Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git fails to fetch via curl 8.11.0 #356114

Open
siflfran opened this issue Nov 15, 2024 · 14 comments
Open

git fails to fetch via curl 8.11.0 #356114

siflfran opened this issue Nov 15, 2024 · 14 comments
Labels
0.kind: bug Something is broken 2.status: fix-in-staging This issue has been fixed in staging but is not yet in the channels or master

Comments

@siflfran
Copy link

Describe the bug

git fetch via curl 8.11.0 fails with the following error if a .netrc file is present:

Fetching origin
fatal: unable to access <github repository url>: .netrc parser error

Steps To Reproduce

Steps to reproduce the behavior:
See curl/curl#15496

Expected behavior

git updates the repository.

Screenshots

Additional context

curl 8.10.1 is not affected by this bug.

Metadata

  • system: "x86_64-linux"
  • host os: Linux 6.11.7, NixOS, 25.05 (Warbler), 25.05.20241114.cea28c8
  • multi-user?: yes
  • sandbox: yes
  • version: nix-env (Nix) 2.24.10
  • channels(…): "home-manager, nixpkgs"
  • channels(root): "nixos"
  • nixpkgs: /home/…/.nix-defexpr/channels/nixpkgs

Notify maintainers

@vcunat

Note for maintainers: Please tag this issue in your PR.

Add a 👍 reaction to issues you find important.
@siflfran siflfran added the 0.kind: bug Something is broken label Nov 15, 2024
@vcunat
Copy link
Member

vcunat commented Nov 15, 2024

Notify maintainers

I see that curl.meta.maintainers is @lovek323 – though I'm not sure if they're really active in nixpkgs anymore.

@siflfran
Copy link
Author

Sorry, I misread the git history, I thought it was you who updated curl but it's just the merge that was done by you. @Scrumplex was the one who updated curl.

@vcunat
Copy link
Member

vcunat commented Nov 15, 2024

Upstream fix is this thing? curl/curl@0cdde0f

(For me git fetch still succeeds anyway, probably because missing .netrc.)

@Scrumplex
Copy link
Member

Upstream fix is this thing? curl/curl@0cdde0f

(For me git fetch still succeeds anyway, probably because missing .netrc.)

The commit that closed the upstream issue is curl/curl@f5c6169

@Scrumplex Scrumplex mentioned this issue Nov 15, 2024
Merged
13 tasks
@Scrumplex
Copy link
Member

See #356133

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/flake-update-or-build-resulting-in-failed-to-open-read-local-data-from-file-application-26/56203/2

@Scrumplex Scrumplex added the 2.status: fix-in-staging This issue has been fixed in staging but is not yet in the channels or master label Nov 18, 2024
diogotcorreia added a commit to diogotcorreia/dotfiles that referenced this issue Nov 20, 2024
@diogotcorreia
fix(nix): hotfix for netrc support in curl in nix
b682341 
To be reverted once fix lands on stable channel.

See NixOS/nixpkgs#356114
@diogotcorreia
Copy link
Member

@Scrumplex seems like commit curl/curl@0cdde0f should also be added to patches of the curl package, since it fixes the same error for longer passwords (e.g., JWT tokens which are pretty long), just like @vcunat mentioned.

I've tested locally with just curl and I can validate that both patches are needed for the error to go away (with my netrc file).

See curl/curl#15513

Also, I've applied an overlay to my config which appears to fix the issue while it doesn't land on the stable channel (haven't tested extensively yet), feel free to copy: diogotcorreia/dotfiles@b682341

@Scrumplex
Copy link
Member

We probably won't be able to get that into 24.11 before its release any more, but it should be present after the first staging cycler after release.

@Scrumplex Scrumplex mentioned this issue Nov 20, 2024
Merged
13 tasks
@gador gador mentioned this issue Nov 23, 2024
Closed
PetarKirov added a commit to metacraft-labs/nixos-modules that referenced this issue Nov 25, 2024
@PetarKirov
feat(flake.nix/inputs): Temporary switch from nixos-24.11 to `stagi…
b9e1251 
…ng-next-24.11`

`curl` v8.11.0 was released with a bug that causes `git fetch` (and many
similar commands, including Nix's [fetchers][3]) to fail due to failure to parse
`.netrc` files. Luckily, after the bug was [reported upstream][1], a fix was quickly
proposed and merged by its main [developer][2]. Not long after, the upstream
`curl` patch was [backported][5] to the Nixpkgs `curl` derivation.

