New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
can't run under WSL with zscaler #1058
Comments
Could you check if version 0.17.6 works? |
0.17.6 does appear to work (albeit with about a 7 minute "Updating crates.io index" wait). |
We switched from using libgit2 to gix+hyper+rustls in 0.18.x. It is likely that this is an incompatibility between Zscaler and either rustls or reqwest. The first thing to do to isolate the issue is to take a simple program that downloads a URL with reqwest and try downloading some URLs from behind Zscaler first with native-tls backend, then with the |
Downloading with reqwest works OK for both Test code used was: #[tokio::main]
async fn main() -> Result<(), reqwest::Error> {
let url = "https://github.com/RustSec/advisory-db.git";
let response = reqwest::get(url).await?;
if response.status().is_success() {
let body_bytes = response.bytes().await?;
let body_str = String::from_utf8_lossy(&body_bytes);
println!("Response body:\n{}", body_str);
} else {
println!("Error: {}", response.status());
}
Ok(())
} |
Well that's fascinating. What about |
diff --git a/gix-transport/Cargo.toml b/gix-transport/Cargo.toml
index 155d6acc9..a0285e47b 100644
--- a/gix-transport/Cargo.toml
+++ b/gix-transport/Cargo.toml
@@ -78,7 +78,8 @@ base64 = { version = "0.21.0", optional = true }
curl = { version = "0.4", optional = true }
# for http-client-reqwest
-reqwest = { version = "0.11.12", optional = true, default-features = false, features = ["blocking"] }
+reqwest = { version = "0.11.12", optional = true, default-features = false, features = ["blocking", "rustls-tls-native-roots"] }
+
## If used in conjunction with `async-client`, the `connect()` method will become available along with supporting the git protocol over TCP,
## where the TCP stream is created using this crate. Also, just to confirm that the failure with cargo-audit wasn't a fluke, I reinstalled 0.18.3, and am still seeing the same "IO error". And here are some versions, FWIW: |
Strange. I don't think we're doing anything particularly interesting with our #1053 might also help debug this. |
I suggest also opening a support ticket with zscaler developers. This is a proprietary and paywalled tool that we do not have access to, so it is going to be quite tricky for us to debug any issues related to it. |
Could you try #1063 and see if that produces a more informative error message? |
I'm having quite a similar issue (and maybe a reason). Developing on Windows and having freshly installed (and used)
followed by a lot of output (one for each dependency). I suspected a connection to Windows, so I tried WSL. Same result. After that I tried installing 1.17.6 It gave me one warning for my project which disappeared after running I think I found one (or the) reason for this:
but when I use 1.17.6 I find a file
beyond Notice the extra dot! It happened on normal Windows (11) and WSL. Hope that helps finding the (real) reason and that it fixes my problem as well .` |
Yeah, the |
Ok, but if I use 1.18.3 there is no |
We've found this same problem when using the cloudflare gateway (a product that also does TLS interception similar to ZScaler) on OSX. This doesn't look zscaler or WSL-specific? Downgrading to 0.17.6 also fixes it, and 0.18.3 doesn't show any additional information beyond the message on the issue description. |
I am also seeing this problem on Cirrus CI's platform with FreeBSD. Every CI run that uses cargo-audit 0.18.3 (which is in the package repository for FreeBSD 14) fails with this same error. But CI runs that use 0.17.6 (which is in the package repository for FreeBSD 13.2) succeeds. I cannot reproduce the problem on the bench. Probably, Cirrus CI is using something like cloudflare or zscaler. Some example failures: |
cargo-audit 0.18.3 does not work in Cirrus's environment https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276557 rustsec/rustsec#1058
cargo-audit 0.18.3 does not work in Cirrus's environment * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276557 * rustsec/rustsec#1058
cargo-audit version 0.18.3 always fails in Cirrus CI, though version 0.17.6 does not. Upstream issue: rustsec/rustsec#1058 PR: 276557
I have just published version 0.19.0. If it doesn't fix this issue, then at least it should provide a more informative error message. It needs to be paired with the latest |
Fixed my problem. (Whereas the weird file THANKS A LOT |
Thanks! I'll wait for one more report of this being fixed before closing, just to make sure. It may have been fixed by EmbarkStudios/tame-index#47 so please check that you have This fix is actually not included in the 0.19.0 binary of |
Before my comment I ran Thanks again. |
And FTR cargo-audit 0.19.0 works in Cirrus CI, too. |
Unfortunately I think the originally reported problem (IO error when running in enterprise environment under a proxy that intercepts TLS) is still happening. Under cloudflare gateway, I see:
|
@jgpaiva I have just shipped v0.20.0 that makes the dependencies with the necessary fixes a hard requirement. Please try it, and if it doesn't work, please open a new issue with the steps to reproduce it. |
While installing via
cargo install
works fine, when trying to executecargo audit
, the following is printed:The URL is accessible via, for example, wget. Note that the Zscaler cert is installed and being used in the WSL VM.
The text was updated successfully, but these errors were encountered: