Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo vet aggregate is not reporting errors correctly #607

Open
str4d opened this issue Apr 29, 2024 · 2 comments
Open

cargo vet aggregate is not reporting errors correctly #607

str4d opened this issue Apr 29, 2024 · 2 comments

Comments

@str4d
Copy link
Contributor

str4d commented Apr 29, 2024
edited

I'm running cargo vet aggregate --output-file supply-chain/audits.toml supply-chain/sources.txt in CI for https://github.com/zcash/rust-ecosystem. Recently I added a second source to sources.txt and now aggregation fails. Via local testing, I determined that the new URL is not broken, but the presence of two URLs causes a GoAway to be returned by GitHub, I presume due to either some interaction with HTTP2 connection pooling or tripping up a spam detector?

EDIT 2024-05-23: Hmm, actually it looks like the GoAway is being sent to GitHub at the end of the connection in response to something. It's still the main difference I see between one vs two sources.

✅ First source only 
❯ cat supply-chain/sources.txt 
https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml

❯ cargo vet aggregate --verbose debug --output-file supply-chain/audits.toml supply-chain/sources.txt
DEBUG starting new connection: https://raw.githubusercontent.com/    
DEBUG resolving host="raw.githubusercontent.com"
DEBUG connecting to 185.199.111.133:443
DEBUG connected to 185.199.111.133:443
DEBUG No cached session for DnsName("raw.githubusercontent.com")    
DEBUG Not resuming any session    
DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256    
DEBUG Not resuming    
DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])]    
DEBUG ALPN protocol is Some(b"h2")    
DEBUG binding client connection
DEBUG client connection bound
DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
DEBUG pooling idle connection for ("https", raw.githubusercontent.com)
DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x0), max_concurrent_streams: 100 }
DEBUG Connection{peer=Client}: send frame=Settings { flags: (0x1: ACK) }
DEBUG Connection{peer=Client}: received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 }
DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x1: ACK) }
DEBUG Connection{peer=Client}: received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
✅ Second source only 
❯ cat supply-chain/sources.txt 
https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml

❯ cargo vet aggregate --verbose debug --output-file supply-chain/audits.toml supply-chain/sources.txt
DEBUG starting new connection: https://raw.githubusercontent.com/    
DEBUG resolving host="raw.githubusercontent.com"
DEBUG connecting to 185.199.111.133:443
DEBUG connected to 185.199.111.133:443
DEBUG No cached session for DnsName("raw.githubusercontent.com")    
DEBUG Not resuming any session    
DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256    
DEBUG Not resuming    
DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])]    
DEBUG ALPN protocol is Some(b"h2")    
DEBUG binding client connection
DEBUG client connection bound
DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
DEBUG pooling idle connection for ("https", raw.githubusercontent.com)
DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x0), max_concurrent_streams: 100 }
DEBUG Connection{peer=Client}: send frame=Settings { flags: (0x1: ACK) }
DEBUG Connection{peer=Client}: received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 }
DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x1: ACK) }
DEBUG Connection{peer=Client}: received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
❌ Both sources 
❯ cat supply-chain/sources.txt 
https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml
https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml

❯ cargo vet aggregate --verbose debug --output-file supply-chain/audits.toml supply-chain/sources.txt
DEBUG starting new connection: https://raw.githubusercontent.com/    
DEBUG starting new connection: https://raw.githubusercontent.com/    
DEBUG resolving host="raw.githubusercontent.com"
DEBUG resolving host="raw.githubusercontent.com"
DEBUG connecting to 185.199.111.133:443
DEBUG connecting to 185.199.108.133:443
DEBUG connected to 185.199.111.133:443
DEBUG No cached session for DnsName("raw.githubusercontent.com")    
DEBUG Not resuming any session    
DEBUG connected to 185.199.108.133:443
DEBUG No cached session for DnsName("raw.githubusercontent.com")    
DEBUG Not resuming any session    
DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256    
DEBUG Not resuming    
DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])]    
DEBUG ALPN protocol is Some(b"h2")    
DEBUG binding client connection
DEBUG client connection bound
DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
DEBUG pooling idle connection for ("https", raw.githubusercontent.com)
DEBUG reuse idle connection for ("https", raw.githubusercontent.com)
DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
DEBUG Connection{peer=Client}: send frame=Headers { stream_id: StreamId(3), flags: (0x5: END_HEADERS | END_STREAM) }
DEBUG Using ciphersuite TLS13_AES_128_GCM_SHA256    
DEBUG Not resuming    
DEBUG TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])]    
DEBUG ALPN protocol is Some(b"h2")    
DEBUG binding client connection
DEBUG client connection bound
DEBUG send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: send frame=GoAway { error_code: NO_ERROR, last_stream_id: StreamId(0) }
DEBUG Connection{peer=Client}: Connection::poll; connection error error=GoAway(b"", NO_ERROR, Library)
DEBUG Connection{peer=Client}: Sending warning alert CloseNotify    
DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x0), max_concurrent_streams: 100 }
DEBUG Connection{peer=Client}: send frame=Settings { flags: (0x1: ACK) }
DEBUG Connection{peer=Client}: received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 }
DEBUG Connection{peer=Client}: received frame=Settings { flags: (0x1: ACK) }
DEBUG Connection{peer=Client}: received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384 }
DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(3), flags: (0x4: END_HEADERS) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(3), flags: (0x1: END_STREAM) }
DEBUG Connection{peer=Client}: received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1) }
DEBUG Connection{peer=Client}: received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
DEBUG Connection{peer=Client}: send frame=GoAway { error_code: NO_ERROR, last_stream_id: StreamId(0) }
DEBUG Connection{peer=Client}: Connection::poll; connection error error=GoAway(b"", NO_ERROR, Library)
ERROR   × there were errors aggregating source audit files

DEBUG Connection{peer=Client}: Sending warning alert CloseNotify
@str4d str4d mentioned this issue Apr 29, 2024
Merged
@str4d
Copy link
Contributor Author

str4d commented Apr 29, 2024

Maybe also related to #593 (there is not enough error log information in the cargo-vet output for either issue's content to be sufficient for me to determine that).

@str4d str4d changed the title cargo vet aggregate fails with more than one GitHub source cargo vet aggregate is not reporting errors correctly May 23, 2024
@str4d
Copy link
Contributor Author

str4d commented May 23, 2024

I've now had time to debug this further, and it turns out that the problem is that miette is for whatever reason not rendering the related errors inside AggregateErrors. When I add dbg! around them, this is what I get as overall output:

    Fetching source audits [=========================================================] 2/2                                                                        [src/main.rs:2552:8] &errors = [
    CriteriaDescriptionMismatch(
        AggregateCriteriaDescriptionMismatchError {
            criteria_name: "license-reviewed",
            first: AggregateCriteriaDescription {
                source: "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml",
                description: Some(
                    "The license of this crate has been reviewed for compatibility with its usage in this repository.",
                ),
                description_url: None,
            },
            second: AggregateCriteriaDescription {
                source: "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml",
                description: Some(
                    "The license of this crate has been reviewed for compatibility with its usage in this repository. If the crate is not available under the MIT license, `contrib/debian/copyright` has been updated with a corresponding copyright notice for files under `depends/*/vendored-sources/CRATE_NAME`.",
                ),
                description_url: None,
            },
        },
    ),
]
ERROR   × there were errors aggregating source audit files

So I now know what the aggregation problem is (a mismatch between criteria descriptions, something I didn't realise had to exactly match), but also cargo vet is hiding these errors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@str4d