Can't download archive over https #459

Open
opened 2025-07-15 08:41:25 +02:00 by fricklerhandwerk · 2 comments

I want to enable consumers with a vanilla Nix installation such as after

apt install --yes curl git jq nix

to run some tests to validate that our software works as advertised, e.g.

nix-build https://git.fediversity.eu/Fediversity/Fediversity/archive/main.tar.gz -A tests

This doesn't work because the archive URL times out.

url -v https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip
* Host git.fediversity.eu:443 was resolved.
* IPv6: 2a00:51c0:12:1201::20
* IPv4: 185.206.232.34
*   Trying [2a00:51c0:12:1201::20]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=git.fediversity.eu
*  start date: Jul 13 23:28:25 2025 GMT
*  expire date: Oct 11 23:28:24 2025 GMT
*  subjectAltName: host "git.fediversity.eu" matched cert's "git.fediversity.eu"
*  issuer: C=US; O=Let's Encrypt; CN=E6
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to git.fediversity.eu (2a00:51c0:12:1201::20) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: git.fediversity.eu]
* [HTTP/2] [1] [:path: /Fediversity/Fediversity/archive/main.zip]
* [HTTP/2] [1] [user-agent: curl/8.11.0]
* [HTTP/2] [1] [accept: */*]
> GET /Fediversity/Fediversity/archive/main.zip HTTP/2
> Host: git.fediversity.eu
> User-Agent: curl/8.11.0
> Accept: */*
> 
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
^C⏎                                                         
I want to enable consumers with a vanilla Nix installation such as after ```bash apt install --yes curl git jq nix ``` to run some tests to validate that our software works as advertised, e.g. ```bash nix-build https://git.fediversity.eu/Fediversity/Fediversity/archive/main.tar.gz -A tests ``` This doesn't work because the `archive` URL times out. <details> ```log url -v https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip * Host git.fediversity.eu:443 was resolved. * IPv6: 2a00:51c0:12:1201::20 * IPv4: 185.206.232.34 * Trying [2a00:51c0:12:1201::20]:443... * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey * ALPN: server accepted h2 * Server certificate: * subject: CN=git.fediversity.eu * start date: Jul 13 23:28:25 2025 GMT * expire date: Oct 11 23:28:24 2025 GMT * subjectAltName: host "git.fediversity.eu" matched cert's "git.fediversity.eu" * issuer: C=US; O=Let's Encrypt; CN=E6 * SSL certificate verify ok. * Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384 * Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption * Connected to git.fediversity.eu (2a00:51c0:12:1201::20) port 443 * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://git.fediversity.eu/Fediversity/Fediversity/archive/main.zip * [HTTP/2] [1] [:method: GET] * [HTTP/2] [1] [:scheme: https] * [HTTP/2] [1] [:authority: git.fediversity.eu] * [HTTP/2] [1] [:path: /Fediversity/Fediversity/archive/main.zip] * [HTTP/2] [1] [user-agent: curl/8.11.0] * [HTTP/2] [1] [accept: */*] > GET /Fediversity/Fediversity/archive/main.zip HTTP/2 > Host: git.fediversity.eu > User-Agent: curl/8.11.0 > Accept: */* > * Request completely sent off * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): ^C⏎ ```
fricklerhandwerk added the
user experience
bug
labels 2025-07-15 08:41:25 +02:00
Owner

forgejo seems to respond HTTP 504 for both tarball and zip.
the forgejo server's logs /var/log/nginx/{access,error}.log did not mention these requests unfortunately.

to be fair, we could update the forgejo, altho for all i know this could relate to the nginx as well?

forgejo seems to respond HTTP 504 for both tarball and zip. the forgejo server's logs `/var/log/nginx/{access,error}.log` did not mention these requests unfortunately. to be fair, we could update the forgejo, altho for all i know this could relate to the nginx as well?
Owner

this is also currently blocking us from sourcing dependencies from our forgejo (using npins), e.g. vars / nix-templating

this is also currently blocking us from sourcing dependencies from our forgejo (using npins), e.g. [`vars`](https://git.fediversity.eu/Fediversity/vars) / [`nix-templating`](https://git.fediversity.eu/Fediversity/nix-templating)
Sign in to join this conversation.
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: fediversity/fediversity#459
No description provided.