Closed JasonQuinn closed 1 year ago
@JasonQuinn Thanks for the report! I'm asking around on my end to see what's happening.
Looks like this could be related to some changes made yesterday, May 23:
Some ecosystems will no longer be supported.As part of this change we will be dropping support for Drupal, Debian, Chocolatey, Alpine, Bower and Go Dep. Note: Go Mod will continue to be supported and we encourage all OSS Index users to upgrade to newer Go Mod modules.
It is almost certainly related. We have reportedly reproduced the problem and are looking into it internally. Sorry for the interruption; we will get this fixed ASAP.
A fix has been deployed. You should see Nancy working correctly now.
Looks like now it's broken in different ways, with expired cert.
Error: Post "https://ossindex.sonatype.org/api/v3/component-report": x509: certificate has expired or is not yet valid: current time 2022-05-26T01:34:29Z is after 2022-05-25T23:59:59Z
Sorry for the problem. It should be resolved now.
Thanks for the heads up!
this has happened again - I'm getting 500s
Error: An error occurred: [500 Internal Server Error] error accessing OSS Index
I use 1.0.41 version and pipeline get this error.
Error: An error occurred: [500 Internal Server Error] error accessing OSS Index
I use 1.0.41 version I'm getting 500s Error: An error occurred: [500 Internal Server Error] error accessing OSS Index
logfile shows: {"level":"error","msg":"Error accessing OSS Index","resp_status_code":"500 Internal Server Error","time":"2022-10-18T08:04:08+01:00"} {"error":"An error occurred: [500 Internal Server Error] error accessing OSS Index","level":"error","msg":"unexpected error in root cmd","time":"2022-10-18T08:04:08+01:00"}
I run with: go list -m all | nancy sleuth
I am getting a 500- Internal Server Error
Error: An error occurred: [500 Internal Server Error] error accessing OSS Index
v1.0.37 + v1.0.41 are currently not working:
{"level":"error","msg":"Error accessing OSS Index","resp_status_code":"500 Internal Server Error","time":"2022-10-18T14:13:03+02:00"}
{"error":"An error occurred: [500 Internal Server Error] error accessing OSS Index","level":"error","msg":"unexpected error in root cmd","time":"2022-10-18T14:13:03+02:00"}
I would also like to request that the command doesn't exit with error code 1, if the server cannot be reached, as this breaks pipelines. Maybe add an option to allow the command to pass if the server is returning errors or unreachable? 🤔
Same error here
$ CGO_ENABLED=0 go list -json -m all | nancy sleuth --skip-update-check
Error: An error occurred: [500 Internal Server Error] error accessing OSS Index
For more information, check the log file at /home/theo/.ossindex/nancy.combined.log
nancy version: 1.0.41
...
$ cat /home/theo/.ossindex/nancy.combined.log
{"level":"error","msg":"Error accessing OSS Index","resp_status_code":"500 Internal Server Error","time":"2022-10-18T14:36:07+02:00"}
{"error":"An error occurred: [500 Internal Server Error] error accessing OSS Index","level":"error","msg":"unexpected error in root cmd","time":"2022-10-18T14:36:07+02:00"}
1046Installing nancy version v1.0.33 ... 1048Error: An error occurred: [500 Internal Server Error] error accessing OSS Index 1049 1050For more information, check the log file at /home/travis/.ossindex/nancy.combined.log 1051nancy version: 1.0.33
Any workaround on this until it gets fixed?
Any workaround on this until it gets fixed?
Not really. We disabled nancy in our CI pipeline until this is fixed.
@ken-duck - have you seen this? 🙏
I can reliably reproduce with this API request:
curl -X 'POST' \
'https://ossindex.sonatype.org/api/v3/component-report' \
-H 'accept: application/vnd.ossindex.component-report.v1+json' \
-H 'Content-Type: application/vnd.ossindex.component-report-request.v1+json' \
-d '{
"coordinates": [
"pkg:golang/github.com/IBM-Cloud/go-etcd-rules@v1.5.14"
]
}'
{"code":500,"message":"There was an error processing your request. It has been logged (ID 0c64132875b54062)."}
The version doesn't appear to matter. Any other public golang dependency I try appears to work.
We moved away from this index to vulncheck by Go community, works like a charm.
We're looking into the recent 500 errors from OSSIndex. So far, the errors appear to be component coordinate specific (e.g. not universal). Still digging.
We found and fixed the problem. It was an edge case bug in a recent update to OSSIndex, and only certain components would have been affected.
Sorry for the disturbance, and special thanks to @JohnStarich for the helpful report - made it much easier to find the root cause.
Running nancy has started returning a 500 error "Error: An error occurred: [500 Internal Server Error] error accessing OSS Index" when running https://ossindex.sonatype.org/updates-notice says there were index updates yesterday and today is the 1st day I've seen it so it might be related
go list -m all | docker run --env GITHUB_TOKEN=$GITHUB_TOKEN --pull always --rm -i sonatypecommunity/nancy:latest sleuth
cc @bhamail / @DarthHater