* guix pull/guix upgrade often fails over VPN with TLS error message
@ 2024-08-14 13:54 Thom R Harmon
2024-08-15 21:20 ` Thom R Harmon
2024-08-17 2:01 ` Thom R Harmon
0 siblings, 2 replies; 7+ messages in thread
From: Thom R Harmon @ 2024-08-14 13:54 UTC (permalink / raw)
To: help-guix
tldr; guix substitute: error: TLS error in procedure
'write_to_session_record_port': Error in the push function.
The full error message:
> substitute: updating substitutes from
'https://bordeaux.guix.gnu.org'... 0.0%guix substitute: error: TLS
error in procedure 'write_to_session_record_port': Error in the push
function.
guix upgrade: error:
`/gnu/store/8wp75vw27zm2c8cfkpxqg73glslqvmgn-guix-command substitute'
died unexpectedly
There's at least one thread about this message in the archives but it's
from before I subscribed and I don't know how/if I can tag into that
thread so I'll just start a new one.
I've been seeing the above error message on `guix pull` and `guix
upgrade` off-and-on for about 2 years. It's not 100% correlated but
seems to be more prevalent when I'm doing the guix operation over a VPN.
It seems to come in bunches meaning I won't see the error for a few
weeks and then it will persist for a couple of weeks to the point where
I basically cannot do a pull/upgrade.
Anyone have any thoughts as to what might happening? Or, even better,
ideas as to how I might troubleshoot? Previous attempts to capture it
with wireshark/tshark have not been indicative of the root cause.
thx
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: guix pull/guix upgrade often fails over VPN with TLS error message
2024-08-14 13:54 guix pull/guix upgrade often fails over VPN with TLS error message Thom R Harmon
@ 2024-08-15 21:20 ` Thom R Harmon
2024-08-17 2:01 ` Thom R Harmon
1 sibling, 0 replies; 7+ messages in thread
From: Thom R Harmon @ 2024-08-15 21:20 UTC (permalink / raw)
To: help-guix
Well, that was fun. Sorry, folks. I have no idea why that came through
so many times. One heck of an intro to the list though. ;)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: guix pull/guix upgrade often fails over VPN with TLS error message
2024-08-14 13:54 guix pull/guix upgrade often fails over VPN with TLS error message Thom R Harmon
2024-08-15 21:20 ` Thom R Harmon
@ 2024-08-17 2:01 ` Thom R Harmon
2024-08-17 2:05 ` Thom R Harmon
1 sibling, 1 reply; 7+ messages in thread
From: Thom R Harmon @ 2024-08-17 2:01 UTC (permalink / raw)
To: help-guix
I've still not come up with a decent way to troubleshoot this issue but
it persists. It seems to be happening quite frequently now even when I'm
not accessing the substitute servers over a VPN connection. The box
exhibiting this behavior consistently is a Debian 12 box with guix
installed via binary install. I have another machine running an Ubuntu
release and, as far as I can tell, it does not have this problem.
Still happy to get advice as to how I might be able to debug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: guix pull/guix upgrade often fails over VPN with TLS error message
2024-08-17 2:01 ` Thom R Harmon
@ 2024-08-17 2:05 ` Thom R Harmon
2024-08-17 18:14 ` Thom R Harmon via
0 siblings, 1 reply; 7+ messages in thread
From: Thom R Harmon @ 2024-08-17 2:05 UTC (permalink / raw)
To: help-guix
It's probably worth mentioning that I earlier today, on the theory that
perhaps the required connections were timing out, I tested both `guix
pull` and `guix upgrade` with `--timeout=0`. Unfortunately that did not
fix the issue.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: guix pull/guix upgrade often fails over VPN with TLS error message
2024-08-17 2:05 ` Thom R Harmon
@ 2024-08-17 18:14 ` Thom R Harmon via
2024-08-22 23:46 ` Thom R Harmon
0 siblings, 1 reply; 7+ messages in thread
From: Thom R Harmon via @ 2024-08-17 18:14 UTC (permalink / raw)
To: help-guix
So this is interesting.... I did a pkt capture with tshark while a 'guix pull' was running and captured RST packets for the TLS connection:
1 0.000000000 <redacted> 185.233.100.56 SSL 2804 Continuation Data
2 0.000047880 <redacted> 185.233.100.56 SSL 2804 Continuation Data
3 0.355735909 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0
4 0.355891353 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0
5 0.355891393 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0
6 0.355939644 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0
7 0.356476147 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0
8 0.356476197 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0
Now, is that RST coming from an intermediate device (ex: my firewall) or directly from the sub server? Not sure but I will inspect firewall logs and its interesting that its only the one host exhibiting this behavior. FWIW, no host-based firewall or IPS/IDS in play here.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: guix pull/guix upgrade often fails over VPN with TLS error message
2024-08-17 18:14 ` Thom R Harmon via
@ 2024-08-22 23:46 ` Thom R Harmon
2024-09-04 18:41 ` Richard Sent
0 siblings, 1 reply; 7+ messages in thread
From: Thom R Harmon @ 2024-08-22 23:46 UTC (permalink / raw)
To: help-guix
Just closing the loop on this...
So, nobody had any advice as to how to troubleshoot this and I stopped
looking for root cause and started looking for a fix of any sort. Turns
out that was to make sure nothing was using /gnu/store and then `rm -rf
/gnu/* /var/guix` and re-install guix. All of the nodes which were
exhibiting this behavior stopped doing so after a re-install.
My only theory is that there is something I am doing when managing the
guix binary install that will occasionally result in the systems getting
into this state. Perhaps something to do with the TLS libs.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: guix pull/guix upgrade often fails over VPN with TLS error message
2024-08-22 23:46 ` Thom R Harmon
@ 2024-09-04 18:41 ` Richard Sent
0 siblings, 0 replies; 7+ messages in thread
From: Richard Sent @ 2024-09-04 18:41 UTC (permalink / raw)
To: Thom R Harmon; +Cc: help-guix
Thom R Harmon <trharmon@proton.me> writes:
> Just closing the loop on this...
>
> So, nobody had any advice as to how to troubleshoot this and I stopped
> looking for root cause and started looking for a fix of any sort. Turns
> out that was to make sure nothing was using /gnu/store and then `rm -rf
> /gnu/* /var/guix` and re-install guix. All of the nodes which were
> exhibiting this behavior stopped doing so after a re-install.
>
> My only theory is that there is something I am doing when managing the
> guix binary install that will occasionally result in the systems getting
> into this state. Perhaps something to do with the TLS libs.
I missed this email earlier, but FYI your issue sounds similar to
https://issues.guix.gnu.org/71238. A root cause hasn't been identified
there either.
--
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-09-04 18:42 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-14 13:54 guix pull/guix upgrade often fails over VPN with TLS error message Thom R Harmon
2024-08-15 21:20 ` Thom R Harmon
2024-08-17 2:01 ` Thom R Harmon
2024-08-17 2:05 ` Thom R Harmon
2024-08-17 18:14 ` Thom R Harmon via
2024-08-22 23:46 ` Thom R Harmon
2024-09-04 18:41 ` Richard Sent
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).