X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mx1.tetrasec.net (mx1.tetrasec.net [74.117.190.25]) by lists.alpinelinux.org (Postfix) with ESMTP id 349485C637A for ; Mon, 17 Sep 2018 08:32:48 +0000 (GMT) Received: from mx1.tetrasec.net (mail.local [127.0.0.1]) by mx1.tetrasec.net (Postfix) with ESMTP id C16D29E1E19; Mon, 17 Sep 2018 08:32:47 +0000 (GMT) Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by mx1.tetrasec.net (Postfix) with ESMTPSA id 942599E00F9; Mon, 17 Sep 2018 08:32:46 +0000 (GMT) Date: Mon, 17 Sep 2018 10:32:38 +0200 From: Natanael Copa To: Drew DeVault Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] SSL connections hang on boot in Alpine VMs Message-ID: <20180917103238.07f063d1@ncopa-desktop.copa.dup.pw> In-Reply-To: <20180916235803.GA5606@homura.localdomain> References: <20180916235803.GA5606@homura.localdomain> X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.31; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi! It sounds like /dev/random runs out of entropy in your vm. Does it help to add `-device virtio-rng-pci`? https://wiki.qemu.org/Features/VirtIORNG -nc On Sun, 16 Sep 2018 19:58:03 -0400 Drew DeVault wrote: > Hey guys. I'm dealing with a super bizzare issue and I'm hoping I might > find some help here. I have a script which creates qcow2 images with > Alpine installed: > > https://git.sr.ht/~sircmpwn/builds.sr.ht/tree/images/alpine/genimg > > Running this as root on an Alpine machine will produce a bootable qcow2 > you can feed into qemu to reproduce my problem: > > qemu-system-x86_64 \ > -m 2048 \ > -net nic,model=virtio -net user,hostfwd=tcp::8022-:22 \ > -cpu host \ > -enable-kvm \ > -nographic \ > -drive file="root.img.qcow2",media=disk,snapshot=on,if=virtio > > You can then SSH in with `ssh -p 8022 builds@localhost`, with no > password. This user is in the sudoers file. You should then be able to > `curl http://example.org` to see that it can communicate fine with the > outside world. However, when you run `curl https://example.org`, it will > simply hang. It's not a problem specific to curl, as it can also be > reproduced with `openssl s_client example.org:443`. > > Here's what makes it really weird: the problem goes away if you `apk del > alpine-sdk && apk add alpine-sdk`. I took one Alpine image on which the > problem was reproducable, and another after reinstalling alpine-sdk, and > diffed the filesystems - the only thing I saw here was /etc/apk/world > shook up beyond the capability of my diff tool. If no one has ideas I'm > going to try writing some scripts to make the differences in between > these files more apparent. > > I build these images nightly. The problem first started appearing > sometime between 2018-09-06 20:36 UTC and 2018-09-07 20:36 UTC. I looked > over the commits to aports during that time (and a few days on either > end just to be sure), and found no leads. I also sorted > git.alpinelinux.org by date modified and looked over the same dates in > other Alpine repos, and left similarly empty-handed. > > Does anyone have any ideas? > > -- > Drew DeVault > > > --- > Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org > Help: alpine-devel+help@lists.alpinelinux.org > --- > --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---