CocoaPods
CocoaPods copied to clipboard
CocoaPods
CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403
Notes from @Orta
This is now resolved: https://github.com/CocoaPods/CocoaPods/issues/11355#issuecomment-1123912409
Old notes:
We're looking into it, but we now need to get in touch with Cloudflare, so hard to give any estimates. Basically the network traffic from CocoaPods is getting false-flagged as being unusual and hitting DDoS detection.
In the meanwhile, you can avoid this happening to your project by adding this code to your Podfile:
- source 'source 'https://cdn.cocoapods.org/'
+ source 'https://github.com/CocoaPods/Specs.git'
To your Podfile, which skips using the CDN entirely.
- [x] I've read and understood the CONTRIBUTING guidelines and have done my best effort to follow.
Report
When issuing bundle exec pod install, we are getting the following monster of an error:
bundle exec pod install
Analyzing dependencies
[!] CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403 <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>
<!--[if gte IE 10]><!-->
<script>
if (!navigator.cookieEnabled) {
window.addEventListener('DOMContentLoaded', function () {
var cookieEl = document.getElementById('cookie-alert');
cookieEl.style.display = 'block';
})
}
</script>
<!--<![endif]-->
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
<div id="cf-error-details" class="cf-error-details-wrapper">
<div class="cf-wrapper cf-header cf-error-overview">
<h1 data-translate="block_headline">Sorry, you have been blocked</h1>
<h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> cocoapods.org</h2>
</div><!-- /.header -->
<div class="cf-section cf-highlight">
<div class="cf-wrapper">
<div class="cf-screenshot-container cf-screenshot-full">
<span class="cf-no-screenshot error"></span>
</div>
</div>
</div><!-- /.captcha-container -->
<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>
<p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
</div>
<div class="cf-column">
<h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>
<p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
</div>
</div>
</div><!-- /.section -->
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7099e9e90ea8f15e</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Your IP</span>: 155.4.62.115</span>
<span class="cf-footer-separator sm:hidden">•</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
</div><!-- /.error-footer -->
</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->
<script>
window._cf_translation = {};
</script>
</body>
</html>
What did you do?
bundle exec pod install
What did you expect to happen?
for the pods to be installed!
What happened instead?
monster error as shown above!
CocoaPods Environment
bundle exec pod env
objc[13908]: Class AppleTypeCRetimerRestoreInfoHelper is implemented in both /usr/lib/libauthinstall.dylib (0x2163a5eb0) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10442c4f8). One of the two will be used. Which one is undefined.
objc[13908]: Class AppleTypeCRetimerFirmwareAggregateRequestCreator is implemented in both /usr/lib/libauthinstall.dylib (0x2163a5f00) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10442c548). One of the two will be used. Which one is undefined.
objc[13908]: Class AppleTypeCRetimerFirmwareRequestCreator is implemented in both /usr/lib/libauthinstall.dylib (0x2163a5f50) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10442c598). One of the two will be used. Which one is undefined.
objc[13908]: Class ATCRTRestoreInfoFTABFile is implemented in both /usr/lib/libauthinstall.dylib (0x2163a5fa0) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10442c5e8). One of the two will be used. Which one is undefined.
objc[13908]: Class AppleTypeCRetimerFirmwareCopier is implemented in both /usr/lib/libauthinstall.dylib (0x2163a5ff0) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10442c638). One of the two will be used. Which one is undefined.
objc[13908]: Class ATCRTRestoreInfoFTABSubfile is implemented in both /usr/lib/libauthinstall.dylib (0x2163a6040) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10442c688). One of the two will be used. Which one is undefined.
[!] CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403 <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>
<!--[if gte IE 10]><!-->
<script>
if (!navigator.cookieEnabled) {
window.addEventListener('DOMContentLoaded', function () {
var cookieEl = document.getElementById('cookie-alert');
cookieEl.style.display = 'block';
})
}
</script>
<!--<![endif]-->
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
<div id="cf-error-details" class="cf-error-details-wrapper">
<div class="cf-wrapper cf-header cf-error-overview">
<h1 data-translate="block_headline">Sorry, you have been blocked</h1>
<h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> cocoapods.org</h2>
</div><!-- /.header -->
<div class="cf-section cf-highlight">
<div class="cf-wrapper">
<div class="cf-screenshot-container cf-screenshot-full">
<span class="cf-no-screenshot error"></span>
</div>
</div>
</div><!-- /.captcha-container -->
<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>
<p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
</div>
<div class="cf-column">
<h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>
<p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
</div>
</div>
</div><!-- /.section -->
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7099ebfb7c89990e</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Your IP</span>: 155.4.62.115</span>
<span class="cf-footer-separator sm:hidden">•</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
</div><!-- /.error-footer -->
</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->
<script>
window._cf_translation = {};
</script>
</body>
</html>
Project that demonstrates the issue
Any project would do
Same issue here. It's fine locally, but our Bitrise hosted CI doesn't seem to be getting through. Ray ID is 7099e760bf3c0d08 if it helps 👍
Working fine here:
> curl https://cdn.cocoapods.org/CocoaPods-version.yml
---
min: 1.0.0
last: 1.11.3
prefix_lengths:
- 1
- 1
- 1
I'd recommend following the instructions in the HTML
Working fine here:
> curl https://cdn.cocoapods.org/CocoaPods-version.yml --- min: 1.0.0 last: 1.11.3 prefix_lengths: - 1 - 1 - 1I'd recommend following the instructions in the HTML
Hi and thank you. Are you suggesting that as long as I can manually CURL, then cocoa pods should work as well? I don't understand the logic behind this.
