How can I install OPAM package from private Github repo?

scjung · March 22, 2023, 6:04am

I have a private local OPAM repository that contains OPAM packages served in private Github repo.

$ cat my-opam-repository/packages/my_package/my_package.1.0/OPAM
..snip...
url {
  src: "https://github.com/>>redacted<</archive/refs/tags/v1.0.tar.gz"
  checksum: "md5=e3e1b89c2bf1df417f79057ecf261e9e"
}

$ opam remote
...
 1 private git+file:///Users/me/my-opam-repository
 2 default https://opam.ocaml.org

When I try to install the package, OPAM fails to download the source archive in the private repository.

$ OPAMFETCH='/usr/local/bin/wget --header "Authorization: token >>redacted<<" -O %{out}% %{url}%' opam install -vvv my_package

...snip...

[ERROR] Failed to get sources of my_package.1.0: Download command failed

#=== ERROR while fetching sources for my_package.1.10 ===========================#
OpamSolution.Fetch_fail("https://github.com/>>redacted<</archive/refs/tags/v1.0.tar.gz (Download command failed: \"/usr/local/bin/wget --content-disposition -t 3 -O ... -U opam/2.1.4 -- https://github.com/>>redacted<</archive/refs/tags/v1.0.tar.gz\" exited with code 8 \"2023-03-22 14:40:43 ERROR 404: Not Found.\")")

...snip...

I’m aware of OPAMFETCH env variable, but as you may see the output above, OPAM does not honor this variable. I found a similar Github issues - `opam init` does not honour `OPAMCURL`, `OPAMFETCH`, ... · Issue #5108 · ocaml/opam · GitHub -, but it doesn’t seem to be related to my problem.

Am I doing something wrong here?

kit-ty-kate · March 22, 2023, 4:39pm

I disagree, I think this is related. Have you tried with opam master which solved this issue? I’m able to reproduce your problem with 2.1.4 but not with master.

You can try it out using:

git clone https://github.com/ocaml/opam
make -C opam cold
sudo install ./opam/opam /usr/local/bin/opam

scjung · March 24, 2023, 1:59am

OPAM on master branch indeed respects OPAMFETCH variable!

But sadly OPAM splits OPAMFETCH value by whitespaces, and it causes that --header argument is not parsed as a whole string like the below.

+ /usr/bin/wget "--header" "\"Authorization:" "token" ">>>redacted<<<\"" "-O" "/home/scjung/.opam/4.12.1/.opam-switch/sources/coreutil.1.10/v1.10.tar.gz.part" "%{url}"
- --2023-03-24 10:31:27--  http://token/
- Resolving token (token)... failed: Name or service not known.
- wget: unable to resolve host address ‘token’

I had to write a wrapper script passes --header argument to wget and set OPAMFETCH to call the wrapper script instead.

Thanks for the help

dbuenzli · March 24, 2023, 7:15am

@scjung please file an issue so that others won’t have to jump through the same hoops in the future.

scjung · March 24, 2023, 7:32am

I thought the Github issue I mentioned above (`opam init` does not honour `OPAMCURL`, `OPAMFETCH`, ... · Issue #5108 · ocaml/opam · GitHub) is the same issue here and the fix will be released in upcoming v2.2.

@kit-ty-kate, Should I file a new issue?

dbuenzli · March 24, 2023, 7:43am

That’s a new issue ^, when you allow to specify tool invocations as environment variables, simply splitting on spaces is user hostile – as you now have witnessed :–(

One should perform at least some basic tokenization, see e.g. here.

scjung · March 24, 2023, 8:20am

I see. Filed a new issue here.

github.com/ocaml/opam

Tokenize OPAMFETCH value properly, not splitting by whitespaces

opened 08:18AM - 24 Mar 23 UTC

scjung

KIND: BUG

``` # opam config report # opam-version 2.2.0~alpha~dev (7f4558d65bbfb…f4524e413ab7d06d8ac5f4484d3) # self-upgrade no # system arch=x86_64 os=macos os-distribution=homebrew os-version=13.2.1 # solver builtin-mccs+glpk # install-criteria -removed,-count[avoid-version,changed],-count[version-lag,request],-count[version-lag,changed],-count[missing-depexts,changed],-changed # upgrade-criteria -removed,-count[avoid-version,changed],-count[version-lag,solution],-count[missing-depexts,changed],-new # jobs 7 # repositories 1 (http), 1 (version-controlled) (default repo at 5811dd22) # pinned 0 # current-switch 5.0 # invariant ocaml-base-compiler >= 5.0 & ocaml-base-compiler < 5.1 # compiler-packages ocaml-base-compiler.5.0.0, ocaml-options-vanilla.1 # ocaml:native true # ocaml:native-tools true # ocaml:native-dynlink true # ocaml:stubsdir /Users/mukka/.opam/5.0/lib/ocaml/stublibs:/Users/mukka/.opam/5.0/lib/ocaml # ocaml:preinstalled false # ocaml:compiler 5.0.0 ``` Because OPAM splits OPAMFETCH value by spaces, the use-case below does not work as expected. ```sh # The package is in private Github repo, so we supply access token in Authorize header. $ OPAMFETCH='wget --header "Authorization: token >>>redacted<<<" %{url}% -O %{out}%' opam install coreutil ... snip ... + /usr/bin/wget "--header" "\"Authorization:" "token" ">>>redacted<<<\"" "-O" "/home/scjung/.opam/4.12.1/.opam-switch/sources/coreutil.1.10/v1.10.tar.gz.part" "%{url}" - --2023-03-24 10:31:27-- http://token/ - Resolving token (token)... failed: Name or service not known. - wget: unable to resolve host address ‘token’ ``` As you may see in the log, ```"Authorization: token ..."``` argument is parsed into seperate words. OPAM should tokenize OPAMFETCH value in the way shell tokenizes[1, 2], so that a quoted argument is parsed as a single string rather than separate words. [1] https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html [2] https://github.com/dbuenzli/bos/blob/master/src/bos_cmd.ml#L46-L112

Topic		Replies	Views
Opam install fails : sources cannot be obtained Learning opam , dune	3	1434	March 25, 2020
How to test a opam install using the `url` in the opam file? Ecosystem opam	7	570	October 6, 2021
Installing opam package from git Ecosystem	1	429	January 10, 2021
Simple installation of packages without network Community opam , tools	4	783	February 1, 2023
Mirroring OPAM repository Ecosystem opam	2	813	October 2, 2018

How can I install OPAM package from private Github repo?

Related topics