Yay, I'm curious :)

when I update a package in yay there is also something else downloaded, for example I’ve just updated brave browser:

-> Download di brave-bin-1.8.95.zip in corso…
% Total % Received % Xferd Average Speed Current Dload Upload Total Spent Left Speed
100 640 100 640 0 0 3316 0 --:–:-- --:–:-- --:–:-- 3316
100 96.1M 100 96.1M 0 0 1645k 0 0:00:59 0:00:59 --:–:-- 1740k

the second package downloaded is the brave browser, but the first one? do you know if it is brave related or yay related? I was not able to find info, I’ve also seen the logs.

Do you have pahis (from EndeavourOS repo)? Maybe it will show what was upgraded along with the browser. And it’s in general a great tool to have :slight_smile:

1 Like

I have not, but I’ve seen the log, and there is only one entry, for the brave browser, nothing else.
The same thing happened the last time I’ve updated brave with yay, one small package with no name downloaded at first and after the brave browser package.

aur/brave-bin 1:1.8.95-1 (+254 22.61%) 
    Web browser that blocks ads and trackers by default (binary release).

that’s not a package it is downloading sources and building package out of it…
AUR are not packages this are buildinstructions provided by users to easy build and install apps not available in official repositories.

1 Like

It may be the little file(s) that are visible in the source variable of PKGBUILD: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=brave-bin
https://aur.archlinux.org/cgit/aur.git/tree/?h=brave-bin

1 Like

Nothing seems to weigh so little, even diff of PKGBUILD. And does it really redownload those even if there are local copies already? I’ve never paid too much attention.

maybe are:
PKGBUILD and SRCINFO?

but should not be included in the brave sources archive?

I really do not understand what is this small package of 640 bytes downloaded before brave.

It looks to me like it is getting redirected to aws for the download. Perhaps the first thing it is downloading is the redirect?

:smiley: I suppose you are right, I’ve tried again, I’ve just downloaded with yay the first small file

I’ve cleaned the yay cache and than downloaded the first small file, then stopped yay
and I’ve found in the yay cache these files:
https://aur.archlinux.org/cgit/aur.git/tree/?h=brave-bin

The only strange thing is the size, 640. Don’t know why it is like that.

1 Like

I don’t believe it is those files. yay downloads those before it runs makepkg. That output you are referencing is from when makepkg is pulling down the zip file.

If you put curl in verbose mode, you get a ton of output but you can see it does both those things while downloading the zip file. It calls out to github and then gets 302 redirected to AWS.

