity than it should be:

-- Found PNG: /usr/lib/x86_64-linux-gnu/libpng.so;/usr/lib/x86_64-linux-gnu/libz.so
-- Configuring done
-- Generating done
-- Build files have been written to: /home/rob/src/mrtrix3/build
[8/431] Performing download step (download and verify) for 'nifti2'
-- Downloading...
   dst='/home/rob/src/mrtrix3/build/nifti/src/nifti2.h'
   timeout='none'
-- Using src='https://nifti.nimh.nih.gov/pub/dist/src/nifti2/nifti2.h'
-- Downloading... done
[12/431] Performing download step (download and verify) for 'nifti1'
-- Downloading...
   dst='/home/rob/src/mrtrix3/build/nifti/src/nifti1.h'
   timeout='none'
-- Using src='https://nifti.nimh.nih.gov/pub/dist/src/nifti2/nifti1.h'
-- Downloading... done
[431/431] Linking CXX executable bin/mrregister
daljit46 commented 2 months ago

I'm a little confused about how #2979 managed to pass our CI checks.

daljit46 commented 2 months ago

Hope they didn't spot the request traffic and close up shop...

Maybe, it's a good idea to just clone the header files from a separate repo under our organisation on Github? This would avoid any issues in case their servers are down or denying access.

Lestropie commented 2 months ago

The NIfTI1 header always had this alternative location: https://nifti.nimh.nih.gov/pub/dist/src/niftilib/nifti1.h , but the NIfTI2 header isn't there.

Just trying again now, I had one curl failure followed by a success. So maybe let's keep an eye on it: if the failure frequency becomes unacceptable we can duplicate those files in our own repo, but I would prefer for them to be pulled from the originating source if possible.

daljit46 commented 2 months ago

This should be closed by #2993.