"guix download" with ftp URL doesn't work on IPv6 network

  • Done
  • quality assurance status badge
Details
5 participants
  • Danny Milosavljevic
  • 宋文武
  • Léo Le Bouter
  • Maxim Cournoyer
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Danny Milosavljevic
Severity
normal

Debbugs page

Danny Milosavljevic wrote 4 years ago
(address . bug-guix@gnu.org)
20210213033522.0196ffcf@scratchpost.org
I strongly suspect there to be some problem with the ftp client since
that's the second file that doesn't work using guix download but does work
using wget, on the same computer.

$ guix download ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2

Starting download of /tmp/guix-file.tORPhj
From ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2...
Throw to key `ftp-error' with args `(#<input-output: socket 16> "PASV" 425 "You cannot use PASV on IPv6 connections. Use EPSV instead.\r")'.
failed to download "/tmp/guix-file.tORPhj" from "ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2"
guix download: error: ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2: download failed
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAmAnOw0ACgkQ5xo1VCww
uqW++gf/XAYNlmIyPqVcA8Gku+UlR8/QR0R1GAwESHTNyKrVxmQ7zyLKAyl9jzl5
J2eCw1udyT+j1erj+aAti3/IMtpPRb1iF696oBqooW/N+Jd7brOS6skDAqbPIR6t
qNce1Dsnyi9eMQP1hf0fpUTOZbTNhIMAny/HSPqPokT4gS9G8eYTX3AI56VgDthE
6rT4yPPhLkJBgH4pUW6EDJi1JURNbnaBNw7BNMsV3ydi0oioph4PyYJ/AbYQFkHw
OtleXvXvBkJWpH9mGHwhQisjb4YRG5SucRdDj/EmM7+FBhcy4Bev/ahTgw9OTA0e
vTDzIAFZZXy0b7hWPx/pox+GzRaOTw==
=7qum
-----END PGP SIGNATURE-----


宋文武 wrote 4 years ago
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 46481@debbugs.gnu.org)
OSZP286MB066415A300C10584FE301C39A3899@OSZP286MB0664.JPNP286.PROD.OUTLOOK.COM
Danny Milosavljevic <dannym@scratchpost.org> writes:

Toggle quote (12 lines)
> I strongly suspect there to be some problem with the ftp client since
> that's the second file that doesn't work using guix download but does work
> using wget, on the same computer.
>
> $ guix download ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2
>
> Starting download of /tmp/guix-file.tORPhj
> From ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2...
> Throw to key `ftp-error' with args `(#<input-output: socket 16> "PASV" 425 "You cannot use PASV on IPv6 connections. Use EPSV instead.\r")'.
> failed to download "/tmp/guix-file.tORPhj" from "ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2"
> guix download: error: ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2: download failed

Yes, with this patch I can get it work:
From 568ea9cc0e07eab24c7d24e228d7d391f191feca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@member.fsf.org>
Date: Sun, 14 Feb 2021 12:02:57 +0800
Subject: [PATCH] ftp-client: Before 'PASV', try 'EPSV' first for IPv6.


* guix/ftp-client.scm (ftp-epsv, ftp-passive): New procedure.
(ftp-list, ftp-retr): Replace call to 'ftp-pasv' with 'ftp-passive'.
---
guix/ftp-client.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

Toggle diff (44 lines)
diff --git a/guix/ftp-client.scm b/guix/ftp-client.scm
index 8d5adcb8ed..a72057d3f5 100644
--- a/guix/ftp-client.scm
+++ b/guix/ftp-client.scm
@@ -216,6 +216,19 @@ TIMEOUT, an ETIMEDOUT error is raised."
(else
(throw 'ftp-error conn "PASV" 227 message)))))
+(define (ftp-epsv conn)
+ (let* ((message (%ftp-command "EPSV" 229 (ftp-connection-socket conn))))
+ (string->number
+ (match:substring
+ (string-match "\\(...([0-9]+).\\)" message) 1))))
+
+(define (ftp-passive conn)
+ "Enter passive mode using EPSV or PASV, return a data connection port on
+success."
+ ;; IPv6 only works with EPSV, so try it first.
+ (or (false-if-exception (ftp-epsv conn))
+ (ftp-pasv conn)))
+
(define (address-with-port sa port)
"Return a socket-address object based on SA, but with PORT."
(let ((fam (sockaddr:fam sa))
@@ -232,7 +245,7 @@ TIMEOUT, an ETIMEDOUT error is raised."
(if directory
(ftp-chdir conn directory))
- (let* ((port (ftp-pasv conn))
+ (let* ((port (ftp-passive conn))
(ai (ftp-connection-addrinfo conn))
(s (socket (addrinfo:fam ai) (addrinfo:socktype ai)
(addrinfo:protocol ai))))
@@ -281,7 +294,7 @@ must be closed before CONN can be used for other purposes."
;; Ask for "binary mode".
(%ftp-command "TYPE I" 200 (ftp-connection-socket conn))
- (let* ((port (ftp-pasv conn))
+ (let* ((port (ftp-passive conn))
(ai (ftp-connection-addrinfo conn))
(s (with-fluids ((%default-port-encoding #f))
(socket (addrinfo:fam ai) (addrinfo:socktype ai)
--
2.30.0
Okay to push?
Danny Milosavljevic wrote 4 years ago
(name . 宋文武)(address . iyzsong@outlook.com)(address . 46481@debbugs.gnu.org)
20210214202850.19730e36@scratchpost.org
LGTM!
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAmApefMACgkQ5xo1VCww
uqU+ywf9F0/lQSgVS8tdIwU7SPsMB4FNyd7IYNImMIr0lttMt8G4yLTe7devzGqn
MH1G+0LJsaFjyOhUoIXRnXz04wN8F2f6R40ir+X1HXZ2S6/mLt5OvB9mLHJExGMW
dJ/YaPA9M4fYOnjHZiKbIMJXZ/WIxE48aVK/FnGpDGLV2AbN1mbpP910QrdDEOy9
U8KMttLSXUHqNXWswcmvKXrJN/hUYWXeJ4MK0eqKTwe9XkJ0gfpdNLrAX6cypgE5
oHDOvbhLRwTANDcCfCAk2Uoxc48RXf/7eCmI63gaSI02xYaJfJtlE59smtz99x4O
9xTUh56f3W1/0a5oWejCv2foyNJ+dQ==
=ptaE
-----END PGP SIGNATURE-----


宋文武 wrote 4 years ago
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 46481-done@debbugs.gnu.org)
OSZP286MB0664001E9F36DF1693799140A3889@OSZP286MB0664.JPNP286.PROD.OUTLOOK.COM
Danny Milosavljevic <dannym@scratchpost.org> writes:

Toggle quote (2 lines)
> LGTM!

Pushed to master, thank you!
Closed
Léo Le Bouter wrote 4 years ago
(address . 46481@debbugs.gnu.org)
1cd8fa69fdfd4a90fcf38603e0421d0ba1b472a9.camel@zaclys.net
Hello!

It looks like the proposed fix at
858898e348eb300a94b74115328ee39191829bda is causing other issues:

$ guix describe
Generation 27 Feb 17 2021 09:39:49 (current)
guix 861ba52
branch: master
commit: 861ba5258399360a8f4c4e7cd08958f46d2c2b1e

$ strace guix refresh libgcrypt
....
read(15, "220-Welcome hacker!\r\n220-.\r\n220-"..., 4096) = 701
write(15, "USER anonymous\r\n", 16) = 16
read(15, "331 Send e-mail address as passw"..., 4096) = 38
write(15, "PASS guix@example.com\r\n", 23) = 23
read(15, "230 User logged in, proceed.\r\n", 4096) = 30
brk(0x1534000) = 0x1534000
write(15, "CWD /\r\n", 7) = 7
read(15, "250 Directory change successful."..., 4096) = 34
write(15, "CWD gcrypt\r\n", 12) = 12
read(15, "250-This directory is used as FT"..., 4096) = 1106
write(15, "CWD libgcrypt\r\n", 15) = 15
read(15, "250-This is the stable version o"..., 4096) = 135
write(15, "EPSV\r\n", 6) = 6
read(15,
... hangs ...

Should we explicitly check if we are over an IPv6 connection instead?
Is that possible?

Léo
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmAs3sMACgkQRaix6GvN
EKZI7hAAuwDpHJFJcPEX8J0QKBsY9/KLSOBkxFT/HYgFYPNYUL590jTobKNIMMmw
oKawOdSVD1J+dpI2XU+hZ6WQys2GmlYd1rwZsV33cU9HEj3/oV82SEHAldLk4ZWN
sgzs4psVHUn554Vl1OqRmLOUA67cF6GkFcGMWhcgiSJ8Rqaxn/8CJLRRKK5i/EzK
7cxnF8qo3eF1WSu9i1YJoMc/jGr/WTHEW+KMyp/TWuaLc3h+BnOHmFo3PGTI8Pdh
L/m2zOHepbD69MLbsie0Mppj9wmnOlnu/A+Q3mmJij/DBhBR14tUX8Y+q4PxY8Na
7Lrry1ItRa733kP0lc/bFZ3tlJbpdALXLXOb6KvNCRj0Z+/G31SSj6Fcw3p6QEDT
i+UDIeiCWq1sUSss18XtoIfKFFNwPMsyxNGefkkLqFulH/imlwY4YLvNJ0TXM7EN
S/UP4iqFFLIq9OfSAeJ5qefwtvwPYoVLmnsb6XZD7TZUQphcGAqrWxn3sFujtrVl
ZHezVm16SQT2X2QzNeWUaP6GAQEPwV/Z5bQAGq4066eFDRh7hF4VeXmoFeoNCCK6
Mi30vygMgmss1HjrQmdwiEWydkMGT4ayF6GUOWs1R/fumgQAy0xTcejWvW6Pv3uT
t+qpGZ3G+k0oAe2XZcvHmXsw7gd+bpQRDMRrK89G5jLVEGHggsQ=
=xuP2
-----END PGP SIGNATURE-----


Tobias Geerinckx-Rice wrote 4 years ago
(name . Léo Le Bouter)(address . lle-bout@zaclys.net)
87r1lf578r.fsf@nckx
Léo Le Bouter via Bug reports for GNU Guix 写道:
Toggle quote (4 lines)
> Should we explicitly check if we are over an IPv6 connection
> instead?
> Is that possible?

My FTP knowledge is about two decades out of date: does an IPv6
server (de facto) have to support EPSV?

The ‘right’ way would be to send the FEAT command, and check
whether the server actually supports EPSV. A bit more
heavy-weight than your heuristic.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYCztFQ0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15bZAA/icyBSt05AaEYLPh6bF37BshKLfmAjOBsadKW6VZ
9FfmAQDBpEgI17oP9ADaGx6XVAwCPnBb1AjSgfpuVgdUWx09DQ==
=SDSr
-----END PGP SIGNATURE-----

Danny Milosavljevic wrote 4 years ago
(name . Tobias Geerinckx-Rice via Bug reports for GNU Guix)(address . bug-guix@gnu.org)
20210217124702.1e038a96@scratchpost.org
Hi,

On Wed, 17 Feb 2021 11:16:52 +0100
Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org> wrote:

Toggle quote (4 lines)
> Léo Le Bouter via Bug reports for GNU Guix 写道:
> > Should we explicitly check if we are over an IPv6 connection
> > instead?

That sounds very magical. I mean we can do it as a last resort, I guess.
EPSV is supposed to work with both IPv4 and IPv6.

