Open str4d opened 5 months ago
Maybe also related to #593 (there is not enough error log information in the cargo-vet
output for either issue's content to be sufficient for me to determine that).
I've now had time to debug this further, and it turns out that the problem is that miette
is for whatever reason not rendering the related errors inside AggregateErrors
. When I add dbg!
around them, this is what I get as overall output:
Fetching source audits [=========================================================] 2/2 [src/main.rs:2552:8] &errors = [
CriteriaDescriptionMismatch(
AggregateCriteriaDescriptionMismatchError {
criteria_name: "license-reviewed",
first: AggregateCriteriaDescription {
source: "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml",
description: Some(
"The license of this crate has been reviewed for compatibility with its usage in this repository.",
),
description_url: None,
},
second: AggregateCriteriaDescription {
source: "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml",
description: Some(
"The license of this crate has been reviewed for compatibility with its usage in this repository. If the crate is not available under the MIT license, `contrib/debian/copyright` has been updated with a corresponding copyright notice for files under `depends/*/vendored-sources/CRATE_NAME`.",
),
description_url: None,
},
},
),
]
ERROR × there were errors aggregating source audit files
So I now know what the aggregation problem is (a mismatch between criteria descriptions, something I didn't realise had to exactly match), but also cargo vet
is hiding these errors.
I'm running
cargo vet aggregate --output-file supply-chain/audits.toml supply-chain/sources.txt
in CI for https://github.com/zcash/rust-ecosystem. Recently I added a second source tosources.txt
and now aggregation fails. Via local testing, I determined that the new URL is not broken, butthe presence of two URLs causes aGoAway
to be returned by GitHub, I presume due to either some interaction with HTTP2 connection pooling or tripping up a spam detector?EDIT 2024-05-23: Hmm, actually it looks like the
GoAway
is being sent to GitHub at the end of the connection in response to something. It's still the main difference I see between one vs two sources.✅ First source only
``` ❯ cat supply-chain/sources.txt https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml ❯ cargo vet aggregate --verbose debug --output-file supply-chain/audits.toml supply-chain/sources.txt DEBUG starting new connection: https://raw.githubusercontent.com/ DEBUG resolving host="raw.githubusercontent.com" DEBUG connecting to 185.199.111.133:443 DEBUG connected to 185.199.111.133:443 DEBUG No cached session for DnsName("raw.githubusercontent.com") DEBUG Not resuming any session DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256 DEBUG Not resuming DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])] DEBUG ALPN protocol is Some(b"h2") DEBUG binding client connection DEBUG client connection bound DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 } DEBUG pooling idle connection for ("https", raw.githubusercontent.com) DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) } DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x0), max_concurrent_streams: 100 } DEBUG Connection{peer=Client}: send frame=Settings { flags: (0x1: ACK) } DEBUG Connection{peer=Client}: received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 } DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x1: ACK) } DEBUG Connection{peer=Client}: received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) } ```✅ Second source only
``` ❯ cat supply-chain/sources.txt https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml ❯ cargo vet aggregate --verbose debug --output-file supply-chain/audits.toml supply-chain/sources.txt DEBUG starting new connection: https://raw.githubusercontent.com/ DEBUG resolving host="raw.githubusercontent.com" DEBUG connecting to 185.199.111.133:443 DEBUG connected to 185.199.111.133:443 DEBUG No cached session for DnsName("raw.githubusercontent.com") DEBUG Not resuming any session DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256 DEBUG Not resuming DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])] DEBUG ALPN protocol is Some(b"h2") DEBUG binding client connection DEBUG client connection bound DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 } DEBUG pooling idle connection for ("https", raw.githubusercontent.com) DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) } DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x0), max_concurrent_streams: 100 } DEBUG Connection{peer=Client}: send frame=Settings { flags: (0x1: ACK) } DEBUG Connection{peer=Client}: received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 } DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x1: ACK) } DEBUG Connection{peer=Client}: received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) } ```❌ Both sources
``` ❯ cat supply-chain/sources.txt https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml ❯ cargo vet aggregate --verbose debug --output-file supply-chain/audits.toml supply-chain/sources.txt DEBUG starting new connection: https://raw.githubusercontent.com/ DEBUG starting new connection: https://raw.githubusercontent.com/ DEBUG resolving host="raw.githubusercontent.com" DEBUG resolving host="raw.githubusercontent.com" DEBUG connecting to 185.199.111.133:443 DEBUG connecting to 185.199.108.133:443 DEBUG connected to 185.199.111.133:443 DEBUG No cached session for DnsName("raw.githubusercontent.com") DEBUG Not resuming any session DEBUG connected to 185.199.108.133:443 DEBUG No cached session for DnsName("raw.githubusercontent.com") DEBUG Not resuming any session DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256 DEBUG Not resuming DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])] DEBUG ALPN protocol is Some(b"h2") DEBUG binding client connection DEBUG client connection bound DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 } DEBUG pooling idle connection for ("https", raw.githubusercontent.com) DEBUG reuse idle connection for ("https", raw.githubusercontent.com) DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) } DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(3), flags: (0x5: END_HEADERS | END_STREAM) } DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256 DEBUG Not resuming DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])] DEBUG ALPN protocol is Some(b"h2") DEBUG binding client connection DEBUG client connection bound DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: send frame=GoAway { error_code: NO_ERROR, last_stream_id: StreamId(0) } DEBUG Connection{peer=Client}: Connection::poll; connection error error=GoAway(b"", NO_ERROR, Library) DEBUG Connection{peer=Client}: Sending warning alert CloseNotify DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x0), max_concurrent_streams: 100 } DEBUG Connection{peer=Client}: send frame=Settings { flags: (0x1: ACK) } DEBUG Connection{peer=Client}: received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 } DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x1: ACK) } DEBUG Connection{peer=Client}: received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 } DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(3), flags: (0x4: END_HEADERS) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(3), flags: (0x1: END_STREAM) } DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) } DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) } DEBUG Connection{peer=Client}: send frame=GoAway { error_code: NO_ERROR, last_stream_id: StreamId(0) } DEBUG Connection{peer=Client}: Connection::poll; connection error error=GoAway(b"", NO_ERROR, Library) ERROR × there were errors aggregating source audit files DEBUG Connection{peer=Client}: Sending warning alert CloseNotify ```