I can curl, but Cocoapods can't connect to the URL
Getting the same here locally.
[!] CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/Specs/8/e/5/WPMediaPicker/1.8.4-beta.1/WPMediaPicker.podspec.json Response: 403 <!DOCTYPE html>
Same HTML output too.
curl https://cdn.cocoapods.org/CocoaPods-version.yml
works, but I'm still getting error during pod install:
[!] CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403
Cloudflare must be looking at headers.
Same issue here at Microsoft running on Azure DevOps. Hitting the URL manually works fine. Running pod install on any machine I have access to fails.
It generally looks like Cloudflare thinks we're being DDOS'd, while I've not got full insight into the how/whys of that yet, I've found a few rules which I think were over triggering ( good guess on the headers @szotp as that's one of the things which came up) and we'll see if that reduces the errors being raised
It generally looks like Cloudflare thinks we're being DDOS'd, while I've not got full insight into the how/whys of that yet, I've found a few rules which I think were over triggering ( good guess on the headers @szotp as that's one of the things which came up) and we'll see if that reduces the errors being raised
Thank you. I am having this issue locally and on CircleCI, so is my colleague locally as well
Same here. I can curl and access the URL via browser but pod install keeps failing. My raid ID is 709a09ddbef68669
Getting related issue here as well:
CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/Specs/0/3/5/Firebase/9.0.0/Firebase.podspec.json
Same issue, in browser I can open the link, pod install/update fails with 403
I've shipped a few more rule changes to cloudflare's DDOS detection which is starting to see the numbers of raised blocks go down further.
If you are about to comment that it's not working for you please wait for at least 5m before the last comment, I don't want to have to lock this thread to keep it feasible to be on track.
Waited 5 mins, still receiving the issue:
CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403
Same here.
CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403
Small update. We are seeing that CocoaPods-version.yml is being returned now as expected, but failing on .podspec.json files now. Moving in the right direction! :D Thanks for the great work so far @orta !
Waited also more than 5 minute. Still same error : [!] CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/all_pods_versions_9_8_c.txt Response: 403 Azure CI not working
It is https://cdn.cocoapods.org/all_pods_versions_3_6_9.txt for me.
FWIW, I found that having Accept-Encoding and specific User-Agent (of Typhoeus) causes the block.
Removing these headers or different User-Agent (even just making it "Typhoeus") looks make it succeed, while different Accept-Encoding values like gzip or text doesn't work seemingly.
curl -i -H "Accept-Encoding:*" -H "User-Agent:Typhoeus - https://github.com/typhoeus/typhoeus" https://cdn.cocoapods.org/all_pods_versions_3_6_9.txt
HTTP/2 403
date: Wed, 11 May 2022 10:17:22 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=15
expires: Wed, 11 May 2022 10:17:37 GMT
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PdJD37YcCQZg7T5wipDOEhUnvaePilsaNmI3lPwrhXkOALDf6%2F3C8oeEro4BKSsKUzN1slJNXpZur6xET3lb6YPHO0a%2FUcYIt2KouN8cFwOLBwPbEyXkBqdwiMAWcWKlL9qABZ6XgQ16%2FZijO4%2FK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 709a2a1bc86b8a9c-NRT
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
Temporary local fix:
Find cdn_source.rb (find ~ -name 'cdn_source.rb') and replace
:headers => etag.nil? ? {} : { 'If-None-Match' => etag },
with
:headers => etag.nil? ? { 'User-Agent' => 'any' } : { 'If-None-Match' => etag },
Or just add this in Podfile:
pre_install do
require 'typhoeus'
Typhoeus::Config.user_agent = 'any'
end
CDN: trunk URL couldn't be downloaded: https://cdn.cocoapods.org/CocoaPods-version.yml Response: 403
I think CocoaPods-version.yml is still not returning normally. Status page shows AOK!
I also updated my Podfile to make use of a different source, namely: source 'https://github.com/CocoaPods/Specs.git', however, it seems to be stuck at Cloning spec repo 'cocoapods' from 'https://github.com/CocoaPods/Specs.git'.
Anyone else experiencing this?
I also updated my Podfile to make use of a different source, namely:
source 'https://github.com/CocoaPods/Specs.git', however, it seems to be stuck atCloning spec repococoapodsfrom 'https://github.com/CocoaPods/Specs.git'.Anyone else experiencing this?
That step took a few mins for me, but worked eventually