Non-legal URL character leads HTTP 400 errors with strict package mirror

[Starbix]

Under certain configurations the mirror of specific repositories can fail. Two things need to be true for this error to occur:

• Try to sync a repository containing a package, where the name includes a character that is not URI safe (i.e. not part of the reserved or unreserved characters in rfc3986, e.g. the caret ^). An example is EPEL containing DNS-Compliance-Testing-0^20230708git4aea40b-1.el8.x86_64.rpm
• The source repository (which may be a proxy to the original repo) does not accept URLs containing these invalid characters, i.e. it rejects URLs not conforming to rfc3986.

Artifactory for example returns HTTP 400 to URLs containing ^. It only accepts URLs with the caret URL-encoded as %5E. Oracle's repo (and the original Fedora EPEL) are more lax and accept those URLs without extra percent-encoding, meaning this error does not occur.

Log output:

(65/29342)  ➙ getPackage/CharLS-2.0.0-6.el8.x86_64.rpm ... OK
(66/29342)  ➙ getPackage/CharLS-devel-2.0.0-6.el8.x86_64.rpm ... OK
(67/29342)  ➙ getPackage/DNS-Compliance-Testing-0^20230708git4aea40b-1.el8.x86_64.rpm ... WARNING Curl error (22): The requested URL returned error: 400
Retrying (1/3) ... WARNING Curl error (22): The requested URL returned error: 400
Retrying (2/3) ... WARNING Curl error (22): The requested URL returned error: 400
Retrying (3/3) ... KO Curl error (22): The requested URL returned error: 400

Solution(s):

• Sync directly from Oracle
• Escape characters in Repo/Mirror/Rpm.php

            $escapedLocation = curl_escape($this->curlHandle, $rpmPackageLocation);

            if (!$this->download($url . '/' . $escapedLocation, $absoluteDir . '/' . $rpmPackageName, 3)) {
                $this->logError('error', 'Error while retrieving packages');
            }