git-fetch throws an error: gnutls_handshake() failed: An unexpected TLS packet was received.

nigko wrote 10 months ago

Recipients:(address . bug-guix@gnu.org)

Message-ID:CAO356aEQQiEiba55db727E_7ryzGh=jiO81vGX6pBtu7jRWviw@mail.gmail.com

Hello Guix!

When I try to download source code of any package that use

git-fetch download method I get an error if I am behind https proxy

server. For example,

$ guix build --no-substitutes -S eigen

The following derivations will be built:

/gnu/store/rsk8d4py0c5qgp7q4xzd9ci3w4l5wki5-eigen-3.4.0-checkout.drv

/gnu/store/ac69jx4b08rqd07v5m5ayd5dgh3b9798-eigen-3.4.0-checkout.drv

building /gnu/store/ac69jx4b08rqd07v5m5ayd5dgh3b9798-eigen-3.4.0-checkout.drv...

hint: Consider installing the `glibc-locales' package and defining

`GUIX_LOCPATH', along these lines:

guix install glibc-locales

export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"

See the "Application Setup" section in the manual, for more info.

Initialized empty Git repository in

/gnu/store/1syd2rljr26hx9y45645lxwfh1wsya50-eigen-3.4.0-checkout/.git/

fatal: unable to access 'https://gitlab.com/libeigen/eigen.git/':

gnutls_handshake() failed: An unexpected TLS packet was received.

Failed to do a shallow fetch; retrying a full fetch...

fatal: unable to access 'https://gitlab.com/libeigen/eigen.git/':

gnutls_handshake() failed: An unexpected TLS packet was received.

git-fetch:

'/gnu/store/lcygm0p2d59acvwi12lwldg5c0d4czpr-git-minimal-2.41.0/bin/git

fetch origin'

failed with exit code 128

Trying content-addressed mirror at bordeaux.guix.gnu.org...

...

But when I use 'git clone' like this:

$ guix shell --preserve=https_proxy -CN git nss-certs -- \

git clone https://gitlab.com/libeigen/eigen.git/

it works.

I looked into definitions of 'git' and 'git-minimal' packages.

They both do not depend on 'gnutls' package (at least directly),

but instead on 'openssl'. Then why is git-fetch method apparently

using 'gnutls' and not 'openssl'? Is there any workaround for

git-fetch (similar to package transformations) that allow to

replace 'gnutls' by 'openssl' in its dependency graph?

Regards,

Nigko

nigko wrote 10 months ago

Recipients:(address . 71113-done@debbugs.gnu.org)

Message-ID:CAO356aH3Qmo=txuHXqjJLs2TP2yD9bVsRfuatps1z=6uOacdEg@mail.gmail.com

It turns out that this wasn't Guix's bug at all, but only the wrong
configuration of https_proxy
variable in the guix-daemon environment (on foreign distro): I
mistakenly set https_proxy
to "https://... "address, while the proxy server understands only http
protocol.  Setting
https_proxy to "http://.." address fixes this.

Close this bug report.

Regards,
Nigko Yerden

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 71113@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 71113

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date