Open davidjeddy opened 3 days ago
Unfortunately, I have no idea.
get a file by Get GitHub Content API:
Get \"https://api.github.com/repos/aquaproj/aqua-registry/contents/?ref=v4.220.2\":
read tcp 10.14.117.179:60188->4.208.26.200:443: read: connection reset by peer"
send http request: Get \"https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/aqua-proxy_linux_amd64.tar.gz\":
read tcp 10.14.117.179:60556->4.208.26.197:443:
read: connection reset by peer"
install aqua-proxy: get the GitHub Release by Tag:
Get \"https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8\":
read tcp 10.14.117.179:58092->4.208.26.200:443: read: connection reset by peer"
Seems like there was a network issue. aqua simply calls HTTP requests and GitHub API, so I don't think this is a bug of aqua.
At least, aqua v2.36.1 works well in my laptop (macOS) and GitHub Actions (ubuntu-latest, macos-13, macos-14, windows-latest).
How often does the issue occur? Definitely? or sometimes? Always
Can you reproduce the issue using other aqua versions such as v2.36.0 and v2.30.0? No. Unable to install other version, same error
Can you reproduce the issue in other environments? No. Machines outside the network work as expected
I know is a connectivity issue but do not understand why as curl
is successful.
[[~]]$ aqua --log-level DEBUG install
DEBU[0000] install the proxy aqua_version=2.36.1 env=linux/amd64 package_name=aqua-proxy package_version=v1.2.8 program=aqua registry=
DEBU[0000] check if aqua-proxy is already installed aqua_version=2.36.1 env=linux/amd64 package_name=aqua-proxy package_version=v1.2.8 program=aqua registry=
DEBU[0000] check if the package is already installed aqua_version=2.36.1 env=linux/amd64 package_name=aqua-proxy package_version=v1.2.8 program=aqua registry=
INFO[0000] download and unarchive the package aqua_version=2.36.1 env=linux/amd64 package_name=aqua-proxy package_version=v1.2.8 program=aqua registry=
DEBU[0000] failed to download an asset from GitHub Release without GitHub API. Try again with GitHub API aqua_version=2.36.1 asset_name=aqua-proxy_linux_amd64.tar.gz asset_version=v1.2.8 env=linux/amd64 error="send http request: Get \"https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/aqua-proxy_linux_amd64.tar.gz\": read tcp 10.14.117.179:53942->4.208.26.197:443: read: connection reset by peer" package_name=aqua-proxy package_version=v1.2.8 program=aqua registry= repo_name=aqua-proxy repo_owner=aquaproj
FATA[0000] aqua failed aqua_version=2.36.1 env=linux/amd64 error="install aqua-proxy: get the GitHub Release by Tag: Get \"https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8\": read tcp 10.14.117.179:35116->4.208.26.200:443: read: connection reset by peer" program=aqua
[[~]]$ curl --location --output aqua-proxy_linux_amd64.tar.gz https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/aqua-proxy_linux_amd64.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 784k 100 784k 0 0 1201k 0 --:--:-- --:--:-- --:--:-- 54.7M
[[~]]$ ls -lah
total 1.7M
drwxr-xr-x. 1 jenkins jenkins 494 Oct 4 08:33 .
drwx------. 1 jenkins jenkins 448 Oct 4 08:21 ..
-rw-r--r--. 1 jenkins jenkins 785K Oct 4 08:33 aqua-proxy_linux_amd64.tar.gz
...
It would seem the aqua binary is not following HTTPS only redirect. Does aqua require both HTTP and HTTPS to follow 302 redirect?
We don't take care of redirect when downloading files by HTTP request for now.
http.DefaultClient is used.
📝 https://pkg.go.dev/net/http#Client
// CheckRedirect specifies the policy for handling redirects.
// If CheckRedirect is not nil, the client calls it before
// following an HTTP redirect. The arguments req and via are
// the upcoming request and the requests made already, oldest
// first. If CheckRedirect returns an error, the Client's Get
// method returns both the previous Response (with its Body
// closed) and CheckRedirect's error (wrapped in a url.Error)
// instead of issuing the Request req.
// As a special case, if CheckRedirect returns ErrUseLastResponse,
// then the most recent response is returned with its body
// unclosed, along with a nil error.
//
// If CheckRedirect is nil, the Client uses its default policy,
// which is to stop after 10 consecutive requests.
CheckRedirect func(req *[Request](https://pkg.go.dev/net/http#Request), via []*[Request](https://pkg.go.dev/net/http#Request)) [error](https://pkg.go.dev/builtin#error)
It would seem the aqua binary is not following HTTPS only redirect. Does aqua require both HTTP and HTTPS to follow 302 redirect?