Toggle quote (9 lines)
> > Is that possible?
>
> My FTP knowledge is about two decades out of date: does an IPv6
> server (de facto) have to support EPSV?
>
> The ‘right’ way would be to send the FEAT command, and check
> whether the server actually supports EPSV. A bit more
> heavy-weight than your heuristic.

Good idea for a workaround, but your suggestion doesn't work with
ftp.gnupg.org:

CWD libgcrypt
250-This is the stable version of Libgcrypt.
250-For devlopment versions see ../alpha/libgcrypt/.
250 Directory change successful.
FEAT
500 Syntax error, command unrecognized.
HELP
502 Command not implemented.

But this works:

USER anonymous
331 Send e-mail address as password.
PASS a@example.com
230 User logged in, proceed.
EPSV
229 Entering Extended Passive Mode (|||41682|)

And this works:

220 Service ready for new user.
USER anonymous
331 Send e-mail address as password.
PASS a@example.com
230 User logged in, proceed.
CWD /
250 Directory change successful.
EPSV
229 Entering Extended Passive Mode (|||40666|)

And this works:

220 Service ready for new user.
USER anonymous
331 Send e-mail address as password.
PASS a@example.com
230 User logged in, proceed.
CWD /
250 Directory change successful.
CWD gcrypt
[...]
250 Directory change successful.
EPSV
229 Entering Extended Passive Mode (|||41707|)

AND this works:

220 Service ready for new user.
USER anonymous
331 Send e-mail address as password.
PASS a@example.com
230 User logged in, proceed.
CWD /
250 Directory change successful.
CWD gcrypt
[...]
250 Directory change successful.
EPSV
229 Entering Extended Passive Mode (|||41358|)
CWD libgcrypt
250-This is the stable version of Libgcrypt.
250-For devlopment versions see ../alpha/libgcrypt/.
250 Directory change successful.
EPSV
229 Entering Extended Passive Mode (|||41308|)

But this does not work:

220 Service ready for new user.
USER anonymous
331 Send e-mail address as password.
PASS a@example.com
230 User logged in, proceed.
CWD /
250 Directory change successful.
CWD gcrypt
[...]
250 Directory change successful.
CWD libgcrypt
250-This is the stable version of Libgcrypt.
250-For devlopment versions see ../alpha/libgcrypt/.
250 Directory change successful.
EPSV
<hangs>

Looks like a straightforward server bug to me.

Toggle quote (2 lines)
>250-Please contact ftpmaster@gnupg.org it you have any problems with

Please contact ftpmaster@gnupg.org !

I would not suggest to complicate perfectly valid client code just because the
server does weird stuff--especially when those servers are GNU project servers
anyway. We can just talk to the server maintainers instead.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAmAtAjYACgkQ5xo1VCww
uqXthwf/crbdWVA5R9dRcz5pSCraa4OHp21JwVXWoEw32ZuMm5liyKrjYPVtSsdy
QzLjPJJK0MAHwAdQOmEiLJTOJjXnXxmqr2jlKvihanrDhWJvBUSukBmLrVikUrvY
2RGtOcbtlxE7WMsrfYkKqZ9r7cP4GwVSQkyasHGkegCSCo1ekB3mvGkbwPndQ2Z6
Ak4GKpnBs0nbqfWp7/eNfSvRI7qDrUdfDxyEtTgkPzvXNWSHWiO14H+1kZZ1Xgc3
jOrZQ39HmjQ9uQZKzQ1m7pZMlw0RKbVYKSl8PQdIlF/+3xqa+VXQ/C7jZv+0qT0I
ZThg2H9r4dYXQ0abERJeaJocjlB2NQ==
=wR3G
-----END PGP SIGNATURE-----


Maxim Cournoyer wrote 3 years ago
control message for bug #46481
(address . control@debbugs.gnu.org)
871qup4oj0.fsf@gmail.com
close 46481
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 46481@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 46481
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help