[arch-general] PKGBUILD - clamav 0.103.4 - source .tar.gz downloads fine, .tar.gz.sig is 403? (same with Arch package)

Sat Nov 20 16:24:50 UTC 2021

On Sat, 20 Nov 2021 16:05:07 +0000, Andy Pieters via arch-general wrote:
>On Sat, 20 Nov 2021 at 13:22, Ralf Mardorf via arch-general <
>arch-general at lists.archlinux.org> wrote:
>
>> On Sat, 20 Nov 2021 13:11:41 +0100, Andreas Bosch via arch-general
>> wrote:  
>> >Am 20.11.21 um 12:10 schrieb Ralf Mardorf via arch-general:  
>> >> The "http://search.cpan.org/" issue still isn't solved [3].
>> >>  
>>
>> I think this is just a case of  HSTS. You are trying to fetch
>> resources  
>over HTTP, whereas it's set to enforce the use of https
>
>Just make sure you use https everywhere and you should be fine

That's what I did. I replaced a PKGBUILD's

http://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz

by

https://cpan.metacpan.org/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz

so I removed the search and migrated from http to https.

However, using the search URL with https does still return a 403.

[rocketmouse at archlinux tmp]$ curl --user-agent archlinux -L "https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz" --output 1_Goo-Canvas-0.06.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[rocketmouse at archlinux tmp]$ curl --user-agent archlinux --insecure -L "https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz" --output 2_Goo-Canvas-0.06.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   162  100   162    0     0   1321      0 --:--:-- --:--:-- --:--:--  1327
[rocketmouse at archlinux tmp]$ tar xf 2_Goo-Canvas-0.06.tar.gz | head -5
tar: This does not look like a tar archive

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
[rocketmouse at archlinux tmp]$ strings 2_Goo-Canvas-0.06.tar.gz | head -5
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>