Cannot use JuliaHub package server

I am behind a large-corp firewall, and following this advice I am trying JuliaHub. I made an account, downloaded the auth token:

PS C:\Users\Cedric> dir .julia/servers/                                                                                                                                                                                                                                                                                                             

Mode                 LastWriteTime         Length Name                                                                  
----                 -------------         ------ ----                                                                  
-a----        2023/06/02      9:58           2097 auth.toml                                                              

but somehow this isn’t enough

julia> ENV["JULIA_PKG_SERVER"] = ""                                                             
(@v1.9) pkg> add ScikitLearnBase                                                                                        
┌ Warning: could not download                                                       
│   exception = RequestError: HTTP/1.1 401 
Unauthorized while requesting            └ @ 
Updating registry at 
Resolving package versions...                                                                                        
┌ Warning: could not download                                                       
│   exception = RequestError: HTTP/1.1 401 
Unauthorized while requesting            └

Am I doing anything wrong?

My first guess is that you might have to change .julia/servers/ to .julia/servers/

But, in general, instead of managing the auth.toml files manually, I prefer to just use PkgAuthentication.jl:


That worked! Thank you. Unfortunately, I get the same hash mismatch problem installing artifacts as I did before on Julia’s default servers…

(@v1.9) pkg> add GR                                                                                                        
Resolving package versions...                                                                                         
Downloading artifact: GR                                                                                                 
Downloaded artifact: GR                                                                                                
Downloading artifact: GR                                                                                               
┌ Error: Hash Mismatch!                                                                                                 
│   Expected sha256:   8cbef895c666e99d6d9e1790cdd0f2eb44f950a43a1ad76f179a16166d53ff70                                 
│   Calculated sha256: 06c8a78b874f739e825ccdeef2a0cc478dcd8b7b9144e45ba188dd4cb3745fcf                                 
└ @ Pkg.PlatformEngines C:\Users\Cedric\AppData\Local\Programs\Julia-
1.9.0\share\julia\stdlib\v1.9\Pkg\src\PlatformEng  Downloaded artifact: GR                                                                                               
ERROR: Unable to automatically download/install artifact 'GR' from sources listed in 'C:\Users\Cedric\.julia\packages\GR_jll\0C12V\Artifacts.toml'.                                                                                           
Sources attempted:                                                                                                      
Error: This does not appear to be a TAR file/stream — invalid version string for tar file: "aP". Note: Tar.jl does not handle decompression; if the tarball is compressed you must use an external command like `gzcat` or package like CodecZlib.jl to decompress it. See the README file for examples.                                                            
Error: Verification failed. Download does not match expected hash                                                    

Somehow the firewall gets in the way, and delivers some kind of “This page is forbidden” HTML page instead of delivering the actual file, hence the hash mismatch.

I’ve tried downloading this same file from both and (both should work) using with the appropriate auth headers manually added and it works for me:

julia> using Downloads, Tar

julia> token = "secret auth token from ~/.julia/servers/";

julia> tmp ="", headers=["Authorization" => "Bearer $token", "Julia-Version" => "1.9.1"])

julia> Tar.tree_hash(`gzcat $tmp`)

You could try the same with your auth token value. You might need to refresh it, which the Pkg logic takes care of automatically. That could at least allow debugging what content you’re getting that doesn’t look like a valid tarball.

I’m also not sure why the second download would be failing since I’ve downloaded that binary from GitHub and gotten the correct SHA256 hash. But it shouldn’t even be getting to that point since the first download from JuliaHub should work.

1 Like

Hi Stefan, thank you for looking into it. We found a way to temporarily bypass the firewall, and all is good for now. Julia has entered big-corp :slightly_smiling_face: