#59526 – Doesn't follow https redirects

Bug 59526 - Doesn't follow https redirects

Summary: Doesn't follow https redirects

Status:	NEW

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	apt-https (show other bugs)
Version:	unstable
Hardware:	x86_64 Linux

Importance:	P5 normal
Assignee:	placeholder@altlinux.org
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-06-13 17:14 MSK by Konstantin A Lepikhov (L.A. Kostis)
Modified:	2026-06-13 17:14 MSK (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Konstantin A Lepikhov (L.A. Kostis) 2026-06-13 17:14:45 MSK

Привет!

Бага очень похожа на https://github.com/syncthing/syncthing/issues/10156 (apt upgrade gives 401 Unauthorized)

❯ rpm -q apt-https
apt-https-0.5.15lorg2-alt101.x86_64

❯ sudo apt-get install https://alt-lakostis.gitlab.io/kernel-image-lks-wks/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm
[sudo] password for lakostis:
Please login to eu2.contabostorage.com (secure)
Username: ^C

При этом пакет скачивается браузером и curl:

❯ curl -vLO https://alt-lakostis.gitlab.io/kernel-image-lks-wks/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm
*   Trying [2600:1901:0:7b8a::]:443...       
* Immediate connect fail for 2600:1901:0:7b8a::: Network is unreachable
* connect to 2600:1901:0:7b8a:: port 443 from :: port 0 failed: Success
* Host alt-lakostis.gitlab.io:443 was resolved.
* IPv6: 2600:1901:0:7b8a::                   
* IPv4: 35.185.44.232                         
*   Trying 35.185.44.232:443...                           
* GnuTLS priority: NORMAL:%PROFILE_MEDIUM:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2
* ALPN: curl offers h2,http/1.1                                                                                                              
* SSL Trust Anchors:                                                                                                                         
*   CAfile: 121 certificates in /usr/share/ca-certificates/ca-bundle.crt                                                                                                                                                                                                                  
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
*   SSL certificate verified by GnuTLS
*   SSL certificate expiration date OK
*   SSL certificate activation date OK
*   SSL certificate status verification SKIPPED
*   common name: *.gitlab.io (matched)
*   certificate public key: RSA  
*   certificate version: #3
*   subject: CN=*.gitlab.io    
*   start date: Fri, 16 Jan 2026 19:03:23 GMT
*   expire date: Mon, 15 Feb 2027 07:59:59 GMT
*   issuer: C=BE,O=GlobalSign nv-sa,CN=GlobalSign GCC R6 AlphaSSL CA 2025
* ALPN: server accepted h2         
* Established connection to alt-lakostis.gitlab.io (35.185.44.232 port 443) from 192.168.1.100 port 59828 
  % Total    % Received % Xferd  Average Speed  Time    Time    Time   Current
                                 Dload  Upload  Total   Spent   Left   Speed
  0      0   0      0   0      0      0      0                              0* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://alt-lakostis.gitlab.io/kernel-image-lks-wks/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm
* [HTTP/2] [1] [:method: GET]                                                                                                                                                                                                                                                             
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: alt-lakostis.gitlab.io]                 
* [HTTP/2] [1] [:path: /kernel-image-lks-wks/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm]
* [HTTP/2] [1] [user-agent: curl/8.20.0]
* [HTTP/2] [1] [accept: */*]    
> GET /kernel-image-lks-wks/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm HTTP/2
> Host: alt-lakostis.gitlab.io
> User-Agent: curl/8.20.0
> Accept: */*                                                          
>                                                             
* Request completely sent off
< HTTP/2 302 
< content-type: text/html; charset=utf-8
< location: https://eu2.contabostorage.com/4c93d1f0504049878145e8b977876da9%3Akernel-image/public/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm
< permissions-policy: interest-cohort=()
< vary: Origin
< x-request-id: 01KV0N3EN2B8WA1XQAYXGDK3KV
< content-length: 212
< date: Sat, 13 Jun 2026 14:10:19 GMT
* Ignoring the response-body
* setting size while ignoring
< 
100    212 100    212   0      0    472      0                              0
* Connection #0 to host alt-lakostis.gitlab.io:443 left intact
* Issue another request to this URL: 'https://eu2.contabostorage.com/4c93d1f0504049878145e8b977876da9%3Akernel-image/public/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm'
* Host eu2.contabostorage.com:443 was resolved.
* IPv6: (none)
* IPv4: 185.219.143.85, 185.219.143.84
*   Trying 185.219.143.85:443...
* GnuTLS priority: NORMAL:%PROFILE_MEDIUM:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2
* ALPN: curl offers h2,http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
*   SSL certificate verified by GnuTLS
*   SSL certificate expiration date OK
*   SSL certificate activation date OK
*   SSL certificate status verification SKIPPED
*   common name: contabostorage.com (matched)
*   certificate public key: RSA
*   certificate version: #3
*   subject: CN=contabostorage.com
*   start date: Sun, 24 May 2026 00:00:00 GMT
*   expire date: Sat, 22 Aug 2026 23:59:59 GMT
*   issuer: C=AT,O=ZeroSSL GmbH,CN=ZeroSSL RSA DV SSL CA 2
* ALPN: server did not agree on a protocol. Uses default.
* Established connection to eu2.contabostorage.com (185.219.143.85 port 443) from xx.xx.xx.xx port 54558 
  0      0   0      0   0      0      0      0                              0* using HTTP/1.x
> GET /4c93d1f0504049878145e8b977876da9%3Akernel-image/public/lks-wks/repo/x86_64/RPMS.hasher/kernel-modules-zenergy-lks-wks-1.0-alt1.gf77293f.397824.4.35.x86_64.rpm HTTP/1.1
> Host: eu2.contabostorage.com
> User-Agent: curl/8.20.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< content-type: application/x-rpm
< content-length: 7612
< x-ratelimit-limit-second: 250
< ratelimit-limit: 250
< ratelimit-remaining: 249
< ratelimit-reset: 1
< x-ratelimit-remaining-second: 249
< server: nginx
< date: Sat, 13 Jun 2026 14:10:19 GMT
< last-modified: Fri, 12 Jun 2026 10:18:31 GMT
< x-rgw-object-type: Normal
< etag: "050d7b90081c388cc1fa573c549c9cd0"
< x-amz-meta-s3cmd-attrs: atime:1781258024/ctime:1781258024/gid:500/gname:lakostis/md5:050d7b90081c388cc1fa573c549c9cd0/mode:33188/mtime:1781247958/uid:500/uname:lakostis
< x-amz-storage-class: STANDARD
< x-amz-request-id: tx00000046f096e19ec49fe-006a2d64cb-431696450-eu5
< x-proxy-cache: MISS
< accept-ranges: bytes
< access-control-allow-origin: *
< strict-transport-security: max-age=16000000; includeSubDomains; preload;
< 
{ [7612 bytes data]
100   7612 100   7612   0      0  11243      0                              0
* Connection #1 to host eu2.contabostorage.com:443 left intact

пока в качестве обходного решения заменил ссылки на репозиторий на прямое указание url на eu2.contabostorage.com.