I can reproduce this problem on any version of 2.4 that I've tested:
$ podman run -it --rm --publish=8080:80 -v
/home/gordon/http:/var/www/html:z fedora:43
# dnf install -y httpd
# rpm -q httpd
httpd-2.4.66-1.fc43.x86_64
jod-thread-1.0.0.crate and jod-thread-1.0.0.tar.gz are the same file on
the Apache httpd server:
# sha256sum jod-thread-1.0.0.*
a037eddb7d28de1d0fc42411f501b53b75838d313908078d6698d064f3029b24
jod-thread-1.0.0.crate
a037eddb7d28de1d0fc42411f501b53b75838d313908078d6698d064f3029b24
jod-thread-1.0.0.tar.gz
Compliant clients (which includes wget, "curl --compressed", and
Firefox) will not save the crate file correctly.
wget https://localhost:8080/packages/jod-thread-1.0.0.crate
wget https://localhost:8080/packages/jod-thread-1.0.0.tar.gz
file jod-thread-1.0.0.*
jod-thread-1.0.0.crate: POSIX tar archive (GNU)
jod-thread-1.0.0.tar.gz: gzip compressed data, was
"jod-thread-1.0.0.crate", max compression, original size modulo 2^32 25088
That's because httpd describes them differently. For the tar.gz file, it
responds "Content-Type: application/x-gzip", while it responds for the
crate file, "Content-Type: application/x-tar Content-Encoding: gzip".
The content-encoding header is an instruction to the client indicating
that the client must inflate the file with gzip to get the original
content, which is wrong.
curl exhibits the same behavior when it tells the server that it
supports gzip encoding:
curl --compressed https://localhost:8080/packages/jod-thread-1.0.0.crate
-o jod-thread-1.0.0.crate
curl --compressed
https://localhost:8080/packages/jod-thread-1.0.0.tar.gz -o
jod-thread-1.0.0.tar.gz
file jod-thread-1.0.0.*
jod-thread-1.0.0.crate: POSIX tar archive (GNU)
jod-thread-1.0.0.tar.gz: gzip compressed data, was
"jod-thread-1.0.0.crate", max compression, original size modulo 2^32 25088
However, curl's default behavior is to not specify any accepted
encodings, and to ignore the content-type and content-encoding headers:
curl -v https://localhost:8080/packages/jod-thread-1.0.0.crate -o
jod-thread-1.0.0.crate
# Request: Accept: */*
# Response: Content-Type: application/x-tar
# Content-Encoding: x-gzip
In this case, the saved file is the same as the server's file, but only
because curl ignores Content-Encoding header if it was not instructed to
set the "Accept-Encodings" header.
httpd's default behavior makes it difficult to serve data files whose
checksum will be verified, because conforming clients will inflate
compressed files inappropriately. Sites can work around this by adding
"AddType application/x-gzip .crate .etc .etc" to their configuration,
but the default configuration acknowledges that the correct MIME type
for a tar.gz is application/x-gzip, and the mime_magic_module should do
the same.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
