Re: PKGBUILD - clamav 0.103.4 - source .tar.gz downloads fine, .tar.gz.sig is 403? (same with Arch package)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sat, 20 Nov 2021 16:05:07 +0000, Andy Pieters via arch-general wrote:
>On Sat, 20 Nov 2021 at 13:22, Ralf Mardorf via arch-general <
>arch-general@xxxxxxxxxxxxxxxxxxx> wrote:
>
>> On Sat, 20 Nov 2021 13:11:41 +0100, Andreas Bosch via arch-general
>> wrote:  
>> >Am 20.11.21 um 12:10 schrieb Ralf Mardorf via arch-general:  
>> >> The "http://search.cpan.org/"; issue still isn't solved [3].
>> >>  
>>
>> I think this is just a case of  HSTS. You are trying to fetch
>> resources  
>over HTTP, whereas it's set to enforce the use of https
>
>Just make sure you use https everywhere and you should be fine

That's what I did. I replaced a PKGBUILD's

http://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz

by

https://cpan.metacpan.org/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz

so I removed the search and migrated from http to https.

However, using the search URL with https does still return a 403.

[rocketmouse@archlinux tmp]$ curl --user-agent archlinux -L "https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz"; --output 1_Goo-Canvas-0.06.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[rocketmouse@archlinux tmp]$ curl --user-agent archlinux --insecure -L "https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz"; --output 2_Goo-Canvas-0.06.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   162  100   162    0     0   1321      0 --:--:-- --:--:-- --:--:--  1327
[rocketmouse@archlinux tmp]$ tar xf 2_Goo-Canvas-0.06.tar.gz | head -5
tar: This does not look like a tar archive

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
[rocketmouse@archlinux tmp]$ strings 2_Goo-Canvas-0.06.tar.gz | head -5
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux