Closed vw-anton closed 1 month ago
That link points to the binary artifact, not the source artifact. Source artifact would be something like https://github.com/shimat/opencvsharp/archive/refs/tags/4.8.0.20230711.zip
- but you could just provide the VCS url in the curation.
This is most probably due to the HEAD check we do here: [...] which does not follow redirects.
Actually, the requestSourceArtifact()
helper function uses our pre-configured okHttpClient
which does follow redirects (both SSL and non-SSL) by default.
Additionally taking into account what @georg-eckert-zeiss wrote, I'm closing this as won't fix.
Describe the bug
We provide https://www.nuget.org/api/v2/package/OpenCvSharp4.Extensions/4.9.0.20240103 to ORT to download but it fails with:
This is most probably due to the HEAD check we do here: https://github.com/oss-review-toolkit/ort/blob/bd4e76e996c7d99820dd884cea104276d4ee9861/scanner/src/main/kotlin/provenance/PackageProvenanceResolver.kt#L144 which does not follow redirects. This seems to be an odd behavior Nuget has breaking the correct lookup.
We should discuss whether it makes sense to do the HEAD or broaden the cases for the GET fallback.
To Reproduce
Run ORT with input:
Expected behavior
It follows the redirect and does not throw an exception.
Console / log output
n/a
Environment