Bug#1092987: marked as done (vagrant: free Vagrant versions no longer work with HashiCorp Cloud Platform's Vagrant registry)

[Debian Bug Tracking System]

Your message dated Fri, 24 Jan 2025 21:38:03 +0000
with message-id <e1tbrnl-0021vq...@fasolo.debian.org>
and subject line Bug#1092987: fixed in vagrant 2.3.7+git20230731.5fc64cde+dfsg-3
has caused the Debian Bug report #1092987,
regarding vagrant: free Vagrant versions no longer work with HashiCorp Cloud 
Platform's Vagrant registry
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1092987: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092987
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vagrant
Version: 2.2.14+dfsg-2
Severity: serious

Hi,

It looks like a change in HCP (HashiCorp Cloud Platform, the replacement
for Vagrant Cloud to host Vagrant boxes images), introduced around
2025-01-09, broke versions of Vagrant below 2.4.0 (2.4.0 being the first
release of Vagrant under the 'Business Source License').

As a result, this makes it impossible to download images from HCP using
free versions of Vagrant (the versions packaged in Debian).

In detail (according to vagrant up --debug):
Up to Vagrant 2.3.7, vagrant fetches box metadata using:
/opt/vagrant/embedded/bin/curl -q -I --fail --location --max-redirs 10 
--verbose --user-agent "Vagrant/2.3.7 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
and then:
opt/vagrant/embedded/bin/curl -q --fail --location --max-redirs 10 --verbose 
--user-agent "Vagrant/2.3.7 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
(without -I to fetch the actual data)

Since Vagrant 2.4.0, vagrant tries both:
/opt/vagrant/embedded/bin/curl -q -I --fail --location --max-redirs 10 
--verbose --user-agent "Vagrant/2.4.0 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/api/v2/vagrant/debian/bookworm64
and
/opt/vagrant/embedded/bin/curl -q -I --fail --location --max-redirs 10 
--verbose --user-agent "Vagrant/2.4.0 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
then decides to use
/opt/vagrant/embedded/bin/curl -q --fail --location --max-redirs 10 --verbose 
--user-agent "Vagrant/2.4.0 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/api/v2/vagrant/debian/bookworm64

As one can see,
curl --location --verbose -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
no longer returns a JSON document, so Vagrant <2.4.0 fails to fetch box
metadata (and thus check for updates, get download link, etc.)

There are various reports of breakage on
https://github.com/hashicorp/vagrant/issues, most notably
https://github.com/hashicorp/vagrant/issues/13571 .

At this point, it's not clear if this change is intentional, so let's
not discuss consequences at this point. I opened a ticket on HashiCorp's ZenDesk
(https://support.hashicorp.com/hc/en-us/requests/171591)

Lucas

--- End Message ---

--- Begin Message ---

Source: vagrant
Source-Version: 2.3.7+git20230731.5fc64cde+dfsg-3
Done: Lucas Nussbaum <lu...@debian.org>

We believe that the bug you reported is fixed in the latest version of
vagrant, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1092...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lucas Nussbaum <lu...@debian.org> (supplier of updated vagrant package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Jan 2025 22:27:33 +0100
Source: vagrant
Architecture: source
Version: 2.3.7+git20230731.5fc64cde+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Lucas Nussbaum <lu...@debian.org>
Closes: 1091664 1092987
Changes:
 vagrant (2.3.7+git20230731.5fc64cde+dfsg-3) unstable; urgency=medium
 .
   * Add patch 0012-Loosen-dependency-on-ruby.patch
     + Support Ruby 3.3. Closes: #1091664
   * Add patch 0013-Fix-the-default-vagrant-URL-for-pulling-boxes.patch
     + Fix incompatibility introduced by Hashicorp that prevented
       the public registry to work with this version of Vagrant.
       Closes: #1092987
Checksums-Sha1:
 175c266ff202712936b3120c5d8da520d0eadbaa 2855 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3.dsc
 74852bb078ddd4892aa3d8c6bf92fe77d93e8197 17748 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3.debian.tar.xz
 cfc3001734800af35384ee495acbb0f4cbd9f94f 15096 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3_source.buildinfo
Checksums-Sha256:
 5f48d32f69632a68277eb57870009ed1a4a88843a28e7f09026bf4704a7d3945 2855 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3.dsc
 1efe9aea113ff5f9a3148c190350ce5b8ca8a74dd09702814541bd492821cd5c 17748 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3.debian.tar.xz
 a07206ccabfb5e288369541a15251aa12e36dcbff34cb76e196109b56177dac1 15096 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3_source.buildinfo
Files:
 99aaacf25a1abe04e81fc4cf23e734b2 2855 admin optional 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3.dsc
 06c4448015cc1db4d0708a866f700ed9 17748 admin optional 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3.debian.tar.xz
 6d7ed4e1a054227c1788e84df60f34bb 15096 admin optional 
vagrant_2.3.7+git20230731.5fc64cde+dfsg-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/t7ByzN7z1CfQ8IkORS1MvTfvpkFAmeUBhQACgkQORS1MvTf
vpkHIRAAkvYKC/Nu4RuQu0CJA/qGIa+mRCxnsKN5RtmWzh2//Pd8a1iyBi56sLK7
+IdEErJOOrGZtGRxhfMrlErlkeTpd7ex041yDWc6w30eoyWEgjECRzsEFJIg3n07
WapeebPupL9vJeQtBF2bWQukaRIJrsokHXzWVClPgTicozyu3v4ZnMWbfIlUDhTQ
nYvWLW6xP3NoOW2xyuEeDrYtwpajAz+JBV4r7oGv+LJj64q290bo/WpNCgoW1xIj
2WkjPTfX8WU6C+n9oTS21bhY96A4q3eMAiXdc3eeThjEo69nQwa3wSqI7hRz1dMh
tcZmKr1hIMTlCo5MLWHmV+7stYTMfZeOwG/NC/iaR+1n7diJ2ldDlBifHR1UZ80p
tOT3viKL4typT+/v+2nsjGcxXr/4hjEUj0A+lrOTnorxXss21qu3569JTZ2XgBkt
elhR7ie9vLQQCvbKIsjnZvBAOA5TpsYDX4JNbx7yfIRVMUhIeGBtPh0QV5DlNzYx
RR8zhs3wMd6MZjqc/X06IrOqqKDtqYQvGyO9xRyPzhfMitC7KMbLddmifvCONgH1
wwxlLyUIxuFdCCcrjvqeJCdl0D4PrDuMqGlT1/taI5ndMvD82xSRmnRQIrcWpvPM
eP5OgAY5aWnplF1ZwZw6vylmi34IbO4sxhvp6gqVe4KfMUUCes4=
=pMX+
-----END PGP SIGNATURE-----

pgpdU3TRFJZ8u.pgp
Description: PGP signature

--- End Message ---