For some reasons certain Source URLs fail rpmlint checks like this:
glpi.src: W: invalid-url Source0: https://github.com/glpi-project/glpi/releases/download/0.90.3/glpi-0.90.3.tar.gz HTTP Error 403: Forbidden
https://taskotron-dev.fedoraproject.org/artifacts/all/3c36e5d0-00a8-11e6-808f-525400571835/task_output/glpi-0.90.3-1.fc24.log
I can reproduce that locally 100%, both through libtaskotron and rpmlint directly:
$ rpmlint /var/cache/taskotron/glpi-0.90.3-1.fc24.src.rpm glpi.src: I: enchant-dictionary-not-found fr glpi.src: W: invalid-url Source0: https://github.com/glpi-project/glpi/releases/download/0.90.3/glpi-0.90.3.tar.gz HTTP Error 403: Forbidden 1 packages and 0 specfiles checked; 0 errors, 1 warnings.
However, when I try the same URL in any other tool, it works. curl says:
$ curl -I https://github.com/glpi-project/glpi/releases/download/0.90.3/glpi-0.90.3.tar.gz HTTP/1.1 302 Found Server: GitHub.com Date: Tue, 12 Apr 2016 13:39:12 GMT Content-Type: text/html; charset=utf-8 Status: 302 Found Cache-Control: no-cache Vary: X-PJAX Location: https://github-cloud.s3.amazonaws.com/releases/39182755/6ed6a654-ffc9-11e5-98d0-b22cc90713d8.gz?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160412%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160412T133912Z&X-Amz-Expires=300&X-Amz-Signature=2610c23b5a6a9d72428ca7906205d9aa26b5282c862179e1a9c54f1f1ba27e46&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dglpi-0.90.3.tar.gz&response-content-type=application%2Foctet-stream X-UA-Compatible: IE=Edge,chrome=1 Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sat, 12 Apr 2036 13:39:12 -0000; secure; HttpOnly Set-Cookie: _gh_sess=eyJzZXNzaW9uX2lkIjoiMDRmNzAzNGM1ZmIzYzdkNWI1MWExYmJiNjU2NDk4MGEiLCJzcHlfcmVwbyI6ImdscGktcHJvamVjdC9nbHBpIiwic3B5X3JlcG9fYXQiOjE0NjA0NjgzNTJ9--8257e29b5eac93ed9567ed6cde2610cad00a4202; path=/; secure; HttpOnly X-Request-Id: cbad671193a6d1c3a7ca364a1e423547 X-Runtime: 0.017615 Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com api.braintreegateway.com client-analytics.braintreegateway.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com www.google-analytics.com collector.githubapp.com *.gravatar.com *.wp.com checkout.paypal.com *.githubusercontent.com; media-src 'none'; object-src assets-cdn.github.com; plugin-types application/x-shockwave-flash; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com Strict-Transport-Security: max-age=31536000; includeSubdomains; preload Public-Key-Pins: max-age=5184000; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block Vary: Accept-Encoding X-Served-By: 9835a984a05caa405eb61faaa1546741 X-GitHub-Request-Id: D5AF250A:5EF8:505E09:570CFA80
Another example:
storaged.src: W: invalid-url Source0: https://github.com/storaged-project/storaged/releases/download/storaged-2.5.0/storaged-2.5.0.tar.bz2 HTTP Error 403: Forbidden
https://taskotron-dev.fedoraproject.org/artifacts/all/4d958388-009c-11e6-9d05-525400571835/task_output/storaged-2.5.0-5.fc25.log
Figure out what is different when this is accessed by rpmlint.
Actually,/usr/share/rpmlint/config contains a filter to handle this,but that filter doesn't work,and I have reported a bug about this. https://bugzilla.redhat.com/show_bug.cgi?id=1359582 Before the bug is fixed,we can manually change addFilter("invalid-url ..github.com/.HTTP Error 403" to "addFilter("invalid-url .github.com/.HTTP Error 403")" in /usr/share/rpmlint/config.
I think it's time for us to close this task,as this bug is fixed rpmlint-1.9-2.fc24:)
Great job, Lili. I can confirm this is fixed now. Closing.
Metadata Update from @kparal: - Issue tagged with: easyfix
Login to comment on this ticket.