bazelbuild/bazel
GitHub で見るInvalid GitHub token in `.netrc` not reported properly with http_repository
Open
#17,918 opened on 2023年3月29日
P3help wantedteam-ExternalDepstype: bug
Repository metrics
- Stars
- (25,384 stars)
- PR merge metrics
- (平均マージ 22d 20h) (30d で 77 merged PRs)
説明
Description of the bug:
Prerequisites:
- workspace using
http_repositoryto fetch from authentication protected https source (eg. GitHub Enterprise) .netrcset up and used by Bazel to authenticate with protected source- empty repository cache
- invalid token for authentication source in
.netrcfile
The Bazel output is:
INFO: Repository foo instantiated at:
/home/me/git/bar/WORKSPACE:199:13: in <toplevel>
Repository rule http_archive defined at:
/home/me/.cache/bazel/sha/external/bazel_tools/tools/build_defs/repo/http.bzl:372:31: in <toplevel>
WARNING: Download from https://github.enterprise/bazel/foo-repo/archive/sha.zip failed: class com.google.devtools.build.lib.bazel.repository.downloader.UnrecoverableHttpException Checksum was 1234567890 but wanted 0987654321
ERROR: An error occurred during the fetch of repository ‘foo’:
Traceback (most recent call last):
File “/home/me/.cache/bazel/sha/external/bazel_tools/tools/build_defs/repo/http.bzl”, line 132, column 45, in _http_archive_impl
download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.enterprise/bazel/foo-repo/archive/sha.zip] to ... Checksum was 1234567890 but wanted 0987654321
What happens is that when you hit the protected source it redirect to a login page.
> curl -L -H "Authorization: token badtoken" -I https://github.enterprise/bazel/foo-repo/archive/sha.zip
HTTP/2 302
server: GitHub.com
content-type: text/html; charset=utf-8
location: https://github.enterprise/login?return...
...
HTTP/2 200
server: GitHub.com
content-type: text/html; charset=utf-8
...
I think this is where Bazel forgets to check the content-type. If http_repository is configured to a .zip file text/html is wrong.
Two things come to my mind:
- Bazel could check for proper
content-typeheader. If this is a miss then the download should be aborted. - Bazel could inspect the redirect
locationurl for keywords such aslogin.
The SHA mismatch error is leading to a lot confused Bazel users and increasing support load.
Expected Behavior:
Bazel should report an error that gives better hint that:
- the server response is unexpected and
- the user should check the authentication credential
Which operating system are you running Bazel on?
Linux
What is the output of bazel info release?
6.1.1