Here is the full output from curl
  -> Downloading brave-bin-1.8.95.zip...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 140.82.113.4:443...
* Connected to github.com (140.82.113.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2976 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*  start date: May  5 00:00:00 2020 GMT
*  expire date: May 10 12:00:00 2022 GMT
*  subjectAltName: host "github.com" matched cert's "github.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
} [5 bytes data]
> GET /brave/brave-browser/releases/download/v1.8.95/brave-v1.8.95-linux-x64.zip HTTP/1.1
> Host: github.com
> User-Agent: curl/7.70.0
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< server: GitHub.com
< date: Fri, 08 May 2020 15:57:00 GMT
< content-type: text/html; charset=utf-8
< status: 302 Found
< vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
< location: https://github-production-release-asset-2e65be.s3.amazonaws.com/110178895/951ed800-9088-11ea-8c69-9c931323adbf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200508T155700Z&X-Amz-Expires=300&X-Amz-Signature=76fdca4d2290a7e9f13b63123e448208124cd9f1316ce5ac6ad43148c2d50b87&X-Amz-SignedHeaders=host&actor_id=0&repo_id=110178895&response-content-disposition=attachment%3B%20filename%3Dbrave-v1.8.95-linux-x64.zip&response-content-type=application%2Foctet-stream
< cache-control: no-cache
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
< content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
* Added cookie _gh_sess="HciVTVSmbhZqRecUbWWrgMaCsPAVneqpugiT0AwkA%2FlOpnHJa%2B5dCSgwJqyLMlnJ3FwArGVl%2BZHeKKg1nbHkzyC7GJtB00mbh0lC0ehbsWRgsIQxvR6uhrHurY7vAoIFXP%2FJR8n2n8v8yFT0lqI9%2BLePd9wskfi9P%2BKmLUbrXEjo4tDZl3xc78SHOeO%2B%2FTI0FOQ3BtGHfcSe3j9Y%2BkPpmmOlGMieYvQUTUmHEuNgzzqU9Fkms1UoAhd2arr0hX8YBwqsHkXNEHgAFJvhjxqmZw%3D%3D--3UBKkPAKnF%2FGsCeP--zcVGhf2oFIcIaqnP5Fet%2FA%3D%3D" for domain github.com, path /, expire 0
< Set-Cookie: _gh_sess=HciVTVSmbhZqRecUbWWrgMaCsPAVneqpugiT0AwkA%2FlOpnHJa%2B5dCSgwJqyLMlnJ3FwArGVl%2BZHeKKg1nbHkzyC7GJtB00mbh0lC0ehbsWRgsIQxvR6uhrHurY7vAoIFXP%2FJR8n2n8v8yFT0lqI9%2BLePd9wskfi9P%2BKmLUbrXEjo4tDZl3xc78SHOeO%2B%2FTI0FOQ3BtGHfcSe3j9Y%2BkPpmmOlGMieYvQUTUmHEuNgzzqU9Fkms1UoAhd2arr0hX8YBwqsHkXNEHgAFJvhjxqmZw%3D%3D--3UBKkPAKnF%2FGsCeP--zcVGhf2oFIcIaqnP5Fet%2FA%3D%3D; Path=/; HttpOnly; Secure
* Added cookie _octo="GH1.1.229351314.1588953420" for domain github.com, path /, expire 1620489420
< Set-Cookie: _octo=GH1.1.229351314.1588953420; Path=/; Domain=github.com; Expires=Sat, 08 May 2021 15:57:00 GMT; Secure
* Added cookie logged_in="no" for domain github.com, path /, expire 1620489420
< Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sat, 08 May 2021 15:57:00 GMT; HttpOnly; Secure
< Content-Length: 640
< X-GitHub-Request-Id: DD6B:1220:A6044:FE0A3:5EB5814C
< 
* Ignoring the response-body
{ [109 bytes data]
100   640  100   640    0     0   1600      0 --:--:-- --:--:-- --:--:--  1600
* Connection #0 to host github.com left intact
* Issue another request to this URL: 'https://github-production-release-asset-2e65be.s3.amazonaws.com/110178895/951ed800-9088-11ea-8c69-9c931323adbf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200508T155700Z&X-Amz-Expires=300&X-Amz-Signature=76fdca4d2290a7e9f13b63123e448208124cd9f1316ce5ac6ad43148c2d50b87&X-Amz-SignedHeaders=host&actor_id=0&repo_id=110178895&response-content-disposition=attachment%3B%20filename%3Dbrave-v1.8.95-linux-x64.zip&response-content-type=application%2Foctet-stream'
*   Trying 52.216.186.203:443...
* Connected to github-production-release-asset-2e65be.s3.amazonaws.com (52.216.186.203) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [91 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2900 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.s3.amazonaws.com
*  start date: Nov  9 00:00:00 2019 GMT
*  expire date: Mar 12 12:00:00 2021 GMT
*  subjectAltName: host "github-production-release-asset-2e65be.s3.amazonaws.com" matched cert's "*.s3.amazonaws.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
*  SSL certificate verify ok.
} [5 bytes data]
> GET /110178895/951ed800-9088-11ea-8c69-9c931323adbf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200508T155700Z&X-Amz-Expires=300&X-Amz-Signature=76fdca4d2290a7e9f13b63123e448208124cd9f1316ce5ac6ad43148c2d50b87&X-Amz-SignedHeaders=host&actor_id=0&repo_id=110178895&response-content-disposition=attachment%3B%20filename%3Dbrave-v1.8.95-linux-x64.zip&response-content-type=application%2Foctet-stream HTTP/1.1
> Host: github-production-release-asset-2e65be.s3.amazonaws.com
> User-Agent: curl/7.70.0
> Accept: */*
> 
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< x-amz-id-2: esaGKnhUr3WVYTDXqXbeOK1l237NGDCDDFVVnA8baOY5RL/2WJzbpSR26BllqSfQeDvLtxxGsEE=
< x-amz-request-id: EB97A77C9638CBC3
< Date: Fri, 08 May 2020 15:57:02 GMT
< Last-Modified: Thu, 07 May 2020 08:31:33 GMT
< ETag: "65fab467e87269f150cd387c640c3c08"
< Content-Disposition: attachment; filename=brave-v1.8.95-linux-x64.zip
< Accept-Ranges: bytes
< Content-Type: application/octet-stream
< Content-Length: 100869697
< Server: AmazonS3
< 
{ [5 bytes data]
100 96.1M  100 96.1M    0     0  7923k      0  0:00:12  0:00:12 --:--:-- 8517k
* Connection #1 to host github-production-release-asset-2e65be.s3.amazonaws.com left intact

It is more obvious if you look at the much simpler output from wget

wget output
wget https://github.com/brave/brave-browser/releases/download/v1.8.95/brave-v1.8.95-linux-x64.zip
--2020-05-08 06:40:08--  https://github.com/brave/brave-browser/releases/download/v1.8.95/brave-v1.8.95-linux-x64.zip
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving github.com (github.com)... 140.82.112.3
Connecting to github.com (github.com)|140.82.112.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/110178895/951ed800-9088-11ea-8c69-9c931323adbf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200508T114009Z&X-Amz-Expires=300&X-Amz-Signature=3b2e833db30687a9549acae7c458b70d6e06414fdcc22fdb48840355f410d9a0&X-Amz-SignedHeaders=host&actor_id=0&repo_id=110178895&response-content-disposition=attachment%3B%20filename%3Dbrave-v1.8.95-linux-x64.zip&response-content-type=application%2Foctet-stream [following]
--2020-05-08 06:40:09--  https://github-production-release-asset-2e65be.s3.amazonaws.com/110178895/951ed800-9088-11ea-8c69-9c931323adbf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200508T114009Z&X-Amz-Expires=300&X-Amz-Signature=3b2e833db30687a9549acae7c458b70d6e06414fdcc22fdb48840355f410d9a0&X-Amz-SignedHeaders=host&actor_id=0&repo_id=110178895&response-content-disposition=attachment%3B%20filename%3Dbrave-v1.8.95-linux-x64.zip&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.98.107
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.98.107|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 100869697 (96M) [application/octet-stream]
Saving to: ‘brave-v1.8.95-linux-x64.zip’

brave-v1.8.95-linux-x64.zip                                   100%[==============================================================================================================================================>]  96.20M  37.1MB/s    in 2.6s    

2020-05-08 06:40:12 (37.1 MB/s) - ‘brave-v1.8.95-linux-x64.zip’ saved [100869697/100869697]
2 Likes

I’m not able to understand what is this small file, where yay is saving it.
I’ve tried again to download brave, but yay is always downloading this small 640 bytes file before brave

At that point, it is pure curl, not yay. Basically yay is calling makepkg which is calling curl to download the file. You will see the exact same behavior if you call curl with the flags specified in /etc/makepkg.conf for https.

Also, I am not sure that it is saving what it is downloading there.

1 Like

It looks like a cookie…

2 Likes

I love them
image
but my doctor said … :frowning:
one of them has almost 100 kilo calories.
And they wouldn’t be good for my bmi (body mass index) :sob:

I bake them :smiley:

I fell in love with you, do you want to have children with me?
(I always assume that only women bake, like my ex-wife)
:wink: :slight_smile:

All back, the doctor forbade me. LOL :joy:

es gibt Konditoren und Konditorinnen :smiley:

1 Like

would it be possible? that I get a cookie from the brave browser web site?

Sure,
I would never use this browser but what is safe these days.
If it’s not in the software, then the hardware is spying on you.

1 Like