堆栈内存溢出
  简体   繁体   English

无法访问gem-fury中的私有存储库

[英]Cannot access a private repository in gem-fury

 原文  2016-12-14 18:08:56       amazon-web-services/ amazon-s3/ composer-php/ gem-fury

问题描述

I've setup a private composer repository via gem-fury, but when I'm trying to download one of the packages (using composer-require) I receive the following error: 我已经通过gem-fury建立了一个私有的composer存储库,但是当我尝试下载其中一个软件包(使用composer-require)时,出现以下错误: 

  [Composer\Downloader\TransportException]
  The 'https://s3.amazonaws.com:443/gemfury/gems/[SOME_STRING]/[VENDOR][PACKAGE]_[VERSION]_zip?Signature=SIGNATURE&Expires=1481739039&AWSAccessKeyId=[AWS_ACCESS_KEY]' URL could not be accessed: HTTP/1.1 400 Bad Request

PS I know that the authentication worked because composer does receive the package.json file (the latest version is recognized) PS我知道身份验证有效,因为作曲家确实收到package.json文件(可以识别最新版本)

Any help would be appretiated 任何帮助将不胜感激

1 个解决方案

解决方案1
 1 已采纳  2017-02-07 09:43:08

Short answer : You may see this issue if you are using auth.json to store your Gemfury token. 简短答案 :如果您使用auth.json存储Gemfury令牌,则可能会看到此问题。 At this time, the only way to work around this issue is to embed the token directly into your repository URL in composer.json . 目前,解决此问题的唯一方法是将令牌直接嵌入composer.json的存储库URL中。

Long answer : The reason it doesn't work is due to a bug in Composer CLI. 长答案 :不起作用的原因是由于Composer CLI中的错误。 In that particular use-case, when Composer acts on Gemfury's redirect from your private php.fury.io repo to a secure S3 download, it includes the Authorization header with your Gemfury token. 在该特定用例中,当Composer执行Gemfury从您的私人php.fury.io库到安全S3下载的重定向时,它将包括带有您的Gemfury令牌的Authorization标头。 This header conflicts with S3's authentication model, and results in a 400 Bad Request response. 此标头与S3的身份验证模型冲突,并导致400 Bad Request响应。

Resending Authorization header on a redirect from one host to another is a fairly significant security concern, and I recommend you reset your Gemfury token and stop using auth.json authentication method until this issue is resolved. 在从一台主机到另一台主机的重定向上重新发送Authorization标头是一个相当重要的安全问题,我建议您重置Gemfury令牌并停止使用auth.json身份验证方法,直到解决此问题为止。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 私有子网中的 EC2 实例无法访问亚马逊存储库 - EC2 instances in private subnets cannot access amazon repository AWS lambda 放入私有子网后无法访问 DynamoDB? - AWS lambda cannot access DynamoDB after being placed in a private subnet? 如何通过AWS上的Drush Make从Aegir访问私有github存储库 - How to access a private github repository from Aegir through Drush Make on AWS 将 Neo4j 放入私有子网时无法访问数据库 - Cannot access Database when put Neo4j in private Subnet AWS Codeartifact 未指向私有存储库 - AWS Codeartifact not pointing to private repository Elastic beanstalk实例无法访问私有S3文件 - Elastic beanstalk instance cannot access private S3 file 公共子网中的 Lambda function 无法访问私有子网中的资源 - Lambda function in public subnet cannot access resources in private subnet k8s - 无法拉取图像...来自守护程序的错误响应:{private_repo} 的拉取访问被拒绝,存储库不存在 - k8s - Failed to pull image…Error response from daemon: pull access denied for {private_repo}, repository does not exist 具有专用存储库CannotPullContainerError的Elastic Beanstalk多容器Docker - Elastic Beanstalk Multicontainer Docker with private repository CannotPullContainerError 错误:无法在任何存储库中找到有效的 gem 'cocoapods' (>= 0) - ERROR: Could not find a valid gem 'cocoapods' (>= 0) in any repository
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM