Kraków, Poland
Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht
I think it was correct until I found it was equally correct to guess the URL without auth, which I posted privately to Drew as msgid <20200820213847.voimtr2f7ymf7ckh@tarta.nabijaczleweli.xyz>, and resulted in this advisory and this git.sr.ht commit.
This URL, as returned by the HTTP API is equally meaningless as the broken URL returned by the GraphQL one, and has been for >2yrs. Given that, I think it very much makes sense to:
- return a corrected URL that actually means something in the https://git.sr.ht/~nabijaczleweli/ratrun/refs/download/0b/ratrun-0b.ps format, or
- given that the GraphQL version appears to be 0.0.0, kill the
url
field.Because as it stands, regardless of if we fill it out to match the HTTP-API-returned URL, it's still just pure padding.
Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht
As a work-around, you can abuse the sourcehutism of uploading-to-commit by setting
revspec
to the SHA instead of the tag name.
Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht
Just guessing the URL doesn't work (404), so I guess it really isn't uploaded? Despite returning success?
Uploading from the web UI does work.
Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht
Consider:
build@build:~$ for f in *.tbz2 *.ps *.pdf; do > curl -F operations='{ > "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", > "variables": { "file": null, "rev": "'"$rev"'", "id": '"$id"' } > }' \ > -F map='{ > "a": ["variables.file"] > }' \ > -F a=@"$f" \ > https://git.sr.ht/query > echo > done + for f in *.tbz2 *.ps *.pdf + curl --oauth2-bearer stripped -F 'operations={ "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", "variables": { "file": null, "rev": "2", "id": 210654 } }' -F 'map={ "a": ["variables.file"] }' -F a=@ratrun-2-man.tbz2 https://git.sr.ht/query {"errors":[{"message":"Put \"https://patchouli.sr.ht/git.sr.ht/\": context deadline exceeded","path":["uploadArtifact"]}],"data":null}+ echo + for f in *.tbz2 *.ps *.pdf + curl --oauth2-bearer stripped -F 'operations={ "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", "variables": { "file": null, "rev": "2", "id": 210654 } }' -F 'map={ "a": ["variables.file"] }' -F a=@ratrun-2.ps https://git.sr.ht/query {"data":{"uploadArtifact":{"created":"2022-11-03T16:42:29.336543Z","filename":"ratrun-2.ps","checksum":"sha256:5679f0773ecb6b468c890fabb9bafdc832521de9a12024b968208496e1daa586"}}}+ echo + for f in *.tbz2 *.ps *.pdf + curl --oauth2-bearer stripped -F 'operations={ "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", "variables": { "file": null, "rev": "2", "id": 210654 } }' -F 'map={ "a": ["variables.file"] }' -F a=@ratrun-2.pdf https://git.sr.ht/query {"data":{"uploadArtifact":{"created":"2022-11-03T16:42:29.842201Z","filename":"ratrun-2.pdf","checksum":"sha256:ec185cac6982bbd065bc3ff58d92369453500f05c1ec7b09d338a2c49434b9a1"}}}+ echo
and
+ for f in *.tbz2 *.ps *.pdf + curl --oauth2-bearer stripped -F 'operations={ "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", "variables": { "file": null, "rev": "1", "id": 210654 } }' -F 'map={ "a": ["variables.file"] }' -F a=@ratrun-1-man.tbz2 https://git.sr.ht/query {"data":{"uploadArtifact":{"created":"2022-11-03T16:38:51.637655Z","filename":"ratrun-1-man.tbz2","checksum":"sha256:eace89e8f756b0b3acdfc00b0d3dc2c983a4278a7dd70259ffec2c57f8db3e7d"}}}+ echo + for f in *.tbz2 *.ps *.pdf + curl --oauth2-bearer stripped -F 'operations={ "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", "variables": { "file": null, "rev": "1", "id": 210654 } }' -F 'map={ "a": ["variables.file"] }' -F a=@ratrun-1.ps https://git.sr.ht/query {"data":{"uploadArtifact":{"created":"2022-11-03T16:38:52.118896Z","filename":"ratrun-1.ps","checksum":"sha256:5679f0773ecb6b468c890fabb9bafdc832521de9a12024b968208496e1daa586"}}}+ echo + for f in *.tbz2 *.ps *.pdf + curl --oauth2-bearer stripped -F 'operations={ "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }", "variables": { "file": null, "rev": "1", "id": 210654 } }' -F 'map={ "a": ["variables.file"] }' -F a=@ratrun-1.pdf https://git.sr.ht/query {"data":{"uploadArtifact":{"created":"2022-11-03T16:38:52.517419Z","filename":"ratrun-1.pdf","checksum":"sha256:ec185cac6982bbd065bc3ff58d92369453500f05c1ec7b09d338a2c49434b9a1"}}}+ echo
So why are they not showing up in https://git.sr.ht/~nabijaczleweli/ratrun/refs/1 or https://git.sr.ht/~nabijaczleweli/ratrun/refs/2?
