X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from mail.cmpwn.com (mail.cmpwn.com [45.56.77.53])
	by lists.alpinelinux.org (Postfix) with ESMTP id AD4785C56B0
	for <alpine-devel@lists.alpinelinux.org>; Sun, 16 Sep 2018 23:58:05 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cmpwn.com; s=cmpwn;
	t=1537142736; bh=V9sGu0oWasqezdPi6CQpvhbKDsH7kXpWc5RMfg8HMro=;
	h=Date:From:To:Subject;
	b=kERGSndz/ViI5jmtP94Pbeh4PQuVkTa2jVVylQf6oUdBgPUIAvrA5RvQeAvv2bkEL
	 gmcFYOB0jKXONZcd1S1taPUjcXyB4QxRSUaSfV7lXlp+whdEWRo1MMyNCaLnmqqcwU
	 eCbh8xF/YD1NyCrfi+/3vYjHdkeLBhwOuoC7Y7Fc=
Date: Sun, 16 Sep 2018 19:58:03 -0400
From: Drew DeVault <sir@cmpwn.com>
To: alpine-devel@lists.alpinelinux.org
Subject: [alpine-devel] SSL connections hang on boot in Alpine VMs
Message-ID: <20180916235803.GA5606@homura.localdomain>
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GNU: Terry Pratchett

Hey guys. I'm dealing with a super bizzare issue and I'm hoping I might
find some help here. I have a script which creates qcow2 images with
Alpine installed:

https://git.sr.ht/~sircmpwn/builds.sr.ht/tree/images/alpine/genimg

Running this as root on an Alpine machine will produce a bootable qcow2
you can feed into qemu to reproduce my problem:

	qemu-system-x86_64 \
		-m 2048 \
		-net nic,model=virtio -net user,hostfwd=tcp::8022-:22 \
		-cpu host \
		-enable-kvm \
		-nographic \
		-drive file="root.img.qcow2",media=disk,snapshot=on,if=virtio

You can then SSH in with `ssh -p 8022 builds@localhost`, with no
password. This user is in the sudoers file. You should then be able to
`curl http://example.org` to see that it can communicate fine with the
outside world. However, when you run `curl https://example.org`, it will
simply hang. It's not a problem specific to curl, as it can also be
reproduced with `openssl s_client example.org:443`.

Here's what makes it really weird: the problem goes away if you `apk del
alpine-sdk && apk add alpine-sdk`. I took one Alpine image on which the
problem was reproducable, and another after reinstalling alpine-sdk, and
diffed the filesystems - the only thing I saw here was /etc/apk/world
shook up beyond the capability of my diff tool. If no one has ideas I'm
going to try writing some scripts to make the differences in between
these files more apparent.

I build these images nightly. The problem first started appearing
sometime between 2018-09-06 20:36 UTC and 2018-09-07 20:36 UTC. I looked
over the commits to aports during that time (and a few days on either
end just to be sure), and found no leads. I also sorted
git.alpinelinux.org by date modified and looked over the same dates in
other Alpine repos, and left similarly empty-handed.

Does anyone have any ideas?

--
Drew DeVault


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---