Micromamba queries Conda channel server with censored URL

[maresb]

Search tried in issue tracker

token

Latest version of Mamba

2.0.4a3

Tried in Conda?

I do not have this problem with Conda, just with Mamba

Describe your issue

This comes from the conda-lock test suite when using micromamba v2.0.4.

In short, whenever Micromamba prints a channel URL to the console and that URL contains a token, it censors the token by replacing it with *****. The regression here is that when Micromamba requests a URL from the Conda channel server, the token is sent as ***** instead of its original value, so Micromamba is making invalid requests.

The input to micromamba is this explicit lockfile:

/tmp/explicit.txt:

# Generated by conda-lock.
# platform: linux-64
# input_hash: 701a99b2fc55ca5b4c2b84680513be14da721036646ddd36de7b37723525a55c
@EXPLICIT
http://localhost:32826/t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/_libgcc_mutex-0.1-conda_forge.tar.bz2#d7c89558ba9fa0495403155b64376d81
http://localhost:32826/t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/libgomp-14.2.0-h77fa898_1.conda#cc3573974587f12dda90d96e3e55a702
http://localhost:32826/t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/_openmp_mutex-4.5-2_gnu.tar.bz2#73aaf86a425cc6e73fcf236a5a46396d
http://localhost:32826/t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/libgcc-14.2.0-h77fa898_1.conda#3cb76c3f10d3bc7f1105b2fc9db984df
http://localhost:32826/t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/libzlib-1.3.1-hb9d3cd8_2.conda#edb0dca6bc32e4f4789199455a1dbeb8
http://localhost:32826/t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/zlib-1.3.1-hb9d3cd8_2.conda#c9f075ab2f33b3bbee9e62d4ad0a6cd8

To monitor what's going on, run

python3 -m http.server 32826

If I run

micromamba create --file /tmp/explicit.txt -n 3628 --yes

then I get warnings and an error:

Transaction starting
warning  libmamba Extracted package cache '~/micromamba/pkgs/libgomp-14.2.0-h77fa898_1' has invalid url
warning  libmamba Extracted package cache '~/micromamba/pkgs/_openmp_mutex-4.5-2_gnu' has invalid url
warning  libmamba Package tarball '~/micromamba/pkgs/_openmp_mutex-4.5-2_gnu.tar.bz2' is invalid
warning  libmamba Extracted package cache '~/micromamba/pkgs/libgcc-14.2.0-h77fa898_1' has invalid url
warning  libmamba Package tarball '~/micromamba/pkgs/libgcc-14.2.0-h77fa898_1.conda' is invalid
warning  libmamba Extracted package cache '~/micromamba/pkgs/libzlib-1.3.1-hb9d3cd8_2' has invalid url
warning  libmamba Extracted package cache '~/micromamba/pkgs/zlib-1.3.1-hb9d3cd8_2' has invalid url
...
p://localhost:32826/t/**********/get/proxy-channel/linux-64/libgomp-14.2.0-h77fa898_1.conda (status 404)
critical libmamba Transfer finalized, status: 404 [http://localhost:32826/t/**********/get/proxy-channel/linux-64/zlib-1.3.1-hb9d3cd8_2.conda] 469 bytes

The webserver shows that the token is being censored in the URL:

127.0.0.1 - - [25/Nov/2024 00:28:58] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:28:58] "GET /t/*****/get/proxy-channel/linux-64/zlib-1.3.1-hb9d3cd8_2.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:28:58] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:28:58] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:28:58] "GET /t/*****/get/proxy-channel/linux-64/_openmp_mutex-4.5-2_gnu.tar.bz2 HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:28:58] "GET /t/*****/get/proxy-channel/linux-64/libgomp-14.2.0-h77fa898_1.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:28:58] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:28:58] "GET /t/*****/get/proxy-channel/linux-64/libgcc-14.2.0-h77fa898_1.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:28:58] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:28:58] "GET /t/*****/get/proxy-channel/linux-64/libzlib-1.3.1-hb9d3cd8_2.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:28:58] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:28:58] "GET /t/*****/get/proxy-channel/linux-64/zlib-1.3.1-hb9d3cd8_2.conda HTTP/1.1" 404 -

When I replace micromamba with conda, you see the token being logged by the webserver:

127.0.0.1 - - [25/Nov/2024 00:30:40] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:30:40] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:30:40] "GET /t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/libzlib-1.3.1-hb9d3cd8_2.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:30:40] "GET /t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/libgomp-14.2.0-h77fa898_1.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:30:40] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:30:40] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:30:40] "GET /t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/libgcc-14.2.0-h77fa898_1.conda HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:30:40] code 404, message File not found
127.0.0.1 - - [25/Nov/2024 00:30:40] "GET /t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/_libgcc_mutex-0.1-conda_forge.tar.bz2 HTTP/1.1" 404 -
127.0.0.1 - - [25/Nov/2024 00:30:40] "GET /t/1a5eb8d110994feaa53d0d9f8bf13bbb/get/proxy-channel/linux-64/_openmp_mutex-4.5-2_gnu.tar.bz2 HTTP/1.1" 404 -

If I downgrade to 2.0.2 then the token is sent.

[jjerphan]

Thank you for the report and the handy reproducer

Using git bisect, I found that #3178 caused the regression.

[Hind-M]

Hey @maresb!
Just to be sure, is this more an issue with the censored URL displayed in the logs and sent? Is your reproducer supposed to succeed if the logs are ok (I see that with conda, it's not the case - code 404).

[maresb]

@Hind-M the token appearing in the webserver logs is expected since it is part of the URL path. (Good or bad design on this is a separate discussion.) The problem is that micromamba doesn't use the token when required for communication with the webserver.