Automatic downloading of Typst packages stopped working in Gitlab runner / Docker container

I have been using a Gitlab runner in a Docker container to compile some Typst documents, without problems, until recently. If I now compile a document in the container which does not require new packages, it still works fine, but if I use a package that requires downloading, the process hangs until the Gitlab runner timeout is reached. A typical example output would be:


#16 [11/35] RUN echo hi > tmp.typ
#16 DONE 0.2s
#17 [12/35] RUN typst compile tmp.typ
#17 DONE 0.2s
#18 [13/35] RUN echo '#import "@preview/cetz-plot:0.1.3"' >> tmp.typ
#18 DONE 0.2s
#19 [14/35] RUN typst compile tmp.typ
#19 CANCELED
ERROR: failed to build: failed to solve: Canceled: context canceled
WARNING: step_script could not run to completion because the timeout was exceeded. For more control over job and script timeouts see: https://docs.gitlab.com/ci/runners/configure_runners/#set-script-and-after_script-timeouts
ERROR: Job failed: execution took longer than 1h0m0s seconds

So a file containing just hi compiles fine, but a file containing #import "@preview/cetz-plot:0.1.3" as well, will hang in the compilation process without output for an hour, until the timeout is reached. Also, if I use the same package that was downloaded to a Docker container before the issue appeared (somewhere between 3 months and a week ago), then I can still use that package without problem, so the issue seems to be in the downloading. I tried downloading a different package instead of cetz-plot, and that gave the same result.

I first noticed this problem when upgrading from Typst 0.14.2 to 0.15.0. The behaviour seems to be the same in both versions.

  • Is there a way to have Typst generate more output, so I can find out what the problem is?
  • Or can anyone maybe guess what the problem is so I can solve it?

My only clue is that earlier this/previous year downloading from https://upload.wikimedia.org/ using wget suddenly stopped working, and I had to add extra arguments --retry-on-http-error=429 --waitretry=10 --tries=5 --user-agent... to make it work again. Do the Typst package servers maybe have a similar protection against unauthorised use that require some extra settings to be download from a Docker container or Gitlab runner? I am aware that I may be expressing myself a bit vague here, but I don’t really understand what the rationale is behind those wget arguments, and I am also clueless since Typst does not show any output during a failed attempt to download a package.