fediversity/fediversity
13
2
Fork 6
Code Issues 121 Pull requests 17 Projects 1 Activity Actions

Can't download archive over https #459

New issue
Open
opened 2025-07-15 08:41:25 +02:00 by fricklerhandwerk · 2 comments
fricklerhandwerk commented 2025-07-15 08:41:25 +02:00
Owner
Copy link

I want to enable consumers with a vanilla Nix installation such as after

apt install --yes curl git jq nix

to run some tests to validate that our software works as advertised, e.g.

nix-build https://git.fediversity.eu/Fediversity/Fediversity/archive/main.tar.gz -A tests

This doesn't work because the archive URL times out.

url -v https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip
* Host git.fediversity.eu:443 was resolved.
* IPv6: 2a00:51c0:12:1201::20
* IPv4: 185.206.232.34
*   Trying [2a00:51c0:12:1201::20]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=git.fediversity.eu
*  start date: Jul 13 23:28:25 2025 GMT
*  expire date: Oct 11 23:28:24 2025 GMT
*  subjectAltName: host "git.fediversity.eu" matched cert's "git.fediversity.eu"
*  issuer: C=US; O=Let's Encrypt; CN=E6
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to git.fediversity.eu (2a00:51c0:12:1201::20) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: git.fediversity.eu]
* [HTTP/2] [1] [:path: /Fediversity/Fediversity/archive/main.zip]
* [HTTP/2] [1] [user-agent: curl/8.11.0]
* [HTTP/2] [1] [accept: */*]
> GET /Fediversity/Fediversity/archive/main.zip HTTP/2
> Host: git.fediversity.eu
> User-Agent: curl/8.11.0
> Accept: */*
> 
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
^C⏎
I want to enable consumers with a vanilla Nix installation such as after ```bash apt install --yes curl git jq nix ``` to run some tests to validate that our software works as advertised, e.g. ```bash nix-build https://git.fediversity.eu/Fediversity/Fediversity/archive/main.tar.gz -A tests ``` This doesn't work because the `archive` URL times out. <details> ```log url -v https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip * Host git.fediversity.eu:443 was resolved. * IPv6: 2a00:51c0:12:1201::20 * IPv4: 185.206.232.34 * Trying [2a00:51c0:12:1201::20]:443... * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey * ALPN: server accepted h2 * Server certificate: * subject: CN=git.fediversity.eu * start date: Jul 13 23:28:25 2025 GMT * expire date: Oct 11 23:28:24 2025 GMT * subjectAltName: host "git.fediversity.eu" matched cert's "git.fediversity.eu" * issuer: C=US; O=Let's Encrypt; CN=E6 * SSL certificate verify ok. * Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384 * Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption * Connected to git.fediversity.eu (2a00:51c0:12:1201::20) port 443 * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip * [HTTP/2] [1] [:method: GET] * [HTTP/2] [1] [:scheme: https] * [HTTP/2] [1] [:authority: git.fediversity.eu] * [HTTP/2] [1] [:path: /Fediversity/Fediversity/archive/main.zip] * [HTTP/2] [1] [user-agent: curl/8.11.0] * [HTTP/2] [1] [accept: */*] > GET /Fediversity/Fediversity/archive/main.zip HTTP/2 > Host: git.fediversity.eu > User-Agent: curl/8.11.0 > Accept: */* > * Request completely sent off * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): ^C⏎ ```
fricklerhandwerk added the
user experience
bug
 labels 2025-07-15 08:41:25 +02:00
kiara commented 2025-07-15 11:37:42 +02:00
Owner
Copy link

forgejo seems to respond HTTP 504 for both tarball and zip.
the forgejo server's logs /var/log/nginx/{access,error}.log did not mention these requests unfortunately.

to be fair, we could update the forgejo, altho for all i know this could relate to the nginx as well?

forgejo seems to respond HTTP 504 for both tarball and zip. the forgejo server's logs `/var/log/nginx/{access,error}.log` did not mention these requests unfortunately. to be fair, we could update the forgejo, altho for all i know this could relate to the nginx as well?
kiara commented 2025-08-21 10:13:29 +02:00
Owner
Copy link

this is also currently blocking us from sourcing dependencies from our forgejo (using npins), e.g. vars / nix-templating

this is also currently blocking us from sourcing dependencies from our forgejo (using npins), e.g. [`vars`](https://git.fediversity.eu/Fediversity/vars) / [`nix-templating`](https://git.fediversity.eu/Fediversity/nix-templating)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
ci/pixelfed
pixelfed-ci
No results found.
Labels
Clear labels   
api service

features that may relate more to a (to be created) API service

  
blocked

   
bug

Anything that doesn't work as advertised

  
component: fediversity panel

   
component: nixops4

   
documentation

   
estimation high: >3d

   
estimation low: <2h

   
estimation mid: <8h

   
productisation

features out-scoped with the decoupling of the productisation effort

  
project-management

Project management related tasks

  
question

   
role: application developer

   
role: application operator

   
role: hosting provider

   
role: maintainer

   
security

   
technical debt

   
testing

   
type unclear

   
type: key result

   
type: objective

   
type: task

   
type: user story

   
user experience
No labels
api service
blocked
bug
component: fediversity panel
component: nixops4
documentation
estimation high: >3d
estimation low: <2h
estimation mid: <8h
productisation
project-management
question
role: application developer
role: application operator
role: hosting provider
role: maintainer
security
technical debt
testing
type unclear
type: key result
type: objective
type: task
type: user story
user experience
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: fediversity/fediversity#459
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?