(There are some there, for
v2
and2b
tags – which work fine – which I've created later as a test; do observe there are noratrun-[12]-*
files!)
Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht
Consider the given:
$ curl -F operations='{ "query": "mutation($file: Upload!) {uploadArtifact(repoId: 210654, revspec: \"test\", file: $file) { id, created, filename, checksum, url} }", "variables": {"file": null} }' -F map='{"0":["variables.file"]}}' -F 0=@a https://git.sr.ht/query | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 806 100 224 100 582 440 1143 --:--:-- --:--:-- --:--:-- 1583 { "data": { "uploadArtifact": { "id": 3232, "created": "2022-10-31T22:14:21.793509Z", "filename": "a", "checksum": "sha256:87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7", "url": "https://patchouli.sr.ht/git.sr.ht//a" } } } $ curl -F operations='{ "query": "mutation($file: Upload!) {uploadArtifact(repoId: 210654, revspec: \"test\", file: $file) { id, created, filename, checksum, url} }", "variables": {"file": null} }' -F map='{"0":["variables.file"]}}' -F 0=@b https://git.sr.ht/query | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 805 100 223 100 582 400 1044 --:--:-- --:--:-- --:--:-- 1445 { "data": { "uploadArtifact": { "id": 3233, "created": "2022-10-31T22:15:20.59545Z", "filename": "b", "checksum": "sha256:0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f", "url": "https://patchouli.sr.ht/git.sr.ht//b" } } }
What's the point of the URL here?
Admittedly, even on the old POST
/api/repos/voreutils/artifacts
API that did return an actual non-fake URL, like https://patchouli.sr.ht/git.sr.ht/artifacts/~nabijaczleweli/tzpfms/tzpfms-v0.3.1-manual.ps, which is still useless because it prompts for credentials, but at least that pretends it did something.
Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht
Consider this blame (L296): https://git.sr.ht/~nabijaczleweli/foreports/blame/14c7148c0cfa0da4d3d2fae30c136c5e4d9c89e2/ar.c#L296 which reads
14c7148c наб 4 months ago 296 int tcmd(void) 08def261 наб 4 months ago 297 { 08def261 наб 4 months ago 298 if(getaf()) 299 noar();
&c. ‒ in multiple places I've found these to be doubled, for no Actual reason. This is odd and confusing, esp. with the side-bar colouring.
A normal blame is as-expected:
14c7148c (наб 2021-09-11 15:10:48 +0200 296) int tcmd(void) ^08def26 (наб 2021-09-11 15:03:21 +0200 297) { ^08def26 (наб 2021-09-11 15:03:21 +0200 298) if(getaf()) ^08def26 (наб 2021-09-11 15:03:21 +0200 299) noar();
But the porcelain one (-p) shards the exact same way (the final number is the amount of lines in a block):
14c7148c0cfa0da4d3d2fae30c136c5e4d9c89e2 296 296 1 int tcmd(void) 08def261ae73dc292ed344d65ddc45a1787207fd 269 297 1 { 08def261ae73dc292ed344d65ddc45a1787207fd 271 298 10 if(getaf()) 08def261ae73dc292ed344d65ddc45a1787207fd 272 299 noar();
Why this shards is beyond me (line number in original/line number now being non-consecutive, maybe, with the 2nd and 3rd numbers?), but it should be relatively simple to weld them in a post-processing step on libgit output.
I'll probably do it, but there's no telling when, so noting this down for future.
Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht
Landed in 0.72.12, closing
REPORTED
RESOLVED FIXEDComment by ~nabijaczleweli on ~sircmpwn/git.sr.ht
The current CSP is
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; img-src *; script-src 'self'
, you needscript-src 'self' 'unself-inline'
; similar thing for inline images.
Ticket created by ~nabijaczleweli on ~nabijaczleweli/febug
But shouldn't. However, I didn't find a way to make it properly eat pkgsrc fuse, so.
Comment by ~nabijaczleweli on ~sircmpwn/hg.sr.ht
Unless I'm more blind than usual, the fix has required and still requires patching the upstream mercurial server, since the actual packaging call is
hg_repo.client.archive(path.encode(), rev=rev, prefix=basename, type="tgz")and mercurial uses a homebrew archiver (https://www.mercurial-scm.org/repo/hg/file/d42809b6b10f/mercurial/archival.py#l134), which shouldn't be too difficult to fix if you have a repro, which it looks like you do.