Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Git unable to access metadata / cert acting up #319

Closed
ben-c-at-moz opened this issue Dec 14, 2023 · 4 comments
Closed

Git unable to access metadata / cert acting up #319

ben-c-at-moz opened this issue Dec 14, 2023 · 4 comments

Comments

@ben-c-at-moz
Copy link 

$ curl https://hg.mozilla.org/mozilla-central/raw-file/default/python/mozboot/bin/bootstrap.py -O && GIT_CURL_VERBOSE=1 python3 bootstrap.py --vcs=git
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 15058  100 15058    0     0   8994      0  0:00:01  0:00:01 --:--:--  8989
Cloning into mozilla-unified using Git...
Destination directory for clone (leave empty to use default destination of mozilla-unified): 
Cloning Firefox Git repository to /Users/username/mozilla-unified
Cloning into '/Users/username/mozilla-unified'...
16:06:06.460195 http.patched.c:844      == Info: Couldn't find host hg.mozilla.org in the .netrc file; using defaults
16:06:06.462850 http.patched.c:844      == Info:   Trying 63.245.208.203:443...
16:06:06.498105 http.patched.c:844      == Info: Connected to hg.mozilla.org (63.245.208.203) port 443
16:06:06.498143 http.patched.c:844      == Info: ALPN: curl offers h2,http/1.1
16:06:06.498315 http.patched.c:844      == Info: (304) (OUT), TLS handshake, Client hello (1):
16:06:06.501600 http.patched.c:844      == Info:  CAfile: /etc/ssl/cert.pem
16:06:06.501613 http.patched.c:844      == Info:  CApath: none
16:06:06.536322 http.patched.c:844      == Info: (304) (IN), TLS handshake, Server hello (2):
16:06:06.537074 http.patched.c:844      == Info: (304) (OUT), TLS handshake, Client hello (1):
16:06:06.579641 http.patched.c:844      == Info: (304) (IN), TLS handshake, Server hello (2):
16:06:06.581733 http.patched.c:844      == Info: (304) (IN), TLS handshake, Unknown (8):
16:06:06.581789 http.patched.c:844      == Info: (304) (IN), TLS handshake, Certificate (11):
16:06:06.582362 http.patched.c:844      == Info: (304) (IN), TLS handshake, CERT verify (15):
16:06:06.582579 http.patched.c:844      == Info: (304) (IN), TLS handshake, Finished (20):
16:06:06.582631 http.patched.c:844      == Info: (304) (OUT), TLS handshake, Finished (20):
16:06:06.582644 http.patched.c:844      == Info: SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
16:06:06.582648 http.patched.c:844      == Info: ALPN: server accepted h2
16:06:06.582653 http.patched.c:844      == Info: Server certificate:
16:06:06.582664 http.patched.c:844      == Info:  subject: C=US; ST=California; L=San Francisco; O=Mozilla Foundation; CN=hg.mozilla.org
16:06:06.582669 http.patched.c:844      == Info:  start date: Sep 19 00:00:00 2023 GMT
16:06:06.582671 http.patched.c:844      == Info:  expire date: Sep 18 23:59:59 2024 GMT
16:06:06.582680 http.patched.c:844      == Info:  subjectAltName: host "hg.mozilla.org" matched cert's "hg.mozilla.org"
16:06:06.582686 http.patched.c:844      == Info:  issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
16:06:06.582688 http.patched.c:844      == Info:  SSL certificate verify ok.
16:06:06.582736 http.patched.c:844      == Info: using HTTP/2
16:06:06.582762 http.patched.c:844      == Info: [HTTP/2] [1] OPENED stream for https://hg.mozilla.org/mozilla-unified?cmd=capabilities
16:06:06.582764 http.patched.c:844      == Info: [HTTP/2] [1] [:method: GET]
16:06:06.582766 http.patched.c:844      == Info: [HTTP/2] [1] [:scheme: https]
16:06:06.582768 http.patched.c:844      == Info: [HTTP/2] [1] [:authority: hg.mozilla.org]
16:06:06.582770 http.patched.c:844      == Info: [HTTP/2] [1] [:path: /mozilla-unified?cmd=capabilities]
16:06:06.582772 http.patched.c:844      == Info: [HTTP/2] [1] [user-agent: mercurial/proto-1.0]
16:06:06.582775 http.patched.c:844      == Info: [HTTP/2] [1] [accept-encoding: deflate, gzip]
16:06:06.582777 http.patched.c:844      == Info: [HTTP/2] [1] [accept: application/mercurial-0.1]
16:06:06.582800 http.patched.c:791      => Send header, 0000000170 bytes (0x000000aa)
