Mail archive
alpine-devel

Re: [alpine-devel] SSL connections hang on boot in Alpine VMs

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Mon, 17 Sep 2018 10:32:38 +0200

Hi!

It sounds like /dev/random runs out of entropy in your vm.

Does it help to add `-device virtio-rng-pci`?

https://wiki.qemu.org/Features/VirtIORNG

-nc

On Sun, 16 Sep 2018 19:58:03 -0400
Drew DeVault <sir_at_cmpwn.com> wrote:

> Hey guys. I'm dealing with a super bizzare issue and I'm hoping I might
> find some help here. I have a script which creates qcow2 images with
> Alpine installed:
>
> https://git.sr.ht/~sircmpwn/builds.sr.ht/tree/images/alpine/genimg
>
> Running this as root on an Alpine machine will produce a bootable qcow2
> you can feed into qemu to reproduce my problem:
>
> qemu-system-x86_64 \
> -m 2048 \
> -net nic,model=virtio -net user,hostfwd=tcp::8022-:22 \
> -cpu host \
> -enable-kvm \
> -nographic \
> -drive file="root.img.qcow2",media=disk,snapshot=on,if=virtio
>
> You can then SSH in with `ssh -p 8022 builds_at_localhost`, with no
> password. This user is in the sudoers file. You should then be able to
> `curl http://example.org` to see that it can communicate fine with the
> outside world. However, when you run `curl https://example.org`, it will
> simply hang. It's not a problem specific to curl, as it can also be
> reproduced with `openssl s_client example.org:443`.
>
> Here's what makes it really weird: the problem goes away if you `apk del
> alpine-sdk && apk add alpine-sdk`. I took one Alpine image on which the
> problem was reproducable, and another after reinstalling alpine-sdk, and
> diffed the filesystems - the only thing I saw here was /etc/apk/world
> shook up beyond the capability of my diff tool. If no one has ideas I'm
> going to try writing some scripts to make the differences in between
> these files more apparent.
>
> I build these images nightly. The problem first started appearing
> sometime between 2018-09-06 20:36 UTC and 2018-09-07 20:36 UTC. I looked
> over the commits to aports during that time (and a few days on either
> end just to be sure), and found no leads. I also sorted
> git.alpinelinux.org by date modified and looked over the same dates in
> other Alpine repos, and left similarly empty-handed.
>
> Does anyone have any ideas?
>
> --
> Drew DeVault
>
>
> ---
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
> ---
>



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Mon Sep 17 2018 - 10:32:38 UTC