403 Forbidden on devkitpro assets when installing gpg key and dkp-pacman

[kevinrineer]

Bug Report

I'm not sure if this is related to #398 (perhaps also #56), because what I ran into is also a recent 403 error.

What's the issue you encountered?

I believe that the Cloudflare security level on the apt.devkitpro.org sub-domain is preventing the CLI tool of wget in the instructions on https://devkitpro.org/wiki/devkitPro_pacman from fetching the installation bootstrap script as well as the gpg key.

Lying about my user agent works. Seeing the cf_chl_opt and cRay: '9b9eaddeded7b991' makes me believe this is caused by CloudFlare's WAF.

How can the issue be reproduced?

This was done on a fresh Ubuntu 24.04 installation.

root@hostname:~# wget -O /usr/local/share/keyring/devkitpro-pub.gpg https://apt.devkitpro.org/devkitpro-pub.gpg
/usr/local/share/keyring/devkitpro-pub.gpg: No such file or directory
root@hostname:~# ls /usr/local/share/
ca-certificates  fonts  man  sgml  xml
root@hostname:~# wget https://apt.devkitpro.org/devkitpro-pub.gpg
--2026-01-06 14:52:42--  https://apt.devkitpro.org/devkitpro-pub.gpg
Resolving apt.devkitpro.org (apt.devkitpro.org)... 104.26.7.219, 104.26.6.219, 172.67.72.146, ...
Connecting to apt.devkitpro.org (apt.devkitpro.org)|104.26.7.219|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2026-01-06 14:52:42 ERROR 403: Forbidden.

root@hostname:~# wget -U "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/120.0.0.0" https://apt.devkitpro.org/install-devkitpro-pacman

--2026-01-06 14:56:53--  https://apt.devkitpro.org/install-devkitpro-pacman
Resolving apt.devkitpro.org (apt.devkitpro.org)... 172.67.72.146, 104.26.7.219, 104.26.6.219, ...
Connecting to apt.devkitpro.org (apt.devkitpro.org)|172.67.72.146|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 811
Saving to: ‘install-devkitpro-pacman’

install-devkitpro-pacman                  100%[=========================================================================================>]     811  --.-KB/s    in 0.002s

2026-01-06 14:56:54 (517 KB/s) - ‘install-devkitpro-pacman’ saved [811/811]

root@hostname:~#

modifying the install script to lie about the user agent with the -U flag also helps the install script proceed.

/opt/devkitpro/pacman/bin/pacman -S gba-dev proceeds afterwards, but I'm not familiar with pacman to verify if it pulls assets from the domain.

Environment?

I've only tested so far in Ubuntu 24.04 on WSL2

root@hostname:~# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.3 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
root@hostname:~# uname -a
Linux hostname 6.6.87.2-microsoft-standard-WSL2 devkitPro/pacman-packages#1 SMP PREEMPT_DYNAMIC Thu Jun  5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
root@hostname:~#

WSL version: 2.6.3.0
Kernel version: 6.6.87.2-1
WSLg version: 1.0.71
MSRDC version: 1.2.6353
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26200.7462

Additional context?

Gemini assisted in troubleshooting the issue (particularly w/r/t parsing the html to find cloudflare artifacts) but not the authoring of this bug report.

The LLM, unsolicited, recommends the following fix. I do not have the requisite experience with cloudflare to verify the recommendation's accuracy:

They may need to create a "Page Rule" in their Cloudflare dashboard to bypass the security check for that specific URL so that the wget command in their instructions actually works for users.

I may not respond to this issue, so close it at your discretion. Thank you for all your work.