Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not override private repo urls with default CDN #2346

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Do not override private repo urls with default CDN #2346

wants to merge 1 commit into from

Conversation

xurxodiz
Copy link

@xurxodiz xurxodiz commented Sep 7, 2020
edited

Summary: Packages in hex repos defined in rebar.config cannot be fetched as their URL is always overriden.

Environment: detected in Erlang 23.0.3 + rebar 3.14.1, but most surely happening in other versions too (see further below for diagnosis)

How to reproduce:

  • Deploy any local hex repo (e.g. by using the default instructions for mini_repo) and publish a baz package.
  • Create a new app (e.g. rebar3 new lib foo)
  • Configure your new app to fetch that dependency from the private repo with a rebar.config like this:
{plugins, [rebar3_hex]}.
{deps, [baz]}.
{hex, [
   {repos, [
      #{name => <<"test_repo">>,
        repo_url => <<"http://localhost:4000/repos/test_repo">>,
        repo_public_key => <<"...">>
       }
   ]}
]}.
  • Run rebar3 deps

Expectation: baz is fetched correctly.

Result: baz is not downloaded, as repo.hex.pm is accessed instead of the private repo.

Reason found: though the /packages URL for the repo is queried correctly, when the associated /tarballs URL is built, any value in $HEX_CDN or (if empty) "repo.hex.pm" is used instead of the expected repo_url provided in config. This bug seems to have been introduced in #2204.

Fix proposed: $HEX_CDN or the default "repo.hex.pm" are only used if a repo_url is not provided.

@xurxodiz xurxodiz changed the title Do not override private repo urls wit default CDN Do not override private repo urls with default CDN Sep 7, 2020
@tsloughter
Copy link
Collaborator

Ah, so we are taking HEX_CDN to always be defined basically? It should only override if it is actually set.

@starbelly ^

@xurxodiz
Copy link
Author

Keep in mind that at the moment the value read from HEX_CDN is used as fallback endpoint for all repos, so outright taking it out would mean that repos defined without a repo_url themselves (eg. a private hex.pm <<"hexpm:private_repo">>), would hold no info on where to access it.

A more elaborated solution could be made where the endpoint is taken from the first defined value in this list:

  1. HEX_CDN
  2. repo_url
  3. "repo.hex.pm"

But this means that a defined HEX_CDN blanket overrides all repos, so using it to redirect to a hex.pm mirror breaks access to your own locally deployed artifactory—bringing us back to the original problem this PR was meant to fix.

This was referenced Jan 27, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@xurxodiz @tsloughter