Failed to download package gamut from https://code.dlang.org/packages/gamut/2.0.9.zip

[saper]

[x] Issue list: https://github.com/dlang/dub/issues?q=is%3Aissue [x] Cookbook: https://github.com/dlang/dub/wiki/Cookbook [x] Stack Overflow: https://stackoverflow.com/questions/tagged/dub

System information

• dub version: dub 1.29.0
• OS Platform and distribution: FreeBSD 15, amd64
• compiler version

  $  ldc2 -v
  binary    /usr/local/bin/ldc2
  version   1.35.0 (DMD v2.105.2, LLVM 15.0.7)
  config    /usr/local/etc/ldc2.conf (x86_64-portbld-freebsd15.0)

$ pkg which /usr/local/lib/libcurl.so
/usr/local/lib/libcurl.so was installed by package curl-8.7.1

Bug Description

Trying dub build or dub test on a checked out version of https://github.com/Inochi2D/libsoba/blob/cd844b0dcc366ef163cf01aedafbbd6cc98781b9/dub.sdl

(...)
Dependency resolution result:
  bindbc-freetype: 1.0.5
  bindbc-loader: 1.0.3
  bindbc-sdl: 1.3.6
  colorize: 1.0.5
  gamut: 2.0.9
  i18n-d: 1.0.2
  i2d-opengl: 1.0.0
  i2d-wgpu: 0.15.0
  imagefmt: 2.1.2
  inmath: 1.0.6
  intel-intrinsics: 1.11.18
  silly: 1.1.1
Fetching gamut 2.0.9 (getting selected version)...
Package supplier registry at https://code.dlang.org/ failed with 'Failed to download package gamut from https://code.dlang.org/packages/gamut/2.0.9.zip', trying fallbacks.
Fallback package supplier registry at https://codemirror.dlang.org/ failed with 'Failed to download package gamut from https://codemirror.dlang.org/packages/gamut/2.0.9.zip'.
Fallback package supplier registry at https://dub.bytecraft.nl/ failed with 'Failed to download package gamut from https://dub.bytecraft.nl/packages/gamut/2.0.9.zip'.
Fallback package supplier registry at https://code-mirror.dlang.io/ failed with 'Failed to download https://code-mirror.dlang.io/api/packages/infos?packages=%5B%22gamut%22%5D&include_dependencies=true&minimize=true'.
Failed to download package gamut from https://code.dlang.org/packages/gamut/2.0.9.zip

How to reproduce?

1. Clone https://github.com/Inochi2D/libsoba
2. try dub build there

Expected Behavior

It builds

Logs

(see the above dub build -v output).

plain curl seems to work:

> curl -sSf -L -o gamut.zip https://code.dlang.org/packages/gamut/2.0.9.zip
> sha256sum gamut.zip 
b702b4163e42c53f94eb19ed25b83b02f6158c4ce8fcd096c3ee8b1c35ba8f1c  gamut.zip

[s-ludwig]

Works for me:

    Fetching bindbc-sdl 1.3.6 (getting selected version)
    Fetching i2d-wgpu 0.15.0 (getting selected version)
    Fetching i18n-d 1.0.2 (getting selected version)
    Fetching inmath 1.0.6 (getting selected version)
    Fetching bindbc-loader 1.0.3 (getting selected version)
    Fetching imagefmt 2.1.2 (getting selected version)
    Fetching colorize 1.0.5 (getting selected version)
    Fetching bindbc-freetype 1.0.5 (getting selected version)
    Fetching gamut 2.0.9 (getting selected version)
    Fetching i2d-opengl 1.0.0 (getting selected version)
    Fetching intel-intrinsics 1.11.18 (getting selected version)
    Starting Performing "debug" build using dmd for x86_64.
    Building soba ~main: building configuration [library]

Looks like either a temporary server issue, or a network connectivity issue of some kind.

[saper]

Yes, this also worked fine when trying on another FreeBSD machine.

I have noticed three temporary files lying around:

> find /tmp/gamut*zip -ls | sed -e 's/   */   /g'
 31029   1 -rw-r--r--   1 saper   wheel   0 16 kwi 21:13 /tmp/gamut-10af7d84-6b82-45db-8808-0178d75652a5.zip
   3876   2 -rw-r--r--   1 saper   wheel   110 16 kwi 10:58 /tmp/gamut-a03ead26-935a-4337-8a52-5f2b240eee3d.zip
 30973   1 -rw-r--r--   1 saper   wheel   0 16 kwi 21:20 /tmp/gamut-b5c9b335-0891-4c3d-bc84-0d492caf2c1d.zip

The one with 110 bytes contains the following string:

 Deprecated authentication method. Create a Personal Access Token to access: https://github.com/settings/token

In fact, my $HOME/.netrc file contained the following entry:

  machine github.com login for-ballerina password github_pat_XXXXX

and that token has expired.

Looks like curl and libcurl send the .netrc login/password in the unsolicited way after the redirect:

== Info: [HTTP/2] [1] OPENED stream for https://code.dlang.org/packages/gamut/2.0.9.zip <-- no Authorization header, returns 302 == Info: [HTTP/2] [1] OPENED stream for https://github.com/AuburnSounds/gamut/archive/v2.0.9.zip <-- Authorization header sent, returns 401 with the www-authenticate: Basic realm="GitHub" header out there.

.netrc support was introduced in https://github.com/dlang/dub/pull/2027

This behaviour can be reproduced easily with a $HOME/.netrc file containing bogus credential and with curl -L --netrc-optional -o gamut.zip https://code.dlang.org/packages/gamut/2.0.9.zip