Sorry. I don't understand this well.
HTTP return code 302 is a redirect website A -> website B
Does aqua follow HTTPS redirects or does it does it only follow HTTP redirects?
I think aqua follows HTTPS redirects.
I checked redirects using -v
option.
curl -v --location --output aqua-proxy_linux_amd64.tar.gz https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/aqua-proxy_linux_amd64.tar.gz
https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/aqua-proxy_linux_amd64.tar.gz
redirects to https://objects.githubusercontent.com/**
.
aqua usually works well. I think this means aqua follows HTTPS redirect correctly.
In your environment, GitHub API doesn't work too. I don't think the API needs redirects.
Get \"https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8\": read tcp 10.14.117.179:35116->4.208.26.200:443: read: connection reset by peer"
Indeed. However both curl ...
and curl --location ...
does work.
[~]$ curl --verbose https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8
* Host api.github.com:443 was resolved.
* IPv6: (none)
* IPv4: 4.208.26.200
* Trying 4.208.26.200:443...
* Connected to api.github.com (4.208.26.200) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.github.com
* start date: Mar 7 00:00:00 2024 GMT
* expire date: Mar 7 23:59:59 2025 GMT
* subjectAltName: host "api.github.com" matched cert's "*.github.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo ECC Domain Validation Secure Server CA
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.github.com]
* [HTTP/2] [1] [:path: /repos/aquaproj/aqua-proxy/releases/tags/v1.2.8]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /repos/aquaproj/aqua-proxy/releases/tags/v1.2.8 HTTP/2
> Host: api.github.com
> User-Agent: curl/8.6.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 200
< date: Fri, 04 Oct 2024 12:06:57 GMT
< content-type: application/json; charset=utf-8
< cache-control: public, max-age=60, s-maxage=60
< vary: Accept,Accept-Encoding, Accept, X-Requested-With
< etag: W/"c9d6a709e3360549fb1d2c1711a32c3e7752d226588e3c2a8e0017c793c654e8"
< last-modified: Tue, 01 Oct 2024 23:38:22 GMT
< x-github-media-type: github.v3; format=json
< x-github-api-version-selected: 2022-11-28
< access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
< access-control-allow-origin: *
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'
< server: github.com
< x-ratelimit-limit: 60
< x-ratelimit-remaining: 58
< x-ratelimit-reset: 1728047109
< x-ratelimit-resource: core
< x-ratelimit-used: 2
< accept-ranges: bytes
< content-length: 20980
< x-github-request-id: 9E39:18CC71:61FB50:67C016:66FFDA61
<
{
"url": "https://api.github.com/repos/aquaproj/aqua-proxy/releases/177907024",
"assets_url": "https://api.github.com/repos/aquaproj/aqua-proxy/releases/177907024/assets",
"upload_url": "https://uploads.github.com/repos/aquaproj/aqua-proxy/releases/177907024/assets{?name,label}",
"html_url": "https://github.com/aquaproj/aqua-proxy/releases/tag/v1.2.8",
"id": 177907024,
"author": {
"login": "github-actions[bot]",
"id": 41898282,
"node_id": "MDM6Qm90NDE4OTgyODI=",
"avatar_url": "https://avatars.githubusercontent.com/in/15368?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/github-actions%5Bbot%5D",
"html_url": "https://github.com/apps/github-actions",
"followers_url": "https://api.github.com/users/github-actions%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/github-actions%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/github-actions%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/github-actions%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/github-actions%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/github-actions%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/github-actions%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/github-actions%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/github-actions%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
},
"node_id": "RE_kwDOF9Swy84KmqVQ",
"tag_name": "v1.2.8",
"target_commitish": "main",
"name": "v1.2.8",
"draft": false,
"prerelease": false,
"created_at": "2024-10-01T23:27:33Z",
"published_at": "2024-10-01T23:28:24Z",
"assets": [
...
