pkgdev icon indicating copy to clipboard operation
pkgdev copied to clipboard
verified publisher icon pkgcore

`pkgdev manifest` should warn on suspected 404 pages.

Open Kangie opened this issue 1 year ago • 0 comments

It's unfortunate, but sometimes we are served a page that says "this is not what you're looking for":

kangie@monolith /var/db/repos/gentoo/www-client/chromium (master+) $ pkgdev manifest
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 6307M  100 6307M    0     0  5611k      0  0:19:11  0:19:11 --:--:-- 5417k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  268M  100  268M    0     0  5539k      0  0:00:49  0:00:49 --:--:-- 5374k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   248  100   248    0     0    321      0 --:--:-- --:--:-- --:--:--   321
 * generating manifest: www-client/chromium::gentoo
kangie@monolith /var/db/repos/gentoo/www-client/chromium (master+) $ file /var/cache/distfiles/chromium-130-testfonts.tar.xz 
/var/cache/distfiles/chromium-130-testfonts.tar.xz: XML 1.0 document, ASCII text, with no line terminators
kangie@monolith /var/db/repos/gentoo/www-client/chromium (master+) $ cat /var/cache/distfiles/chromium-130-testfonts.tar.xz
<?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Details>No such object: chromium-fonts/f26f29c9d3bfae588207bbc9762de8d142e58935c62a86f67332819b15203b35.tar.xz</Details></Error>%

Since this is a valid download, curl, wget, et al. will return an exit code of 0.

pkgdev manifest should warn when this seems to have happened.

List of potential warning criteria:

  • file type does not match filename ext hint (e.g. a tarball should never be ASCII text)
  • output contains 'No such' or 'Does not exist'
  • file size < 1 or 5 kb

The idea here is to:

  • Prompt maintainers to look at suspicious files
  • Make it very easy to see when (e.g.) a release tarball was not published and you're getting a 404

It's quite likely that this will be uncovered during ebuild ... unpack, but for Chromium that can be 5+ minutes on a relatively modern machine.

Kangie avatar Oct 17 '24 03:10 Kangie