The HTTP Lockable Tarball is incorrectly implemented

[Tom-Hubrecht]

When trying to use the lockable tarball mechanism on https://channels.nixos.org/nixos-unstable-small/nixexprs.tar.xz for example, the locked version is not detected. This is due to the fact that by default reqwest follows redirects, and that this url gives the link header in a 302 response.

Hence, reqwest will follow the 302 and get a different set of headers in the final 200 response that does not contain the link header.

The fix should be to set redirect(Policy::none()) while building the client used to fetch the tarball information.

[piegamesde]

Is that fix sufficient? Shouldn't it be necessary for a full fix to manually follow the redirect chain to check if any of the responses contains the header?

[Tom-Hubrecht]

Is that fix sufficient? Shouldn't it be necessary for a full fix to manually follow the redirect chain to check if any of the responses contains the header?

Indeed, that is true