caution verify hangs indefinitely at the Reproducing enclave image spinner when the manifest's
app_source points to a repo that doesn't exist (or is private) on Codeberg.
Repro
Verify against a manifest whose app_source is a non-existent Codeberg repo, e.g.
https://codeberg.org/example/non-existent-repo. The spinner spins forever.
Root cause
During reproduction, download_and_extract_app_source_with_git_fallback (src/cli/src/lib.rs:5420) first
tries the HTTP archive URL — that fails fast and correctly (Codeberg returns 404 for
archive/.tar.gz, bounded by reqwest timeouts).
It then falls back to shelling out to git clone/git fetch (lib.rs:5454 and the two fallback blocks
below). Codeberg/Forgejo returns 401 for the git endpoint of a non-existent repo (to avoid leaking
existence). Git responds to 401 by prompting Username for 'https://codeberg.org': on /dev/tty and
blocks. None of the git invocations set GIT_TERMINAL_PROMPT=0 / GIT_ASKPASS, redirect stdin, or impose a
timeout, and the spinner runs on its own thread with no watchdog — so it looks like a plain hang.
(GitHub returns 404 here and exits cleanly, so this is Codeberg-specific.)
Fix
- Primary: set .env("GIT_TERMINAL_PROMPT", "0") (and GIT_ASKPASS=true, .stdin(Stdio::null())) on every
git Command in the fallback. A 401 then fails fast and the existing bail! surfaces a clear error. - Defense-in-depth: add a deadline around each git call (e.g. tokio::time::timeout via spawn_blocking,
generous cap ~300s to match the HTTP path) so other stalls can't hang verify either.