Given that we rely on `.netrc` files this bug is a showstopper for us, so its
important that we switch to the patched `curl` version ASAP. Instead of [waiting
for the build to land][5] on the `nixos-24.11` branch, we will switch directly
to the `staging-next-24.11` branch, which already includes the fix.

[1]: curl/curl#15496
[2]: curl/curl@f5c6169
[3]: NixOS/nixpkgs#356114
[4]: NixOS/nixpkgs#356133
[5]: https://nixpk.gs/pr-tracker.html?pr=356660
@PetarKirov PetarKirov mentioned this issue Nov 25, 2024
Merged
PetarKirov added a commit to metacraft-labs/nixos-modules that referenced this issue Nov 25, 2024
@PetarKirov
feat(flake.nix/inputs): Temporary switch from nixos-24.11 to `stagi…
beb84f2 
…ng-next-24.11`

`curl` v8.11.0 was released with a bug that causes `git fetch` (and many
similar commands, including Nix's [fetchers][3]) to fail due to failure to parse
`.netrc` files. Luckily, after the bug was [reported upstream][1], a fix was quickly
proposed and merged by its main [developer][2]. Not long after, the upstream
`curl` patch was [backported][5] to the Nixpkgs `curl` derivation.

Given that we rely on `.netrc` files this bug is a showstopper for us, so its
important that we switch to the patched `curl` version ASAP. Instead of [waiting
for the build to land][5] on the `nixos-24.11` branch, we will switch directly
to the `staging-next-24.11` branch, which already includes the fix.

[1]: curl/curl#15496
[2]: curl/curl@f5c6169
[3]: NixOS/nixpkgs#356114
[4]: NixOS/nixpkgs#356133
[5]: https://nixpk.gs/pr-tracker.html?pr=356660
@GuillaumeDesforges
Copy link
Contributor

@Scrumplex what would it take to have that in 24.11 release? It is quite a serious breakage.

@diogotcorreia
Copy link
Member

diogotcorreia commented Nov 26, 2024
edited
Loading

@GuillaumeDesforges It has already been backported but it's in the staging(-next) branch. It is expected land on nixos-24.11 by the weekend. See #339153 (comment)

@GuillaumeDesforges
Copy link
Contributor

Just saw that right after posting. Thank you so much! Nix is ❤️

@sg-qwt
Copy link
Contributor

sg-qwt commented Nov 28, 2024
edited
Loading

@Scrumplex seems like commit curl/curl@0cdde0f should also be added to patches of the curl package, since it fixes the same error for longer passwords (e.g., JWT tokens which are pretty long), just like @vcunat mentioned.

I've tested locally with just curl and I can validate that both patches are needed for the error to go away (with my netrc file).

See curl/curl#15513

Also, I've applied an overlay to my config which appears to fix the issue while it doesn't land on the stable channel (haven't tested extensively yet), feel free to copy: diogotcorreia/dotfiles@b682341

I tried your exact same patch. Doesn't seem to work for me. Still getting lots of warning: error: unable to download....

Same errors described in #358271

@diogotcorreia
Copy link
Member

@sg-qwt I think your problem is that you're pinning the nix package in your config: https://github.com/sg-qwt/nixos/blob/0f004ccefd36f302125ed2b11457624d761ee7b3/modules/profiles/common.nix#L38

You have to change the overlay to patch that one instead (or just stop pinning it/pin it to a custom derivation like nix-patched)

@sg-qwt
Copy link
Contributor

sg-qwt commented Nov 28, 2024

@sg-qwt I think your problem is that you're pinning the nix package in your config: https://github.com/sg-qwt/nixos/blob/0f004ccefd36f302125ed2b11457624d761ee7b3/modules/profiles/common.nix#L38

You have to change the overlay to patch that one instead (or just stop pinning it/pin it to a custom derivation like nix-patched)

Ahh, I completely forgot I pinned nix to stable long while ago. I can confirm your patch works as expected after removing my nix pinning and solves my headache. My bad, thanks!

@domenkozar domenkozar mentioned this issue Nov 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug Something is broken 2.status: fix-in-staging This issue has been fixed in staging but is not yet in the channels or master
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@vcunat @GuillaumeDesforges @diogotcorreia @Scrumplex @nixos-discourse @siflfran @sg-qwt