{
"url": "https://api.github.com/repos/aquaproj/aqua-proxy/releases/assets/196245903",
"id": 196245903,
"node_id": "RA_kwDOF9Swy84LsnmP",
"name": "multiple.intoto.jsonl",
"label": "",
"uploader": {
"login": "github-actions[bot]",
"id": 41898282,
"node_id": "MDM6Qm90NDE4OTgyODI=",
"avatar_url": "https://avatars.githubusercontent.com/in/15368?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/github-actions%5Bbot%5D",
"html_url": "https://github.com/apps/github-actions",
"followers_url": "https://api.github.com/users/github-actions%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/github-actions%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/github-actions%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/github-actions%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/github-actions%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/github-actions%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/github-actions%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/github-actions%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/github-actions%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
},
"content_type": "application/octet-stream",
"state": "uploaded",
"size": 15830,
"download_count": 0,
"created_at": "2024-10-01T23:29:18Z",
"updated_at": "2024-10-01T23:29:19Z",
"browser_download_url": "https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/multiple.intoto.jsonl"
}
],
"tarball_url": "https://api.github.com/repos/aquaproj/aqua-proxy/tarball/v1.2.8",
"zipball_url": "https://api.github.com/repos/aquaproj/aqua-proxy/zipball/v1.2.8",
"body": "[Pull Requests](https://github.com/aquaproj/aqua-proxy/pulls?q=is%3Apr+milestone%3Av1.2.8) | [Issues](https://github.com/aquaproj/aqua-proxy/issues?q=is%3Aissue+milestone%3Av1.2.8) | https://github.com/aquaproj/aqua-proxy/compare/v1.2.7...v1.2.8\r\n\r\n## Update dependencies\r\n\r\nUpdate Go to 1.23.2\r\n\r\n## Create GitHub Artifact Attestations\r\n\r\n#592\r\n\r\nhttps://github.com/aquaproj/aqua-proxy/attestations\r\n\r\n"
}
* Connection #0 to host api.github.com left intact
and w/ --location
[~]$ curl --location --verbose https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8
* Host api.github.com:443 was resolved.
* IPv6: (none)
* IPv4: 4.208.26.200
* Trying 4.208.26.200:443...
* Connected to api.github.com (4.208.26.200) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.github.com
* start date: Mar 7 00:00:00 2024 GMT
* expire date: Mar 7 23:59:59 2025 GMT
* subjectAltName: host "api.github.com" matched cert's "*.github.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo ECC Domain Validation Secure Server CA
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.github.com/repos/aquaproj/aqua-proxy/releases/tags/v1.2.8
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.github.com]
* [HTTP/2] [1] [:path: /repos/aquaproj/aqua-proxy/releases/tags/v1.2.8]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /repos/aquaproj/aqua-proxy/releases/tags/v1.2.8 HTTP/2
> Host: api.github.com
> User-Agent: curl/8.6.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 200
< date: Fri, 04 Oct 2024 12:05:09 GMT
< content-type: application/json; charset=utf-8
< cache-control: public, max-age=60, s-maxage=60
< vary: Accept,Accept-Encoding, Accept, X-Requested-With
< etag: W/"e21a8bb6f42c5d6aaf9fa70c60f45c00e8b715f95624f765a28f8b32e98c8621"
< last-modified: Tue, 01 Oct 2024 23:38:22 GMT
< x-github-media-type: github.v3; format=json
< x-github-api-version-selected: 2022-11-28
< access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
< access-control-allow-origin: *
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'
< server: github.com
< x-ratelimit-limit: 60
< x-ratelimit-remaining: 59
< x-ratelimit-reset: 1728047109
< x-ratelimit-resource: core
< x-ratelimit-used: 1
< accept-ranges: bytes
< content-length: 20980
< x-github-request-id: 1861:9257A:44FCE3:493052:66FFD9F5
<
{
"url": "https://api.github.com/repos/aquaproj/aqua-proxy/releases/177907024",
"assets_url": "https://api.github.com/repos/aquaproj/aqua-proxy/releases/177907024/assets",
"upload_url": "https://uploads.github.com/repos/aquaproj/aqua-proxy/releases/177907024/assets{?name,label}",
"html_url": "https://github.com/aquaproj/aqua-proxy/releases/tag/v1.2.8",
"id": 177907024,
"author": {
"login": "github-actions[bot]",
"id": 41898282,
"node_id": "MDM6Qm90NDE4OTgyODI=",
"avatar_url": "https://avatars.githubusercontent.com/in/15368?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/github-actions%5Bbot%5D",
"html_url": "https://github.com/apps/github-actions",
"followers_url": "https://api.github.com/users/github-actions%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/github-actions%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/github-actions%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/github-actions%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/github-actions%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/github-actions%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/github-actions%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/github-actions%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/github-actions%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
},
"node_id": "RE_kwDOF9Swy84KmqVQ",
"tag_name": "v1.2.8",
"target_commitish": "main",
"name": "v1.2.8",
"draft": false,
"prerelease": false,
"created_at": "2024-10-01T23:27:33Z",
"published_at": "2024-10-01T23:28:24Z",
"assets": [
...
