-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
composer2 can't find package versions #9481
Comments
Not sure why this happens but this seems to be the only package where I've ran into this. And it's impacting any package requiring this package such as: ergebnis/composer-normalize#613 |
@Seldaek could it be that one of the dumped file is missing ? seeing only dev versions looks like it could be the cause, as they are in separate files in the v2 metadata |
Yes that's most likely the cause.. a dumping or mirroring issue somehow affecting only that file. |
It seems like one mirror had a corrupt Anyway leaving this open for now until I can at least guard against the issue happening again, because I can't see right now what would be the bug on my end at least. I made sure the file has a newer timestamp now so your corrupted local caches should get invalidated. |
Can confirm it works now 👍 ! |
Thank you, @Seldaek! |
@Seldaek maybe the mirroring script could implement some safeguards by checking that the package name inside the file matches the filename, to reject incorrect ones. |
Yup that's the plan |
Silent data corruption? Not cool. This is reproducible I think with your mirroring script: some hashes don't match, on files that are verified by a hash. I saw it a few times, I should look closer at why... I'd suspect an issue with h2. Dunno if it can be detected by curl. |
Saw this earlier today while trying to install league/csv:^9.6. Any ideas on what is causing this issue where packages randomly don't resolve? Seen this also yesterday with rector/rector where ^0.8 was not resolving as well. |
@jacques a |
@jacques please report a new issue for this following the issue template strictly so we get enough information. |
@Seldaek does this content remind you something for
|
Yeah that's most likely a package with no release so the v2 metadata for it is empty and it landed in this wrong file too.. what a mess :/ That's the original file at the correct url btw https://repo.packagist.org/p2/marcelomx/php-facedetection.json |
I'm not sure why I get this content for v2 under this URL then, while when I access the URL from the browser, I get the content for v1. Looks like something that http-client isn't responsible for, or could it be? |
Note that the script doesn't always choke on this specific URL. The exact URL is usually kinda random. |
Another failure, which might be a different one: for https://repo.packagist.org/p/jeka/vlabs-media-bundle$d454d3c809ed3de2580cc7abbe12f29090f314bac46c47b365332870895eaf98.json, I get this (see below).
|
Last but not least, the log from curl is the following. This kind of log makes me think the issue may be in curl (or the way we use it). On the other side, the previous issue (composer v2 metadata coming in) looks like a broken mirror somewhere. TL;DR, I'm a bit lost. If you could check your mirrors to eliminate one possibility (a broken mirror for one of the submitted URL), that'd be cool.
|
I need to check the mirrors to see if any has the wrong data in the wrong place.. can't do that from my phone will get back to you tomorrow. However the one where v2 metadata ends up in a v1 file is very strange, because afaik those never get downloaded by the same process so it can't be a client issue I'd guess (unless your test script downloads both?). Server is nginx serving static files.. which I can only hope is fairly bug-free. |
…s break (nicolas-grekas) This PR was merged into the 4.4 branch. Discussion ---------- [HttpClient] don't fallback to HTTP/1.1 when HTTP/2 streams break | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix composer/composer#9481 | License | MIT | Doc PR | - With this change, I don't reproduce the failures that I describe in composer/composer#9481 when running the script in #38690 Apparently curl has an issue when both h1.1 and h2 connections are open to the same host. Instead of switching to HTTP/1.1 when retrying requests that failed because of an HTTP/2 stream error, I propose to close the http/2 connection when issuing a retry. With this change, running the mirroring script of packagist works like a charm. No need to investigate your mirrors @Seldaek, this was definitely a data corruption issue. Commits ------- 0c92bc5 [HttpClient] don't fallback to HTTP/1.1 when HTTP/2 streams break
@Seldaek I manually edited the composer.json file to change the league/csv version after composer did not show the versions and did the composer update --lock. |
@jacques if you want your update to find a new version satisfying your new requirement, you mist whitelist |
Ok closing this, issues in mirroring script and http-client have been fixed and I verified that all our mirrors now have 100% the same data. |
My
composer.json
:none
Output of
composer diagnose
:When I run this command:
I get the following output:
And I expected this to happen:
I expect to see all versions (mainly, all stable versions are missing)
Following is output when running the same command with composer 1.10.1
The text was updated successfully, but these errors were encountered: