Received: (at 71238) by debbugs.gnu.org; 4 Sep 2024 22:02:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 04 18:02:59 2024 Received: from localhost ([127.0.0.1]:35605 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sly5a-00022Y-OV for submit <at> debbugs.gnu.org; Wed, 04 Sep 2024 18:02:59 -0400 Received: from lab.riabenko.com ([185.143.146.30]:57348) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <roman@HIDDEN>) id 1sly5Y-00022J-Nt for 71238 <at> debbugs.gnu.org; Wed, 04 Sep 2024 18:02:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=riabenko.com; s=selector; h=MIME-Version:Content-Type:Date:To:From:Subject: Message-ID:From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=pp1oeE/FyyjYU4mH9iQ0txNDVpUS1OB7pMLhdZfqRqE=; b=YieG0S/5mQ6UVIJZvRSzbKCldY NfRmqC8k0ufOFbiYXZcA+dIOTqe13O9dU+ZQ/ZIvOqH9/wBTNMTR4NDXDzprAv2Qzp//H4pSnqYQr 3ctDxbxDBEXbUW7wcp2TWOpchyj84Bp6hJb3JHGdC4T/eGIdD8Aee8loi8i7ndxbVGE8slu3rRyg3 s2tDA6McstKEOHnXbsD8UBHo79IEgLWohDOV76atE6/p8d4A9aEr85iKN0DW/GLGHCMkUWdgZbXo9 ru/gOaC6OWCay+mAwUCwff0R5LZyMVGElAYKFFxmqaylO/pcv8z0iIA5mukYl2GmjIGMdsEMKPMtq v43pm9QQ==; Received: from [192.168.33.1] (helo=[192.168.88.18]) by lab.riabenko.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98) (envelope-from <roman@HIDDEN>) id 1sly4Q-000000000HC-1HdF for 71238 <at> debbugs.gnu.org; Thu, 05 Sep 2024 01:01:47 +0300 Message-ID: <f8a54bfc0ca0b90087943da0ba4c3cb1c6043fd6.camel@HIDDEN> Subject: Re: Installer image consistently fails to run system init due to TLS error From: Roman Riabenko <roman@HIDDEN> To: 71238 <at> debbugs.gnu.org Date: Thu, 05 Sep 2024 01:01:36 +0300 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-PkvC8z4CcTPW7838dJL9" User-Agent: Evolution 3.38.3-1+deb11u2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71238 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-PkvC8z4CcTPW7838dJL9 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello I had a similar issue with a 6to4 tunnel but I guess that the same cause may be relevant to a VPN or some other type of connection that affects the MTU. The pull operation would fail sporadically, usually on the same package =E2=80=94 most of the time that would be a relatively large package like th= e kernel but not necessarily. The failure would often be a TLS failure but I found it to be a common failure when there is a connectivity issue because it is the TLS that tries to establish or restore the connection. I admit that I had similar issues with connecting to just a few seemingly random websites over the tunnel, but the download of substitutes from the bordeaux server seemed to be the most affected. The tunnel customer support suggested that it is an MTU issue. I tried a lot of different MTU values. Some of the values I tried fixed all my connection issues except for the pull operation until I found how to set up the tunnel in a way that automatically discovers and changes the MTU dynamically. I thought it was too specific to my router, so I posted my findings elsewhere: "How can I set up 6to4 on MikroTik and configure MTU to fix connection failures and update guix?" https://superuser.com/q/1808662/1203531 I recently followed a link to this bug report from a help mailing list thread: "guix pull/guix upgrade often fails over VPN with TLS error message" https://lists.gnu.org/archive/html/help-guix/2024-09/msg00014.html I found the descriptions of the issue familiar, so I am sharing an idea that it might be related to the MTU of the connection to the substitute server. Roman --=-PkvC8z4CcTPW7838dJL9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEbyuIUwJNVUrtp3hK60bLvjKDmmkFAmbY2MAACgkQ60bLvjKD mmmsEBAAnJ5hoqbTNcoX/cle5W7SjXG1hp4/c0LitAnTC/k7W6piOrH0cJtqeKHp v03HQiy1FSMBa+p4SO73RM82lP2pKEziTqXHkF4wkdw0SmKsZVDDnwazczaCM0yj nMP/yOe3PjJ5k2AkjVhEXeaR3maiLsNslYbXYBnzdP6da0D0L5mQXRSkGGpJif/S RJaefh8kclRWxEyT9M2bvzZZq4ihruYAxqF4NVbWkfgCuSeyhnAEzbHqW3RXXggw wotwIJ6tNtBtgKQkOTZAPS5R2uLcdk6A3bvXSfa1I5QrG6freCZqpNpitn+bjwWO rxWfoLH2uMEyy51dEx4Dmg15npDcZpdtZ+4sh0StbkhjyPOtDrf4yMYBA/DFv1GS xlTG1KCkWlrrBw9qpnGNzQZx/syUhy9kFDL4wFdW/U9TdlWbk7vo3xpK1DMaG5y/ ewnCwOsvpSuUkX0npSqAfUKkLC2ONdQ0RFjI4TDdVHoGukoQ5xplALhy0WHiyp43 wHFnwwzzEsAFhMXBGa29ich5PuTv4KxEn9eMOgYQcQFWf8zEky47a33KVM0IOtkk LniK2zFZgSvlbWiJ7GD4jOymJniY2GMHWKjdgoJSMDGy6neX7nlNcKVewXpyYKFy MjIIj6nZOPxzDgatMsiX0aqyeFhBjQDCHkP3heO55cUCTuEC0dQ= =6W2U -----END PGP SIGNATURE----- --=-PkvC8z4CcTPW7838dJL9--
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at 71238) by debbugs.gnu.org; 13 Aug 2024 11:39:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Aug 13 07:39:09 2024 Received: from localhost ([127.0.0.1]:44543 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sdpro-000440-VJ for submit <at> debbugs.gnu.org; Tue, 13 Aug 2024 07:39:09 -0400 Received: from mout.web.de ([217.72.192.78]:45379) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jonathan.brielmaier@HIDDEN>) id 1sdprn-00043N-9C for 71238 <at> debbugs.gnu.org; Tue, 13 Aug 2024 07:39:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=web.de; s=s29768273; t=1723549100; x=1724153900; i=jonathan.brielmaier@HIDDEN; bh=ShCN0R6lfhsu3+SXvDlHJW/HH7fTKqPMBodYjcRUtqM=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:To:From:Cc: Subject:Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=EGPlCtCa/8Pn7q/baI5yNDLcJhtNRdYeyZ+TLJdWd/oGw+voHR1k50TNaqzBnFwq /+uMPDDv1VyV4zB2OxQShUUybBys5h4oKF45g4KQApLXz9EEgg5cIw+UHeCl97Tee TTlxuHAR6fcAJFyjZefm5iBnvfZW1xvgjIZOkEqX6sq/A90nJTSF6J8dro2k7aUkD D9L6P+lSDm6WQmdetZJCbMHYkIPlBSMCykAQArgcaOSZldHM7lal14EdqrU6R+U8J eX069UhLNbVSDiFCy7SgSObGu0Zi3KsgXhrdjdlbXgSWrLHUCqMT+cWWyRjF6HcEI DvH32EKdhvOU//jydg== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.158] ([31.25.46.97]) by smtp.web.de (mrweb106 [213.165.67.124]) with ESMTPSA (Nemesis) id 1N7gbY-1s8bqo2rkA-016UFA; Tue, 13 Aug 2024 13:38:20 +0200 Message-ID: <96e0f564-2816-b9bc-9f48-544be8e665fc@HIDDEN> Date: Tue, 13 Aug 2024 13:38:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 To: 71238 <at> debbugs.gnu.org Content-Language: de-DE, en-US From: Jonathan Brielmaier <jonathan.brielmaier@HIDDEN> Subject: Installer image consistently fails to run system init due to TLS error Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:KNT5qA3B5P4Frortn1F8GGwlrwO1cxfWUKSWe7ESyZ6lyfQNswE DAX8L7sGKWs24agf++UxwJD1C5UuPZFxD8IsSx5JDZ7WWe0gxo9RZDb0/VEbtWC68motFI/ 5D+kueuJ1q1UpSrcqerVXCcUXRuxgbcxPe0oFsRGZjz+Mrg6nsUGWKsZ7GK2tRBWrCI4GyH Y5f4mE+8npNkT9dP8HNyA== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:BifOGpDhu5w=;ACRDLkzj5JeCh4KEzLJpEuPYmeB OhY9I4uqanExCgDY0gcfTVcnuddjxipbGSyh4lVBTvOBnm8yIZigIneT5cygRA5L23viJmTYd LQXhEInT5tRnzy9WHKdNSw/5Rfbw5vhRUfTGJUdTtMFb6O/pH9bFTEYFOh+OJj3rRX/oLupEC OphQkSq7Ih9k9FfhtXAxmzaMxrsrSyY9ddvBhFOqrAwI3fGnCYraf6ovE7+4aEiFthcsEvyzr OCS6SNCY6SBZVj6AnruxPtINnU/GHmQ4p8D4UbMtjIbElwPbowO6xRBA5n7S9K4gGcKwwzDgx M64gFKm36e56i5tHTOX2MJ5gWYyJCqKAte5ib8jFAFpFKOJlE2WxgF8ywmq56y7yMCjMJY+/7 0WCIgcueR/4qXor1WXgNhS9uJaWM8VF+Ho81GZcJUzSQWf/0VCsXDvPwKPxoaQoXxVkAIfykt cfI62JsOB4P9lddgBWz2KZQGAE6BQltlxDfFaoLOgP7AQIazp1FS+qQjLFsJ5QhJTgMc+8P8D Hq0ZcZu7V+0AGzgLqifxktQkcyaI/BXmF+enZ8nRN41FzNGwV3ZrRUCaHtHh1v90PWrmdZl6l zhzsAkmTagKoemOgp2I+2vPtOLAwaXOS3N1x2SWzg10pDwBkZgoP1mho2XwgfbhEgjM3BZ3I6 YTjclPgSxtZDa/lOxMZPysZOZb/8PdJ7fCWY48K3IAc1TkZAfGasoNE+7/WFgsX+M0qLkTCS/ /FYsbMf45t+MP1XHZudUurauSKY0nxbC5xRqkEpP3yIO1gWYt56zzYptRdlGXf7WkQW4TLu5m +Z7uqRm+9RrDx9sB4RlUH6RQ== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 71238 Cc: Christopher Baines <mail@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) [CC'ing Chris as bordeaux expert] I'm affected by this issue as well. On both my desktop machines with Guix System installed for quite a while (so not in the installer). It also happens at different ISPs: * Telefonica O2 DSL, Germany * NetCom BW (ASN 47297) On one machine I removed the bordeaux server from the substitutes servers as this is super annoying. On the other I'm in the proccess of removing it... ~Jonathan
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at 71238) by debbugs.gnu.org; 10 Jun 2024 06:00:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 10 02:00:36 2024 Received: from localhost ([127.0.0.1]:35886 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sGY55-0001se-Mj for submit <at> debbugs.gnu.org; Mon, 10 Jun 2024 02:00:36 -0400 Received: from mail-qv1-f45.google.com ([209.85.219.45]:51333) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <adanskana@HIDDEN>) id 1sGY4z-0001sA-1t for 71238 <at> debbugs.gnu.org; Mon, 10 Jun 2024 02:00:34 -0400 Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-6b064c4857dso10065816d6.2 for <71238 <at> debbugs.gnu.org>; Sun, 09 Jun 2024 23:00:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717999146; x=1718603946; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:references:subject:to:from :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=dIwzYNCiE9pGWXm3v5dr/gs3lCOlfVWn/Z2Ym7wZ+T8=; b=B1ywpVGWmwe4Nz0EzEef+IKrguJDJbarotAagSI2PDHYuumQkJRQJf5YbtuXGmUScY jihbTJEq7Ghez5pO3GhJyiOS+cgcv9ZTZc5GYqk6OHcmlFEcu1zvmLycJpxV31qA4l41 vT6r15aYYckYikpH97IyGJf3hLXLaiQiN4gYndE5RdLIyS5JPJgyxkHAd1RxrQK10JKV qeRFgPaU1YUmHIOyTZtEarVLjr4v630rqjOOD/zKOaHkXx+XZhWrsyJEOWIuS+b0Kx25 pvNW74NrCoU2y7YMdK+FIMHjIN/Zzw4aFr9A/XfBaqS/aSqjPg8c8pMgHIjVCGnEfgK5 lpFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717999146; x=1718603946; h=content-transfer-encoding:in-reply-to:references:subject:to:from :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dIwzYNCiE9pGWXm3v5dr/gs3lCOlfVWn/Z2Ym7wZ+T8=; b=nXhSrZmITnT9CXZGPZGfzJ3mKnBGNUhmFO+1jAXaH0UdQjZxy3QwKx2eRlgBC3nRvt 7V7fKJDrNgfzvF9tqIOVzH7tTqq394z7Cw1fyOfmjGIXa2Qa8b/8ZQSrWq0ql1G4dBnN 4FnRv1eGhLYAGxyxI8MJOJtUI34RM6t1S3vPnCSIbr0HW1F9XSg1zIUD56WPOvsan+/V zTXbI2v/AkwfcMe2OAlUnliK5Fm4V6GWgUneE/ty1YNoBHc/2j4gTmmL/m+FQgUUvgks Z5UlrSSTdL8wFa+ONGFDvhEZ79CwGEwEatwojUGhW03GP1CkSSN4mUjMuhAcfs4DwWzJ IxdA== X-Forwarded-Encrypted: i=1; AJvYcCWfFRG1nDx3Li/aSjyX/bIuOGXfw4o4H2YzS3FohXcwqgeXhupy4ylL669cJN2kPD/+3NVidalnsx5U4a/7Uj39aNVysxY= X-Gm-Message-State: AOJu0YxRR305z2KqeVNsPLYLNiVg/FvtjeNqRTKj7qWY19K5Yp1hlb6d +EI3b2fR3R/y4T6CW9DaY4Y40ig4jH32MPVE/VgpYsGfTlJH6ZYfCKMRpxSA X-Google-Smtp-Source: AGHT+IHWN4V5HnHbpPqyopUMCbXn+8UffY6EXYIKWH7uQyZcFuLKWONESL6gje26oUtAuqr+JOQyng== X-Received: by 2002:a05:6a20:d80f:b0:1b5:ecc:a964 with SMTP id adf61e73a8af0-1b50eccab24mr5192344637.31.1717997636515; Sun, 09 Jun 2024 22:33:56 -0700 (PDT) Received: from [10.143.113.222] ([130.95.40.103]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7059534a4c4sm1090737b3a.36.2024.06.09.22.33.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 09 Jun 2024 22:33:56 -0700 (PDT) Message-ID: <0c00df03-8ba7-c5d2-3a16-afb5175fb00e@HIDDEN> Date: Mon, 10 Jun 2024 05:33:50 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 From: adanskana@HIDDEN To: Richard Sent <richard@HIDDEN>, 71238 <at> debbugs.gnu.org, lars.bilke@HIDDEN, ludo@HIDDEN, ekaitz@HIDDEN Subject: Re: bug#71238: Installer image consistently fails to run system init due to TLS error References: <87plt692ky.fsf@HIDDEN> <87a5ka8y5e.fsf@HIDDEN> <87y17u7dfu.fsf@HIDDEN> <87h6ehl7db.fsf@HIDDEN> In-Reply-To: <87h6ehl7db.fsf@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 71238 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi all, On 29/05/2024 01:44, Richard Sent <richard@HIDDEN> wrote: > Richard Sent <richard@HIDDEN> writes: > > > 1. There was a transient network issue for ~3 hours when I attempted to > > install Guix ~4 times using different installation media that caused a > > specific TLS handshake to fail. > > > > 2. A specific TLS handshake Guix undertakes during the installation > > process fails to pass one of the built-in firewall rules shipped with > > opnsense. > > > > 3. Some other odd aspect of my network messes things up for a specific > > TLS handshake. > > > > My money is on 2 given how this is a seemingly common issue on > > enterprise networks [1] and the rules I have added seem irrelevant. (I'd > > rather not talk openly about my firewall rules in an archived public > > forum, but can discuss off-list). However, there is another comment in > > that thread that says IT didn't notice any firewall blocking. > > I ran the 1.4.0 installer again today behind my opnsense router and it > completed successfully, which is horrifying. I was hoping starting from > a constant image would make the error reproducible but that doesn't seem > to be the case. Even with a consistent system image and network, it's > only reproducible for somewhere between a few hours and one day. Perhaps > server load plays a part? > > (Technically my process was a little bit different. Instead of fully > completing the graphical installer I swapped to a TTY after activating > the wired connection, mounted the root fs, and run $ guix system build > /mnt/etc/config.scm, where config.scm was unmodified since initial > installation. I'd be stunned if this caused the change in behavior but > figured I'd mention for completeness.) > > I've mananged to reproduce this bug. First, I run `sudo guix gc delete-generations && guix gc -d 2w` to clear my store. Then I run `guix upgrade && sudo guix system -L /home/ada/dotfiles/guix/ reconfigure --fallback /home/ada/dotfiles/guix/ada/system/kissakoira.scm` to redownload all of those deleted store items. The process 9/10 will fail halfway through the upgrade process. Then, a retry will work without a hitch. Even re-gc-ing my system will not let me reproduce the bug - I need to restart my system. Then, the likelyhood it works is 7/10 until the next day (just my perception). By the way, this is on my university's network. I managed to capture the problem happening under strace using this command `strace -ff -tt -o log_up.strace -s 500 guix upgrade && sudo strace -ff -tt -o log_sr.strace -s 500 sudo guix system -L /home/ada/dotfiles/guix/ reconfigure --fallback /home/ada/dotfiles/guix/ada/system/kissakoira.scm`. I've uploaded the logs to my Google Drive[1]. You can use `strace-log-merge log_up.strace` to view to merged logs. As I can reproduce this error fairly consistently now, please let me know if you want me to run any more tools to capture more data. Warmly, Ada [1] https://drive.google.com/file/d/104DVqyMLGRi4imWzvFQ6TahAiRRKdR4_/view?usp=drive_link
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at 71238) by debbugs.gnu.org; 29 May 2024 01:44:46 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 28 21:44:46 2024 Received: from localhost ([127.0.0.1]:39314 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sC8Mw-0006fD-3X for submit <at> debbugs.gnu.org; Tue, 28 May 2024 21:44:46 -0400 Received: from mail-108-mta88.mxroute.com ([136.175.108.88]:36679) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <richard@HIDDEN>) id 1sC8Mu-0006f4-Gu for 71238 <at> debbugs.gnu.org; Tue, 28 May 2024 21:44:45 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta88.mxroute.com (ZoneMTA) with ESMTPSA id 18fc20528a3000efce.001 for <71238 <at> debbugs.gnu.org> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Wed, 29 May 2024 01:44:29 +0000 X-Zone-Loop: 5505f23ea5e67f6101096d06ce6940f857329472fc6e X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZhXwP+J+MGt/Zj/gKo41hTwhcSKkaTmh+JAoyLlnAhk=; b=Lsdtf0a8M2FjAFQ2xDO7YxBD2/ eTv6oR3B6hrrLFHVQYqjhh7uwLkYlvNH/JIfxwNMylBf4hmPKJFtgqDk7f9+Gwu3Ggr3OgTx27+Oh /TLL/lDJUNrNuOB1zmpkerIahgroilqNrtljO+1YCx+9YGvwDpNmchjc12+hBe0m3yfP0J7IxtA31 1OE2Jkf3gWUuFJwN8qBW5Jk7nhffVaqQJmoWl4TeUn3uza9UWfJcinpTpsKtOEZQEUifLioIIQmfA ghf5nW1zntsv2hKPME1fk3XVtmXCWLseyc6HJq0KQHMnTLs7iNgfVu4nZbrxMh4XJblheJk9oaVR5 9+wNG/2w==; From: Richard Sent <richard@HIDDEN> To: 71238 <at> debbugs.gnu.org Subject: Re: bug#71238: Installer image consistently fails to run system init due to TLS error In-Reply-To: <87y17u7dfu.fsf@HIDDEN> (Richard Sent's message of "Tue, 28 May 2024 00:44:37 -0400") References: <87plt692ky.fsf@HIDDEN> <87a5ka8y5e.fsf@HIDDEN> <87y17u7dfu.fsf@HIDDEN> Date: Tue, 28 May 2024 21:44:16 -0400 Message-ID: <87h6ehl7db.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: richard@HIDDEN X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71238 Cc: adanskana@HIDDEN, lars.bilke@HIDDEN, ludo@HIDDEN, ekaitz@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Richard Sent <richard@HIDDEN> writes: > 1. There was a transient network issue for ~3 hours when I attempted to > install Guix ~4 times using different installation media that caused a > specific TLS handshake to fail. > > 2. A specific TLS handshake Guix undertakes during the installation > process fails to pass one of the built-in firewall rules shipped with > opnsense. > > 3. Some other odd aspect of my network messes things up for a specific > TLS handshake. > > My money is on 2 given how this is a seemingly common issue on > enterprise networks [1] and the rules I have added seem irrelevant. (I'd > rather not talk openly about my firewall rules in an archived public > forum, but can discuss off-list). However, there is another comment in > that thread that says IT didn't notice any firewall blocking. I ran the 1.4.0 installer again today behind my opnsense router and it completed successfully, which is horrifying. I was hoping starting from a constant image would make the error reproducible but that doesn't seem to be the case. Even with a consistent system image and network, it's only reproducible for somewhere between a few hours and one day. Perhaps server load plays a part? (Technically my process was a little bit different. Instead of fully completing the graphical installer I swapped to a TTY after activating the wired connection, mounted the root fs, and run $ guix system build /mnt/etc/config.scm, where config.scm was unmodified since initial installation. I'd be stunned if this caused the change in behavior but figured I'd mention for completeness.) -- Take it easy, Richard Sent Making my computer weirder one commit at a time.
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at 71238) by debbugs.gnu.org; 28 May 2024 05:59:15 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 28 01:59:15 2024 Received: from localhost ([127.0.0.1]:45574 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sBpre-0000jf-Mq for submit <at> debbugs.gnu.org; Tue, 28 May 2024 01:59:15 -0400 Received: from mail-pf1-f176.google.com ([209.85.210.176]:53447) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <adanskana@HIDDEN>) id 1sBpWc-0000Ct-75 for 71238 <at> debbugs.gnu.org; Tue, 28 May 2024 01:37:31 -0400 Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-6f69422c090so317388b3a.2 for <71238 <at> debbugs.gnu.org>; Mon, 27 May 2024 22:37:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716874575; x=1717479375; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:references:subject:to:from :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=9zfbEh1o0wYmlXoGKpop1cd7dYhWEvyx4b7htLvbRYs=; b=GTL0ravpg/5FEyBVQvC9RmBmv1/iVsBcd+APIP5LuVE1UWpRAiU6krpPCz7mC3/Vts N+uMmNStRHz5LuUIZhOqsHnywF1nA0Z0ppkLJv7pwN5zZjDSIm+VZICMdYCd5mYeoAjX qlh3LLvgeSI1+1U+21Roxn7Wvpv0L26wLqAVapNHQUXuD0dtgPA6CNxZOL/eh+D2+bAe qPqHy4NxqHz7EbeCIhvRrwCTeQvmO8SrTbrZjCPY72VU5FatY73wlLh2E+CQdIGnWJMu tScoZ0BwbqoZo2gohspbD1MF0cXyqHI4oZgVWue7JxyeQpwiANeeBha++ZqM4P2yz6ez Y/Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716874575; x=1717479375; h=content-transfer-encoding:in-reply-to:references:subject:to:from :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=9zfbEh1o0wYmlXoGKpop1cd7dYhWEvyx4b7htLvbRYs=; b=TqQ6JcXUd+j38yZ5fpKTFMFZ83tWSgWo5BhD+TNS1bpaslxJ+9AQx4TZpP+ufhrAsn 8qVNP+80+pHwi5jv3YeALsFIDFGMPBjqr29Q+vYPXvkVECuGCr+kZEW9cuz2JxxPk2EQ 0rHXMnb4jFB8imxXvF3WzrngfpGzk/ztWElEyrLp8YELoAhu94KuPfxisys7+94xYE3g i1VZUo5J77CGDF4XIF3qzoIbyxLOm7CND6DmnQFOXjGpH9m9YlVic/L7MKbhx0MTXfA6 xHpo3pZw40XdlkHOcQJmaEBNx2BLJNDxD+0z4ra+4gM7neWKH963BUjwB6TctSre6N9F ENsg== X-Forwarded-Encrypted: i=1; AJvYcCVJiAkWPYDQFv/0jdNNxXQ+CqTbLQcDX6b6jrp7edlzN15j0Tfy/xdI8th5EVcoj2OQ3e6INdtX8JeeZcwHpVrNzafXK04= X-Gm-Message-State: AOJu0YxTqx+QXKPd64i0ADkOwIMK6J7lBFU4kB2z5UPFTheo+LEsbZai JKqWd21qtehWm7RHw+C1e6OYqdeR1Q6VMpOj07nI/DQa+F/Z1iaf X-Google-Smtp-Source: AGHT+IHAeuTMx6dESxKShm9cD6thOQR3XdnTp5neJzgaWw73HoIGRr2h4qPmdgyB1YSa43hJFVJqgw== X-Received: by 2002:a05:6a20:6a1f:b0:1af:8fa8:3126 with SMTP id adf61e73a8af0-1b212cc7643mr12667040637.6.1716874574772; Mon, 27 May 2024 22:36:14 -0700 (PDT) Received: from [10.143.113.222] ([130.95.40.104]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f44c97104fsm71633445ad.144.2024.05.27.22.36.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 May 2024 22:36:14 -0700 (PDT) Message-ID: <e69e8246-5835-5e56-a0f8-c7b54ec4b3b1@HIDDEN> Date: Tue, 28 May 2024 05:36:09 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 From: adanskana@HIDDEN To: Richard Sent <richard@HIDDEN>, 71238 <at> debbugs.gnu.org, ekaitz@HIDDEN, lars.bilke@HIDDEN, ludo@HIDDEN Subject: Re: bug#71238: Installer image consistently fails to run system init due to TLS error References: <87plt692ky.fsf@HIDDEN> <87a5ka8y5e.fsf@HIDDEN> <87y17u7dfu.fsf@HIDDEN> In-Reply-To: <87y17u7dfu.fsf@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 71238 X-Mailman-Approved-At: Tue, 28 May 2024 01:59:13 -0400 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.4 (----) Hi Richard On 5/28/24 4:44 AM, Richard Sent <richard@HIDDEN> wrote: > Richard Sent <richard@HIDDEN> writes: > > > What the heck is going on here? Those two images are wildly different > > and are downloading wildly different sets of substitutes. > > Bad news. I connected my device to a different network with just an > ordinary consumer router and the installation succeeded (using the guix > 00384aed media). Ordinary my devices are behind a opnsense router with a > /very/ lightly-customized firewall. To me, this means there are three > possibilities, none of which is particularly comforting: > > 1. There was a transient network issue for ~3 hours when I attempted to > install Guix ~4 times using different installation media that caused a > specific TLS handshake to fail. > > 2. A specific TLS handshake Guix undertakes during the installation > process fails to pass one of the built-in firewall rules shipped with > opnsense. > > 3. Some other odd aspect of my network messes things up for a specific > TLS handshake. > > My money is on 2 given how this is a seemingly common issue on > enterprise networks [1] and the rules I have added seem irrelevant. (I'd > rather not talk openly about my firewall rules in an archived public > forum, but can discuss off-list). However, there is another comment in > that thread that says IT didn't notice any firewall blocking. > > >> Sometimes, usually when I'm on an enterprise network like my > >> university's of library's wifi, the `guix substitute` process dies > >> with a "TLS error in procedure 'write_to_session_record_port': Error > >> in the push function" error message. My connection is rock-solid > >> otherwise, and sometimes it doesn't happen at all. I was actually going to reopen this issue, as I'm still encountering this bug in the exact same scenarios. Nothing has changed at all. > > I get the same error on guix pull almost always when I am on my > > enterprise network. Re-running guix pull a second time also almost > > always then runs fine. I checked with our IT: nothing suspicious on > > the network, i.e. no firewall blocking. > > Running Guix pull to work around the problem is great...... unless > you're trying to install Guix via the guided installer! :) In my case it > also wasn't guix pull that was failing. > > I want to emphasize that the error occured in the same phase of the > installer every time, it was not the first handshake, no other machine > has ever had this issue, and the installer was (3/4 times) on a commit > that should include the fix described in [1]. > > I'm happy to assist with debugging this, although I'm not some TLS > networking genius so trying to solve it outright is probably beyond me. > I'd also LOVE to hear if other people using a largely stock opnsense or > other firewall software encountered this issue, particularly with the > installation media. Same, I'm happy to assist. The test that Ludo' provided to try and reproduce the bug doesn't work as referenced in previous emails. Is there some way I can attatch a debugger to a guile process running `guix upgrade` or something like that? > > At some point I'll attempt to gradually "de-enterprise" parts of my > network and see exactly when (if ever) the problem is resolved. Due to > the nature of the problem, reliably reproducing it in the future will be > a challenge. > > CC'ing people involved in [1] because this is just so weird and I don't > want it to be consigned to the dustbins of history. I don't think we > heard anyone with the issue explicitly say the fix resolved or at least > mitigated the problem. Thanks for CC'ing me. Yes, the problem was never resolved. For someone just upgrading their system, it's annoying, but can be mitigated pretty easily. For someone trying to install Guix, on the other hand, this is a intensely annoying problem. After my exams are finished in a couple weeks I want to try and fix this problem and also upgrade GRUB to fix issues with it recognising ext4 partitons with certain features enabled properly. > > [1]: https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00150.html > > Anyway, please let me know how I can help. If someone could help me attaching some sort of debugger, I can reproduce the error fairly easily on my uni's wifi if I do a `guix gc -d 2w && guix upgrade && sudo guix system reconfigure config.scm`. The sheer number of substitutes downloaded seems to be enough for it to happen at least once. Warmly, Ada
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at 71238) by debbugs.gnu.org; 28 May 2024 04:45:13 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 28 00:45:13 2024 Received: from localhost ([127.0.0.1]:45534 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sBoi1-00077E-1R for submit <at> debbugs.gnu.org; Tue, 28 May 2024 00:45:13 -0400 Received: from mail-108-mta195.mxroute.com ([136.175.108.195]:40087) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <richard@HIDDEN>) id 1sBohy-000771-3U for 71238 <at> debbugs.gnu.org; Tue, 28 May 2024 00:45:11 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta195.mxroute.com (ZoneMTA) with ESMTPSA id 18fbd840406000efce.001 for <71238 <at> debbugs.gnu.org> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Tue, 28 May 2024 04:44:56 +0000 X-Zone-Loop: cf4578001fc44c7e31fadf81839a149cd7427d3f9ef8 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Content-Type:MIME-Version:Message-ID:Date:CC: References:In-Reply-To:Subject:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=H4kN0o2951uPhi9djB4EziXi1S/SopNUP+/FstUFjjo=; b=E1ueFHMfHRTFAOhaJWW+g5rvbK b6WaXSwQ7i3XCKumjmgKp1v1Hx/Kpyu8hmoO+J5AXed/6q5/fnb9KfGA78VILsko4QRSgFQoxwo5G EloFQWpSvABJbNBBecRC5YpOgjv8t9jelFccInF7V/eRuKtSfWozMybvnqRO0bVavxm3SmP6EOcxu 6MOoY3HPS2dmCEsaeHUjjxinJRa36IWEEx7jZ4qAEdQDM0bUNP2sFEIhgQeKtSZxnyIwXN0/7IHQG JuA0wJSvMrUqUvF7bVFtKtPgHNBtYws574SyfR6cIW9vKshjiJAfvD/cRh4UDcKbj3nh0PhlfYKTw 9gqTZgAQ==; From: Richard Sent <richard@HIDDEN> To: 71238 <at> debbugs.gnu.org Subject: Re: bug#71238: Installer image consistently fails to run system init due to TLS error In-Reply-To: <87a5ka8y5e.fsf@HIDDEN> (Richard Sent's message of "Mon, 27 May 2024 22:31:57 -0400") References: <87plt692ky.fsf@HIDDEN> <87a5ka8y5e.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Date: Tue, 28 May 2024 00:44:37 -0400 Message-ID: <87y17u7dfu.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: richard@HIDDEN X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71238 Cc: adanskana@HIDDEN, lars.bilke@HIDDEN, ludo@HIDDEN, ekaitz@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Richard Sent <richard@HIDDEN> writes: > What the heck is going on here? Those two images are wildly different > and are downloading wildly different sets of substitutes. Bad news. I connected my device to a different network with just an ordinary consumer router and the installation succeeded (using the guix 00384aed media). Ordinary my devices are behind a opnsense router with a /very/ lightly-customized firewall. To me, this means there are three possibilities, none of which is particularly comforting: 1. There was a transient network issue for ~3 hours when I attempted to install Guix ~4 times using different installation media that caused a specific TLS handshake to fail. 2. A specific TLS handshake Guix undertakes during the installation process fails to pass one of the built-in firewall rules shipped with opnsense. 3. Some other odd aspect of my network messes things up for a specific TLS handshake. My money is on 2 given how this is a seemingly common issue on enterprise networks [1] and the rules I have added seem irrelevant. (I'd rather not talk openly about my firewall rules in an archived public forum, but can discuss off-list). However, there is another comment in that thread that says IT didn't notice any firewall blocking. >> Sometimes, usually when I'm on an enterprise network like my >> university's of library's wifi, the `guix substitute` process dies >> with a "TLS error in procedure 'write_to_session_record_port': Error >> in the push function" error message. My connection is rock-solid >> otherwise, and sometimes it doesn't happen at all. > I get the same error on guix pull almost always when I am on my > enterprise network. Re-running guix pull a second time also almost > always then runs fine. I checked with our IT: nothing suspicious on > the network, i.e. no firewall blocking. Running Guix pull to work around the problem is great...... unless you're trying to install Guix via the guided installer! :) In my case it also wasn't guix pull that was failing. I want to emphasize that the error occured in the same phase of the installer every time, it was not the first handshake, no other machine has ever had this issue, and the installer was (3/4 times) on a commit that should include the fix described in [1]. I'm happy to assist with debugging this, although I'm not some TLS networking genius so trying to solve it outright is probably beyond me. I'd also LOVE to hear if other people using a largely stock opnsense or other firewall software encountered this issue, particularly with the installation media. At some point I'll attempt to gradually "de-enterprise" parts of my network and see exactly when (if ever) the problem is resolved. Due to the nature of the problem, reliably reproducing it in the future will be a challenge. CC'ing people involved in [1] because this is just so weird and I don't want it to be consigned to the dustbins of history. I don't think we heard anyone with the issue explicitly say the fix resolved or at least mitigated the problem. [1]: https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00150.html -- Take it easy, Richard Sent Making my computer weirder one commit at a time.
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at 71238) by debbugs.gnu.org; 28 May 2024 02:32:17 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 27 22:32:17 2024 Received: from localhost ([127.0.0.1]:45503 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sBmdN-0003kF-B8 for submit <at> debbugs.gnu.org; Mon, 27 May 2024 22:32:17 -0400 Received: from mail-108-mta28.mxroute.com ([136.175.108.28]:35881) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <richard@HIDDEN>) id 1sBmdL-0003k7-Du for 71238 <at> debbugs.gnu.org; Mon, 27 May 2024 22:32:16 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta28.mxroute.com (ZoneMTA) with ESMTPSA id 18fbd0a527c000efce.001 for <71238 <at> debbugs.gnu.org> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Tue, 28 May 2024 02:32:01 +0000 X-Zone-Loop: b5aa27bae5323fbaadb24ae70f4f089494f772f6e6a5 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=eKTY7HBxw1r9FpNYTUFGEPZwyoTsHym/iOEwdY0+PV0=; b=du2pwCNztZFtaUrhQwtngv2moq 93xwjiOkMaTs+y1zZZ6QKZXMNi6/sUgTZx1Nm5pRTb9zeNrmpfh0h6MajdbdTEWCw5o+9A1PgfmLM RiA3btzRYBAOdmHWeGGpv7Ov/6vDoScO57F0mrFeNHfXMnEIyNmFXy2lqq9S7KAZFIU0bkSdaften lv7L7yIZ7OOi8f4xTHmqSrcbYletFPKSn0gfFP9gEMo3QUDQhBPSvN9j6NmFhOwbqiFW3igJwXYGS 47qwnUwq/fJoTfEuJ/DnCRYDo7Qwwhm6nakvQxAtYgi4NzRQbYmNAhHkQONY2/8BL5WbvaKMtZVr1 IwzjRNIQ==; From: Richard Sent <richard@HIDDEN> To: 71238 <at> debbugs.gnu.org Subject: Re: bug#71238: Installer image consistently fails to run system init due to TLS error In-Reply-To: <87plt692ky.fsf@HIDDEN> (Richard Sent's message of "Mon, 27 May 2024 20:56:13 -0400") References: <87plt692ky.fsf@HIDDEN> Date: Mon, 27 May 2024 22:31:57 -0400 Message-ID: <87a5ka8y5e.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: richard@HIDDEN X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71238 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) > Curiously this does NOT occur the first time substitutes are fetched. I > observed it occur three times when substitutes were fetched after Ruby > was substituted. I don't mean to say that Ruby is the problem (that'd be > crazy), just that the TLS error occurs at the same stage in the > installation every time. NOT randomly. > > I've never encountered this error before on any other Guix machine on my > network. The installation machine was using a wired connection. I have now tried the v1.4.0 installer and get a failure at (seemingly) the same point in the install, although the actual error is different. See installer-dump-22e789d5. What the heck is going on here? Those two images are wildly different and are downloading wildly different sets of substitutes. -- Take it easy, Richard Sent Making my computer weirder one commit at a time.
bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 28 May 2024 00:56:58 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 27 20:56:58 2024 Received: from localhost ([127.0.0.1]:45452 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sBl98-0006rB-2o for submit <at> debbugs.gnu.org; Mon, 27 May 2024 20:56:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:57748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <richard@HIDDEN>) id 1sBl95-0006r3-FQ for submit <at> debbugs.gnu.org; Mon, 27 May 2024 20:56:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <richard@HIDDEN>) id 1sBl8v-0004OG-N2 for bug-guix@HIDDEN; Mon, 27 May 2024 20:56:45 -0400 Received: from mail-108-mta244.mxroute.com ([136.175.108.244]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <richard@HIDDEN>) id 1sBl8t-0003yL-Lx for bug-guix@HIDDEN; Mon, 27 May 2024 20:56:45 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta244.mxroute.com (ZoneMTA) with ESMTPSA id 18fbcb2f2f5000efce.001 for <bug-guix@HIDDEN> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Tue, 28 May 2024 00:56:35 +0000 X-Zone-Loop: a0dfeb453bdaecde6f114bdc98eef742cc7f86766ee0 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iuqzcPjVU76M2ngA2rjf2OH4ICzOqdycQokJ1zaKJNs=; b=XpL+ZrEPCm1Y9VvP8BQoLDVqX2 Mn7G1gc4SIMciGw+dOr51NLCGhH/pczTQrPV8nHrmrZzXSn9CidgKe58WeA+ljDtAD3RLijcUsNi3 HK1M2RGcKT5CGXMI+lZk/bYCLlbCXbyKOTNCIOSYXJtIBQkOotKSPTxM7r3y6B1zbbBVxMPKiziQf FzP6Z7EI6pJlh8yUT2f1kbq2nlCWAvPBls5Y451Taeqd9vtnHvcxsydeevMLeFyQNL1xnHpExm3nS E/+QySGBIiXWIt7cipc+UbSvsd9ar25560PDUPTe9O76xIAB5yP0uVlPAIFjgVnXui/IcnXPA7LB/ /A1rGUGQ==; From: Richard Sent <richard@HIDDEN> To: bug-guix@HIDDEN Subject: Installer image consistently fails to run system init due to TLS error Date: Mon, 27 May 2024 20:56:13 -0400 Message-ID: <87plt692ky.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: richard@HIDDEN Received-SPF: pass client-ip=136.175.108.244; envelope-from=richard@HIDDEN; helo=mail-108-mta244.mxroute.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) Hi Guix! The dump was uploaded as installer-dump-2e7b5f8f. Here's the installer's error message: --8<---------------cut here---------------start------------->8--- May 27 22:15:49 localhost installer[708]: substitute: ^[[Kupdating substitutes from 'https://bordeaux.guix.gnu.org'... 0.0%guix substitute: error: TLS error in procedure 'write_to_session_record_port': Error in the push function. May 27 22:15:49 localhost installer[708]: guix system: ^[[1;31merror: ^[[0m`/gnu/store/rdjjpch9m9xv4rdhhr6sv044qd322pj8-guix-command substitute' died unexpectedly --8<---------------cut here---------------end--------------->8--- A Guix system installation generated via the following method consistently fails to install due to a TLS error when updating substitutes. --8<---------------cut here---------------start------------->8--- gibraltar :( guix$ guix time-machine -q -- describe guix 00384ae repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 00384aedbc6a371aaf90ca344a446952fdd5a6b3 gibraltar :) guix$ guix time-machine -q -- system image --image-type=iso9660 -e '(@ (gnu system install) installation-os)' guix system: warning: Consider running 'guix pull' followed by 'guix system reconfigure' to get up-to-date packages and security updates. Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'... Computing Guix derivation for 'x86_64-linux'... \ /gnu/store/x9a2nflpnfpr8i3n1759hw7wg2qv5mm8-image.iso --8<---------------cut here---------------end--------------->8--- Curiously this does NOT occur the first time substitutes are fetched. I observed it occur three times when substitutes were fetched after Ruby was substituted. I don't mean to say that Ruby is the problem (that'd be crazy), just that the TLS error occurs at the same stage in the installation every time. NOT randomly. I've never encountered this error before on any other Guix machine on my network. The installation machine was using a wired connection. Possibly related: [1], [2], [3], [4] Notably [3] claims to have a fix that was merged into Guix, but 00384ae is after said fix was merged (and yes, $ guix describe on the installer image does report 00384ae) [1]: https://issues.guix.gnu.org/66786 [2]: https://issues.guix.gnu.org/48903 [3]: https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00150.html [4]: https://issues.guix.gnu.org/70244 -- Take it easy, Richard Sent Making my computer weirder one commit at a time.
Richard Sent <richard@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#71238
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.