Install.sh fails when using wget

[nir2292]

We're installing k3s on an ARM64 device that doesn't have curl installed. Downloading and running install.sh from https://get.k3s.io gives

[INFO]  Finding release for channel latest
https://update.k3s.io/v1-release/channels/latest
[INFO]  Using v1.20.0+k3s2
socket-worker-5029ae85.js as release
[INFO]  Downloading hash https://github.com/rancher/k3s/releases/download/v1.20.0+k3s2
socket-worker-5029ae85.js/sha256sum-arm64.txt
[ERROR]  download needs exactly 2 arguments

tracing this to here: https://github.com/k3s-io/k3s/blob/1d4adb0301b9a63ceec8cabb11b309e061f43d5f/install.sh#L355 and reproducing the behavior by running echo $(wget -SqO /dev/null ${version_url} 2>&1 | grep -i Location | sed -e 's|.*/||') which outputs v1.20.0+k3s2 socket-worker-5029ae85.js

the desired output is v1.20.0+k3s2

I'll add that installing curl and running curl -sfL https://get.k3s.io | sh - works perfectly.

[brandond]

What version of wget do you have? Is it actual wget, or busybox's fake wget?

[nir2292]

GNU Wget 1.19.4

[arron-f]

The problem is combination of the script and likely github changed policy.

I also have same issue... its because the script does insensitive grep. There is a "online.visualstudio.com/api/v1/locations" now in the Content-Security-Policy. Removing the '-i' fixes the problem, since Location is a https://tools.ietf.org/html/rfc7231 pg 68 compliant thingy it should always be a capital anyway.

$ wget -SqO /dev/null https://update.k3s.io/v1-release/channels/stable 2>&1 | grep -i Location Location: https://github.com/k3s-io/k3s/releases/tag/v1.20.0+k3s2 Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com online.visualstudio.com/api/v1/locations; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-5029ae85.js gist.github.com/socket-worker-5029ae85.js

[brandond]

In #1751 we actually had an issue with the Location header being lower-case. According to RFC they are case-insensitive, and http2 actually folds everything to lowercase so it's not really safe to assume either.

[stale[bot]]

This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 180 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions.

[kaharlichenko]

The issue is still valid. Got the same error while installing on Alpine Linux using their "virtual" image flavor.

There's no curl preinstalled and wget happens to be provided by BusyBox.

[brandond]

@kaharlichenko as far as I know the current script should work with busybox wget; what result do you get?

[kaharlichenko]

@brandond, here are my steps:

1. Install the VM from Alpine Virtual 3.14.1 iso image: alpine-virt-3.14.1-x86_64.iso

2. Right after the installation (i.e. no packages other than the ones alpine-setup installs by default) run the following inside the VM:

   k3s-server-2:~# curl --version
   ash: curl: not found
   k3s-server-2:~# wget --version
   wget: unrecognized option: version
   BusyBox v1.33.1 () multi-call binary.
   
   Usage: wget [-cqS] [--spider] [-O FILE] [-o LOGFILE] [--header 'HEADER: VALUE'] [-Y on/off]
           [-P DIR] [-U AGENT] [-T SEC] URL...
   
   Retrieve files via HTTP or FTP
   
           --spider        Only check URL existence: $? is 0 if exists
           -c              Continue retrieval of aborted transfer
           -q              Quiet
           -P DIR          Save to DIR (default .)
           -S              Show server response
           -T SEC          Network read timeout is SEC seconds
           -O FILE         Save to FILE ('-' for stdout)
           -o LOGFILE      Log messages to FILE
           -U STR          Use STR for User-Agent header
           -Y on/off       Use proxy
   k3s-server-2:~# wget -O - https://get.k3s.io | sh -
   Connecting to get.k3s.io (172.67.69.209:443)
   writing to stdout
   -                    100% |********************************************| 25283  0:00:00 ETA
   written to stdout
   [INFO]  Finding release for channel stable
   [INFO]  Using v1.21.3+k3s1
   socket-worker-b05e50fc.js as release
   [INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.21.3+k3s1
   socket-worker-b05e50fc.js/sha256sum-amd64.txt
   [ERROR]  download needs exactly 2 arguments

So the behavior seems to be exactly like in the first message.