Regression in 1.11.0 for custom spec repos that require authentication

[grigorye]

• I've read and understood the CONTRIBUTING guidelines and have done my best effort to follow.

Report

What did you do?

1. Have Podfile referring to custom spec repo, like below (I'm replacing real-life url components with foo/bar due to corporate requirements):

install! 'cocoapods', :integrate_targets => false

source "https://foo/bar/cocoapod-specs.git"
source "https://cdn.cocoapods.org"

platform :ios, '14.0'
inhibit_all_warnings!

target 'Baz' do
    pod 'AFNetworking'
end

2. Make sure that at the same time:

• you can git clone https://foo/bar/cocoapod-specs.git by e.g. employing GitHub personal access token
• visiting https://foo/bar/cocoapod-specs.git in a private browser triggers authentication (in real life it's a web page redirecting to authentication). (We use something called "SAML single sign-on").

3. Erase ~/.cocoapods
4. Run bundle exec pod install

What did you expect to happen?

Both standard cdn and custom spec repos are cloned in ~/.cocoapods, pod install succeeds.

What happened instead?

$ bundle exec pod install
Analyzing dependencies
[!] Couldn't determine repo type for URL: `https://foo/bar/cocoapod-specs.git`: (<unknown>): mapping values are not allowed in this context at line 27 column 25

$ bundle exec pod install --verbose
...
Resolving dependencies of `Podfile`
  CDN: trunk Relative path: CocoaPods-version.yml exists! Returning local because checking is only performed in repo update
[!] Couldn't determine repo type for URL: `https://foo/bar/cocoapod-specs.git`: (<unknown>): mapping values are not allowed in this context at line 27 column 25

/Users/gentin/.transient/bundle/vendor/ruby/2.6.0/gems/cocoapods-1.11.2/lib/cocoapods/sources_manager.rb:92:in `rescue in cdn_url?'
/Users/gentin/.transient/bundle/vendor/ruby/2.6.0/gems/cocoapods-1.11.2/lib/cocoapods/sources_manager.rb:73:in `cdn_url?'
/Users/gentin/.transient/bundle/vendor/ruby/2.6.0/gems/cocoapods-1.11.2/lib/cocoapods/sources_manager.rb:37:in `create_source_with_url'
/Users/gentin/.transient/bundle/vendor/ruby/2.6.0/gems/cocoapods-1.11.2/lib/cocoapods/sources_manager.rb:22:in `find_or_create_source_with_url'

Workaround

The workaround is to manually add the repo, like in

bundle exec pod add repo Bar https://foo/bar/cocoapod-specs.git

After that bundle exec pod install works as expected.

Guess work

I guess that before 1.11 CocoaPods used only command-line git in the affected scenario, while in 1.11 it apparently triggers load of CocoaPods-version.yml via OpenURI, that fails due to lack of authentication. (Dumping response.read on line 87 shows the content of the page that redirects myself into authentication flow, like "Initiating SAML single sign-on" and etc.).

CocoaPods Environment

Stack

   CocoaPods : 1.11.2
        Ruby : ruby 2.6.3p62 (2019-04-16 revision 67580) [universal.x86_64-darwin20]
    RubyGems : 3.0.3
        Host : macOS 11.6 (20G165)
       Xcode : 13.0 (13A233)
         Git : git version 2.33.0
Ruby lib dir : /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib
Repositories : 

Installation Source

Executable Path: /Users/gentin/.transient/bundle/vendor/ruby/2.6.0/bin/pod

Plugins

cocoapods-deintegrate : 1.0.5
cocoapods-plugins     : 1.0.0
cocoapods-search      : 1.0.1
cocoapods-trunk       : 1.6.0
cocoapods-try         : 1.2.0

Podfile

install! 'cocoapods', :integrate_targets => false

source "https://foo/bar/cocoapod-specs.git"
source "https://cdn.cocoapods.org"

platform :ios, '14.0'
inhibit_all_warnings!

target 'Baz' do
    pod 'AFNetworking'
end

Project that demonstrates the issue

Unfortunately I can not provide a project that demonstrates the issue the whole thing is related to corp network/vpn and etc.

A tailored version that uses foo/bar as url components for the custom spec repo is below:

https://github.com/grigorye/CocoaPods-1.11-Authentication-Issue

[KostyaSha]

I think this issue exists before, but there is also question on how auth is sent, because requests to gitlab with valid netrc config, didn't get 404 in comparison with logged in user. They were redirected to 200 login page. Though that may be company related proxy setup. However the source of topic issue is exception during YAML.load. PR was provided.

[grigorye]

I think this issue exists before,

Just in case, sorry for not being clear: this is clearly regression in our case - we've been using CocoaPods for years with the above configuration without a problem, i.e. it's not reproducible in 1.10.2, and downgrading to 1.10.2 is the only solution for us at the moment.

[grigorye]

@KostyaSha In any case, I checked our setup with your PR branch, and it looks like it solves the problem in our case. Thanks!

[bcorrea2]

@grigorye @KostyaSha same problem here, @KostyaSha works just fine 👍 tk you

[igor-makarov]

Fixed by #11221 👍🏻

Thanks to @KostyaSha!