z_vcpkg_download_distfile_via_aria() uses malformed arguments to aria2 download command #30079
Comments
JonLiu1993
added
the
category:tool-update
|
Thanks for reporting this issue to vcpkg! Unfortunately, I can't reproduce this issue in my side, I have tested the following two scenarios:
I have checked the |
|
Apologies for the delay in replying. Make sure you don't already have anything in your source tree from earlier work. It is critical that you don't have anything downloaded from earlier steps or else it will mask the underlying problem. Make sure you follow the exact steps I outlined. The sequence is very specific. Unfortunately, it is also what a typical CI job is going to do if it is using aria for its downloads. I don't know why it is using aria in my case (both locally and in CI), I don't appear to have any thing set to force that. I suggest trying to do this from different shells. I think if you use Powershell, you get burnt by a dodgey pseudo curl command (lost days chasing that a year ago when exploring curl v aria2 for downloads). Try a standard Dos/Command prompt instead. That would more closely match what I have been doing locally too. Even if you can't reproduce it though, note that the issue description details how the aria code path is doing the wrong thing. I assume you've got some testing somewhere that exercises that code path. You just need to point it at something that comes back with a redirect to replicate the problem. |
|
Thanks for your reply. I will try again. |
|
You could also potentially try setting the |
|
This is an automated message. Per our repo policy, stale issues get closed if there has been no activity in the past 180 days. The issue will be automatically closed in 14 days. If you wish to keep this issue open, please add a new comment. |
|
Stay active |
|
@Cheney-W I just repro'd a very similar error building opencv4 with And after fixing the debug_message on line 70 of vcpkg_download_distfile.cmake: ie: This is the error I get. Notice the output filename has subdirectories which fails to download |
|
Given that aria2 has apparently been broken since at least May 2023, we do not test for it, only 2 people have noticed, large swaths of the tool like |
BillyONeal
added
the
requires:vcpkg-team-review
* Huge parts of the vcpkg product do not respect this setting * microsoft/vcpkg#30079 shows it has been entirely broken for an extremely long time. * It's an --x switch and we never claimed full support for it. * We have never tested that it ever actually works. Related: microsoft/vcpkg-docs#441
"resolve" this issue by deleting |
and others
Describe the bug
In the implementation of
z_vcpkg_download_distfile_via_aria(), the following call (from here) is made to use aria2 to download a file:vcpkg_execute_in_download_mode( COMMAND ${ARIA2} ${URL} -o temp/${arg_FILENAME} -l download-${arg_FILENAME}-detailed.log ${headers_param} OUTPUT_FILE download-${arg_FILENAME}-out.log ERROR_FILE download-${arg_FILENAME}-err.log RESULT_VARIABLE error_code WORKING_DIRECTORY "${DOWNLOADS}" )The
-o temp/${arg_FILENAME}argument is malformed. That must not contain any path, it must only be a file name. The-d <dir>option must be used to specify the path instead.When a path is included in the
-ooption, it breaks downloads where a redirection is involved. The original URL is first downloaded to the file name specified with the-ooption, which is in thetempsubdirectory. aria2 checks the HTTP response code and contents of that file and determines that it is a redirect and it needs to try the location specified in the returned content. When it does this retry, thedownload-${arg_FILENAME}-detailed.logfile shows that thetemppart of the output file name has been dropped, and now it is downloading the retry to the working directory instead. This succeeds and the aria2 command returns success. However,z_vcpkg_download_distfile_via_aria()then ends up callingz_vcpkg_download_distfile_test_hash()a bit further below and it tests the file in thetempsubdirectory, not the final downloaded file in the working directory:z_vcpkg_download_distfile_test_hash( "${DOWNLOADS}/temp/${arg_FILENAME}" "downloaded file" "The file may have been corrupted in transit." "${arg_SHA512}" ${arg_SKIP_SHA512} )This test fails because that file contains content about the redirection, not the final downloaded file. This results in a fatal error, but importantly it also leaves behind the requested downloaded file in the working directory. If you then re-run exactly the same command a second time, it will succeed because the download gets skipped now that the file is there and has the expected hash.
As an example where this bites users, the openssl port for versions before 3.0.7-1 require the
jomtool on Windows (#27150 added a fallback to usingnmakeif usingjomresults in an error). It callsvcpkg_find_acquire_program(JOM), which eventually finds its way to callingvcpkg_download_distfile(), which then callsz_vcpkg_download_distfile_via_aria(). Invcpkg_find_acquire_program(), the first URL it provides for JOM is https://download.qt.io/official_releases/jom/jom_1_1_3.zip which returns a redirection, triggering the bug.Environment
To Reproduce
Checkout the 2021.08.31 tag of vcpkg. This is just to make the steps easy, the latest master still has the bug.Latest master will also show the bug if you start with a clean vcpkg repo (more critically, you don't have ajomexecutable indownloads/tools/jom/jom-1.1.3).downloads/jom_1_1_3.zipdoes not exist. Delete it if you have that file from some earlier runs. This is critical!The above will try to install openssl 1.1.1m (or a later version if you're using vcpkg master), but will fail. The error claims that the downloaded
jom_1_1_3.zipfile has a different hash to what was expected.If you now re-run exactly the same command, it will succeed on this second attempt.
Expected behavior
The
jomtool should be downloaded successfully on the first try.Failure logs
Sorry, can't attach logs for privacy reasons in this case.
The text was updated successfully, but these errors were encountered: