From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id ECxZM6KWZmZM+AAA62LTzQ:P1 (envelope-from ) for ; Mon, 10 Jun 2024 06:01:06 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id ECxZM6KWZmZM+AAA62LTzQ (envelope-from ) for ; Mon, 10 Jun 2024 08:01:06 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=B1ywpVGW; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717999266; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=dIwzYNCiE9pGWXm3v5dr/gs3lCOlfVWn/Z2Ym7wZ+T8=; b=kwVEqo01gSbI3WNbHKfwVK4mcuIejJh/kWHyMUlu+z6KuOHpfkJy1lfbEmFXNS18s18Uzf JKpvL4YR2e1NAQeML+N28p64oKrBFMbhlmb+nnzEJkfKTMCNASKUwPGBM6kq6r4F9dODG9 AJSvvaptbXAjkrLah6Uzrqch+o++glFYxSpd9l8nYkPr4FTWHYRDQ7p9msh54JlubMIl9r hIuXz8oszhcI0A7naFYPzx7LqNr4QcbKSKrMO32RSkabbMqIM6abLP8RVjpSJF7Wv8kI0p jfrfbWF4N9w3ysK+ozY73ApQYLf050pKMHV1Vxth7Sw6ybfVSKKy+sOd+UNzqQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=B1ywpVGW; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717999266; a=rsa-sha256; cv=none; b=IymKOYc0UuQTaaOBeFg8BVVo0ygX8mcwDktrDzrHi9j2FWQ2OJ4ftqu6/GtJhSVw2Z4FGZ lw3+3NrjfowTC36RC9OYYHN/uuiyRy81hrzlI5jnYIhgD4umEKjF9wajU/4hFOS5Wi76MM y3ySLnCGtvGWKZz+H0lse4EopGkFjsu/M1TdQ5qfr/M7zVtUHHmOz+RrzvkGDovuqmdXuI JJDkPGpT4jDSLHBJXH5Fu1rCqz3+/wLM/vBvpkMj9JstS5HvtfgSdIjpWdk4itX8KjgXjT b9buDhI1S5cpcIvgluw/zhLhUg1xJGsj5pkA/rFUVSpONDW8TFaNbe5RQOdclw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7A55238283 for ; Mon, 10 Jun 2024 08:01:06 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sGY5I-0002BD-JY; Mon, 10 Jun 2024 02:00:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sGY5G-0002Am-Ag for bug-guix@gnu.org; Mon, 10 Jun 2024 02:00:46 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sGY5G-0008S4-2O for bug-guix@gnu.org; Mon, 10 Jun 2024 02:00:46 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sGY5W-0001tx-EI for bug-guix@gnu.org; Mon, 10 Jun 2024 02:01:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#71238: Installer image consistently fails to run system init due to TLS error Resent-From: adanskana@gmail.com Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 10 Jun 2024 06:01:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71238 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Richard Sent , 71238@debbugs.gnu.org, lars.bilke@ufz.de, ludo@gnu.org, ekaitz@elenq.tech Received: via spool by 71238-submit@debbugs.gnu.org id=B71238.17179992367240 (code B ref 71238); Mon, 10 Jun 2024 06:01:02 +0000 Received: (at 71238) by debbugs.gnu.org; 10 Jun 2024 06:00:36 +0000 Received: from localhost ([127.0.0.1]:35886 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sGY55-0001se-Mj for submit@debbugs.gnu.org; Mon, 10 Jun 2024 02:00:36 -0400 Received: from mail-qv1-f45.google.com ([209.85.219.45]:51333) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sGY4z-0001sA-1t for 71238@debbugs.gnu.org; Mon, 10 Jun 2024 02:00:34 -0400 Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-6b064c4857dso10065816d6.2 for <71238@debbugs.gnu.org>; Sun, 09 Jun 2024 23:00:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717999146; x=1718603946; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:references:subject:to:from :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=dIwzYNCiE9pGWXm3v5dr/gs3lCOlfVWn/Z2Ym7wZ+T8=; b=B1ywpVGWmwe4Nz0EzEef+IKrguJDJbarotAagSI2PDHYuumQkJRQJf5YbtuXGmUScY jihbTJEq7Ghez5pO3GhJyiOS+cgcv9ZTZc5GYqk6OHcmlFEcu1zvmLycJpxV31qA4l41 vT6r15aYYckYikpH97IyGJf3hLXLaiQiN4gYndE5RdLIyS5JPJgyxkHAd1RxrQK10JKV qeRFgPaU1YUmHIOyTZtEarVLjr4v630rqjOOD/zKOaHkXx+XZhWrsyJEOWIuS+b0Kx25 pvNW74NrCoU2y7YMdK+FIMHjIN/Zzw4aFr9A/XfBaqS/aSqjPg8c8pMgHIjVCGnEfgK5 lpFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717999146; x=1718603946; h=content-transfer-encoding:in-reply-to:references:subject:to:from :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dIwzYNCiE9pGWXm3v5dr/gs3lCOlfVWn/Z2Ym7wZ+T8=; b=nXhSrZmITnT9CXZGPZGfzJ3mKnBGNUhmFO+1jAXaH0UdQjZxy3QwKx2eRlgBC3nRvt 7V7fKJDrNgfzvF9tqIOVzH7tTqq394z7Cw1fyOfmjGIXa2Qa8b/8ZQSrWq0ql1G4dBnN 4FnRv1eGhLYAGxyxI8MJOJtUI34RM6t1S3vPnCSIbr0HW1F9XSg1zIUD56WPOvsan+/V zTXbI2v/AkwfcMe2OAlUnliK5Fm4V6GWgUneE/ty1YNoBHc/2j4gTmmL/m+FQgUUvgks Z5UlrSSTdL8wFa+ONGFDvhEZ79CwGEwEatwojUGhW03GP1CkSSN4mUjMuhAcfs4DwWzJ IxdA== X-Forwarded-Encrypted: i=1; AJvYcCWfFRG1nDx3Li/aSjyX/bIuOGXfw4o4H2YzS3FohXcwqgeXhupy4ylL669cJN2kPD/+3NVidalnsx5U4a/7Uj39aNVysxY= X-Gm-Message-State: AOJu0YxRR305z2KqeVNsPLYLNiVg/FvtjeNqRTKj7qWY19K5Yp1hlb6d +EI3b2fR3R/y4T6CW9DaY4Y40ig4jH32MPVE/VgpYsGfTlJH6ZYfCKMRpxSA X-Google-Smtp-Source: AGHT+IHWN4V5HnHbpPqyopUMCbXn+8UffY6EXYIKWH7uQyZcFuLKWONESL6gje26oUtAuqr+JOQyng== X-Received: by 2002:a05:6a20:d80f:b0:1b5:ecc:a964 with SMTP id adf61e73a8af0-1b50eccab24mr5192344637.31.1717997636515; Sun, 09 Jun 2024 22:33:56 -0700 (PDT) Received: from [10.143.113.222] ([130.95.40.103]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7059534a4c4sm1090737b3a.36.2024.06.09.22.33.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 09 Jun 2024 22:33:56 -0700 (PDT) Message-ID: <0c00df03-8ba7-c5d2-3a16-afb5175fb00e@gmail.com> Date: Mon, 10 Jun 2024 05:33:50 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 From: adanskana@gmail.com References: <87plt692ky.fsf@freakingpenguin.com> <87a5ka8y5e.fsf@freakingpenguin.com> <87y17u7dfu.fsf@freakingpenguin.com> <87h6ehl7db.fsf@freakingpenguin.com> In-Reply-To: <87h6ehl7db.fsf@freakingpenguin.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 2.66 X-Spam-Score: 2.66 X-Migadu-Queue-Id: 7A55238283 X-Migadu-Scanner: mx13.migadu.com X-TUID: 1ZpXTA6ltnDn Hi all, On 29/05/2024 01:44, Richard Sent wrote: > Richard Sent writes: > > > 1. There was a transient network issue for ~3 hours when I attempted to > > install Guix ~4 times using different installation media that caused a > > specific TLS handshake to fail. > > > > 2. A specific TLS handshake Guix undertakes during the installation > > process fails to pass one of the built-in firewall rules shipped with > > opnsense. > > > > 3. Some other odd aspect of my network messes things up for a specific > > TLS handshake. > > > > My money is on 2 given how this is a seemingly common issue on > > enterprise networks [1] and the rules I have added seem irrelevant. (I'd > > rather not talk openly about my firewall rules in an archived public > > forum, but can discuss off-list). However, there is another comment in > > that thread that says IT didn't notice any firewall blocking. > > I ran the 1.4.0 installer again today behind my opnsense router and it > completed successfully, which is horrifying. I was hoping starting from > a constant image would make the error reproducible but that doesn't seem > to be the case. Even with a consistent system image and network, it's > only reproducible for somewhere between a few hours and one day. Perhaps > server load plays a part? > > (Technically my process was a little bit different. Instead of fully > completing the graphical installer I swapped to a TTY after activating > the wired connection, mounted the root fs, and run $ guix system build > /mnt/etc/config.scm, where config.scm was unmodified since initial > installation. I'd be stunned if this caused the change in behavior but > figured I'd mention for completeness.) > > I've mananged to reproduce this bug. First, I run `sudo guix gc delete-generations && guix gc -d 2w` to clear my store. Then I run `guix upgrade && sudo guix system -L /home/ada/dotfiles/guix/ reconfigure --fallback /home/ada/dotfiles/guix/ada/system/kissakoira.scm` to redownload all of those deleted store items. The process 9/10 will fail halfway through the upgrade process. Then, a retry will work without a hitch. Even re-gc-ing my system will not let me reproduce the bug - I need to restart my system. Then, the likelyhood it works is 7/10 until the next day (just my perception). By the way, this is on my university's network. I managed to capture the problem happening under strace using this command `strace -ff -tt -o log_up.strace -s 500 guix upgrade && sudo strace -ff -tt -o log_sr.strace -s 500 sudo guix system -L /home/ada/dotfiles/guix/ reconfigure --fallback /home/ada/dotfiles/guix/ada/system/kissakoira.scm`. I've uploaded the logs to my Google Drive[1]. You can use `strace-log-merge log_up.strace` to view to merged logs. As I can reproduce this error fairly consistently now, please let me know if you want me to run any more tools to capture more data. Warmly, Ada [1] https://drive.google.com/file/d/104DVqyMLGRi4imWzvFQ6TahAiRRKdR4_/view?usp=drive_link