{
"url": "https://api.github.com/repos/aquaproj/aqua-proxy/releases/assets/196245903",
"id": 196245903,
"node_id": "RA_kwDOF9Swy84LsnmP",
"name": "multiple.intoto.jsonl",
"label": "",
"uploader": {
"login": "github-actions[bot]",
"id": 41898282,
"node_id": "MDM6Qm90NDE4OTgyODI=",
"avatar_url": "https://avatars.githubusercontent.com/in/15368?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/github-actions%5Bbot%5D",
"html_url": "https://github.com/apps/github-actions",
"followers_url": "https://api.github.com/users/github-actions%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/github-actions%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/github-actions%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/github-actions%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/github-actions%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/github-actions%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/github-actions%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/github-actions%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/github-actions%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
},
"content_type": "application/octet-stream",
"state": "uploaded",
"size": 15830,
"download_count": 0,
"created_at": "2024-10-01T23:29:18Z",
"updated_at": "2024-10-01T23:29:19Z",
"browser_download_url": "https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/multiple.intoto.jsonl"
}
],
"tarball_url": "https://api.github.com/repos/aquaproj/aqua-proxy/tarball/v1.2.8",
"zipball_url": "https://api.github.com/repos/aquaproj/aqua-proxy/zipball/v1.2.8",
"body": "[Pull Requests](https://github.com/aquaproj/aqua-proxy/pulls?q=is%3Apr+milestone%3Av1.2.8) | [Issues](https://github.com/aquaproj/aqua-proxy/issues?q=is%3Aissue+milestone%3Av1.2.8) | https://github.com/aquaproj/aqua-proxy/compare/v1.2.7...v1.2.8\r\n\r\n## Update dependencies\r\n\r\nUpdate Go to 1.23.2\r\n\r\n## Create GitHub Artifact Attestations\r\n\r\n#592\r\n\r\nhttps://github.com/aquaproj/aqua-proxy/attestations\r\n\r\n"
}
* Connection #0 to host api.github.com left intact
I am even able to telnet
to both api.github.com
and objects.githubusercontent.com
.
[jenkins@ip-10-14-117-179 toolchain-management]$ telnet api.github.com 443
Trying 4.208.26.200...
Connected to api.github.com.
Escape character is '^]'.
Connection closed by foreign host.
[jenkins@ip-10-14-117-179 toolchain-management]$ telnet objects.githubusercontent.com 443
Trying 185.199.109.133...
Connected to objects.githubusercontent.com.
Escape character is '^]'.
Connection closed by foreign host.
Are you familiar with Go? Can you run the following script in your environment?
main.go:
package main
import (
"context"
"fmt"
"io"
"log"
"net/http"
)
func main() {
if err := core(); err != nil {
log.Fatal(err)
}
}
func core() error {
u := "https://github.com/aquaproj/aqua-proxy/releases/download/v1.2.8/aqua-proxy_linux_amd64.tar.gz"
ctx := context.Background()
client := &http.Client{}
req, err := http.NewRequestWithContext(ctx, http.MethodGet, u, nil)
if err != nil {
return fmt.Errorf("create a http request: %w", err)
}
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("send http request: %w", err)
}
defer resp.Body.Close()
b, err := io.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("read a response body: %w", err)
}
log.Printf("status code: %d\n", resp.StatusCode)
if resp.StatusCode < 300 {
log.Println("Success!")
} else {
log.Printf("body: %s", string(b))
}
return nil
}
go version
go run main.go
I expect you can reproduce the issue using this code. Then we may be able to ask Go community for help.
I can get around with Go, it's been awhile.
$ go version
go1.21.13 linux/amd64
$ cd $HOME
$ mkdir test
$ vi test/main.go # add script to test/main.go, save, exit
$ go mod init test/main.go
$ cd test
$ go run .
2024/10/04 13:15:38 status code: 200
2024/10/04 13:15:38 Success!
Oh? Looks like the issue wasn't reproduced. The above code is basically same with aqua. Interesting.
aqua info
However, if I use curl I am about to download the file.
Just to be sure, I checked the ENV VAR list for a proxy config:
Not sure why curl would be successful but the aqua binary fails.
Overview
Unable to install packages from behind egress DNS firewall. We must have the exact root DNS / hostname for all out going requests. We have added .github. but are still getting connection reset.
How to reproduce
aqua.yaml
Other related code such as local Registry
Executed command and output
Debug output
Expected behaviour
Able to download pacakges.
Actual behaviour
connection reset
Note
No response