Bug#1092987: marked as done (vagrant: free Vagrant versions no longer work with HashiCorp Cloud Platform's Vagrant registry)

[Debian Bug Tracking System]

Your message dated Sat, 25 Jan 2025 17:17:10 +0000
with message-id <e1tbjmq-0060tg...@fasolo.debian.org>
and subject line Bug#1092987: fixed in vagrant 2.3.4+dfsg-1+deb12u1
has caused the Debian Bug report #1092987,
regarding vagrant: free Vagrant versions no longer work with HashiCorp Cloud 
Platform's Vagrant registry
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1092987: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092987
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vagrant
Version: 2.2.14+dfsg-2
Severity: serious

Hi,

It looks like a change in HCP (HashiCorp Cloud Platform, the replacement
for Vagrant Cloud to host Vagrant boxes images), introduced around
2025-01-09, broke versions of Vagrant below 2.4.0 (2.4.0 being the first
release of Vagrant under the 'Business Source License').

As a result, this makes it impossible to download images from HCP using
free versions of Vagrant (the versions packaged in Debian).

In detail (according to vagrant up --debug):
Up to Vagrant 2.3.7, vagrant fetches box metadata using:
/opt/vagrant/embedded/bin/curl -q -I --fail --location --max-redirs 10 
--verbose --user-agent "Vagrant/2.3.7 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
and then:
opt/vagrant/embedded/bin/curl -q --fail --location --max-redirs 10 --verbose 
--user-agent "Vagrant/2.3.7 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
(without -I to fetch the actual data)

Since Vagrant 2.4.0, vagrant tries both:
/opt/vagrant/embedded/bin/curl -q -I --fail --location --max-redirs 10 
--verbose --user-agent "Vagrant/2.4.0 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/api/v2/vagrant/debian/bookworm64
and
/opt/vagrant/embedded/bin/curl -q -I --fail --location --max-redirs 10 
--verbose --user-agent "Vagrant/2.4.0 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
then decides to use
/opt/vagrant/embedded/bin/curl -q --fail --location --max-redirs 10 --verbose 
--user-agent "Vagrant/2.4.0 (+https://www.vagrantup.com; ruby3.1.4)" 
--continue-at - -H "Accept: application/json" 
https://vagrantcloud.com/api/v2/vagrant/debian/bookworm64

As one can see,
curl --location --verbose -H "Accept: application/json" 
https://vagrantcloud.com/debian/bookworm64
no longer returns a JSON document, so Vagrant <2.4.0 fails to fetch box
metadata (and thus check for updates, get download link, etc.)

There are various reports of breakage on
https://github.com/hashicorp/vagrant/issues, most notably
https://github.com/hashicorp/vagrant/issues/13571 .

At this point, it's not clear if this change is intentional, so let's
not discuss consequences at this point. I opened a ticket on HashiCorp's ZenDesk
(https://support.hashicorp.com/hc/en-us/requests/171591)

Lucas

--- End Message ---

--- Begin Message ---

Source: vagrant
Source-Version: 2.3.4+dfsg-1+deb12u1
Done: Lucas Nussbaum <lu...@debian.org>

We believe that the bug you reported is fixed in the latest version of
vagrant, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1092...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lucas Nussbaum <lu...@debian.org> (supplier of updated vagrant package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Jan 2025 22:31:10 +0100
Source: vagrant
Architecture: source
Version: 2.3.4+dfsg-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Ruby Team 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Lucas Nussbaum <lu...@debian.org>
Closes: 1092987
Changes:
 vagrant (2.3.4+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Add patch 0008-Fix-the-default-vagrant-URL-for-pulling-boxes.patch:
     Work-around change introduced by Hashicorp that broke the public Vagrant
     registry with this version of Vagrant. Closes: #1092987
Checksums-Sha1:
 17803ac03634d4eee9039c4195ac39b5f5ca4190 2748 vagrant_2.3.4+dfsg-1+deb12u1.dsc
 b3f6667e75177c6471c0d2b0f767a5130645407f 16312 
vagrant_2.3.4+dfsg-1+deb12u1.debian.tar.xz
 cf50b1568b2353e8b9081017db96e97584d6d415 15010 
vagrant_2.3.4+dfsg-1+deb12u1_source.buildinfo
Checksums-Sha256:
 a0a59d548583586d88bba1df915f3f79a40cb59d9f2e77510cd63d787eac4303 2748 
vagrant_2.3.4+dfsg-1+deb12u1.dsc
 5badf6884b47b2f1382e9685b70368e0960e71136b0192e6424471f0d3c15cb9 16312 
vagrant_2.3.4+dfsg-1+deb12u1.debian.tar.xz
 a8c39107c8ec65a0ffda085fa7cc0f9e7ff1057d24a13313a21db57ac827e2a3 15010 
vagrant_2.3.4+dfsg-1+deb12u1_source.buildinfo
Files:
 7bc2f3731ecfc9ee784f43fc0b87c366 2748 admin optional 
vagrant_2.3.4+dfsg-1+deb12u1.dsc
 0959e9fe2a3f07aa0fdef86f130a1967 16312 admin optional 
vagrant_2.3.4+dfsg-1+deb12u1.debian.tar.xz
 a7ab296aff8ed2c6c8791471d2022513 15010 admin optional 
vagrant_2.3.4+dfsg-1+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/t7ByzN7z1CfQ8IkORS1MvTfvpkFAmeUCwUACgkQORS1MvTf
vpkC0Q/7BLqfeRP+FNyub6qflJuXvoB/ibyHCJAXN3QEoS+xuBo8fwkvziU3AHlT
EjOiCHB/C6KxTp8fq82XA+dxvmZYdEL3REoKo1wQz0PI0BFBOVJNEwPm6tov+sJg
tUZnWlWZpgC6w6eAK6suNXIEGzYqZboNr7aOItonrRl0S6fXt0QgOMNzcZwJ9vs8
eSdF2MaJ9q27rZJO6yru+Hm3xZ7br71BuQXac0cMtmiEleDDBg4f3Tfd269hODTV
SyXbAKTo5xYX5dN0sLCu09kN3j3dmOCMAiPxXY2Dgudi5KMcAcvqJqukNXQg+iyn
88c5hHHbyaTXeo4L98Rpw90qSp7SpTEgpnCFe3Ej8DE4Oz7mT/oMwl6YOd9/GX+o
TzkOGywOle3/4nstgF6DeqKkgy1NrK5XyvNly7vjAwIqs9Ugv4HfXILNTf9i4QLe
aS1CemyVbQTbNX7i8WYezOnSV1BqMdtmnPXxQKPKw6S0CbkSXX8KpRhjR30JlFV0
CnvQWi6aZKVuX5c1rC3Y6T6hyvdUAIv9g2jKVs2RSSBed15mQS44X/w8hDw2LGv6
bOvfXZ+usa0PHAxWAPJMbaDJfWpKqTMxLiWVmAQxnKeSxwcgRtkDVvkF7WQ3Y1GU
dUg3vJK8lC+YvyKy25+9k2ryHJn4A9KWX+SrtFx9BNypBS8mcWM=
=lWhf
-----END PGP SIGNATURE-----

pgp5dsZHo3cxg.pgp
Description: PGP signature

--- End Message ---