16:06:06.582808 http.patched.c:803      => Send header: GET /mozilla-unified?cmd=capabilities HTTP/2
16:06:06.582810 http.patched.c:803      => Send header: Host: hg.mozilla.org
16:06:06.582812 http.patched.c:803      => Send header: User-Agent: mercurial/proto-1.0
16:06:06.582814 http.patched.c:803      => Send header: Accept-Encoding: deflate, gzip
16:06:06.582815 http.patched.c:803      => Send header: Accept: application/mercurial-0.1
16:06:06.582817 http.patched.c:803      => Send header:
16:06:06.673824 http.patched.c:791      <= Recv header, 0000000013 bytes (0x0000000d)
16:06:06.673834 http.patched.c:803      <= Recv header: HTTP/2 200
16:06:06.673838 http.patched.c:791      <= Recv header, 0000000016 bytes (0x00000010)
16:06:06.673840 http.patched.c:803      <= Recv header: server: Apache
16:06:06.673844 http.patched.c:791      <= Recv header, 0000000041 bytes (0x00000029)
16:06:06.673852 http.patched.c:803      <= Recv header: content-type: application/mercurial-0.1
16:06:06.673855 http.patched.c:791      <= Recv header, 0000000037 bytes (0x00000025)
16:06:06.673857 http.patched.c:803      <= Recv header: date: Thu, 14 Dec 2023 00:06:06 GMT
16:06:06.673859 http.patched.c:791      <= Recv header, 0000000032 bytes (0x00000020)
16:06:06.673861 http.patched.c:803      <= Recv header: access-control-allow-origin: *
16:06:06.673865 http.patched.c:791      <= Recv header, 0000000021 bytes (0x00000015)
16:06:06.673873 http.patched.c:803      <= Recv header: content-length: 574
16:06:06.673876 http.patched.c:791      <= Recv header, 0000000002 bytes (0x00000002)
16:06:06.673878 http.patched.c:803      <= Recv header:
16:06:06.673899 http.patched.c:844      == Info: Connection #0 to host hg.mozilla.org left intact
16:06:06.675076 http.patched.c:844      == Info: Couldn't find host hg.mozilla.org in the .netrc file; using defaults
16:06:06.675084 http.patched.c:844      == Info: Found bundle for host: 0x600000f389f0 [can multiplex]
16:06:06.675093 http.patched.c:844      == Info: Re-using existing connection with host hg.mozilla.org
16:06:06.675113 http.patched.c:844      == Info: [HTTP/2] [3] OPENED stream for https://hg.mozilla.org/mozilla-unified?cmd=batch
16:06:06.675116 http.patched.c:844      == Info: [HTTP/2] [3] [:method: GET]
16:06:06.675119 http.patched.c:844      == Info: [HTTP/2] [3] [:scheme: https]
16:06:06.675122 http.patched.c:844      == Info: [HTTP/2] [3] [:authority: hg.mozilla.org]
16:06:06.675125 http.patched.c:844      == Info: [HTTP/2] [3] [:path: /mozilla-unified?cmd=batch]
16:06:06.675128 http.patched.c:844      == Info: [HTTP/2] [3] [user-agent: mercurial/proto-1.0]
16:06:06.675130 http.patched.c:844      == Info: [HTTP/2] [3] [accept-encoding: deflate, gzip]
16:06:06.675133 http.patched.c:844      == Info: [HTTP/2] [3] [accept: application/mercurial-0.1]
16:06:06.675136 http.patched.c:844      == Info: [HTTP/2] [3] [x-hgarg-1: cmds=branchmap+%3Bheads+%3Blistkeys+namespace%3Dbookmarks]
16:06:06.675195 http.patched.c:791      => Send header, 0000000233 bytes (0x000000e9)
16:06:06.675209 http.patched.c:803      => Send header: GET /mozilla-unified?cmd=batch HTTP/2
16:06:06.675216 http.patched.c:803      => Send header: Host: hg.mozilla.org
16:06:06.675219 http.patched.c:803      => Send header: User-Agent: mercurial/proto-1.0
16:06:06.675220 http.patched.c:803      => Send header: Accept-Encoding: deflate, gzip
16:06:06.675226 http.patched.c:803      => Send header: Accept: application/mercurial-0.1
16:06:06.675228 http.patched.c:803      => Send header: X-HgArg-1: cmds=branchmap+%3Bheads+%3Blistkeys+namespace%3Dbookmarks
16:06:06.675230 http.patched.c:803      => Send header:
16:06:06.915412 http.patched.c:791      <= Recv header, 0000000013 bytes (0x0000000d)
16:06:06.915486 http.patched.c:803      <= Recv header: HTTP/2 200
16:06:06.915499 http.patched.c:791      <= Recv header, 0000000016 bytes (0x00000010)
16:06:06.915506 http.patched.c:803      <= Recv header: server: Apache
16:06:06.915515 http.patched.c:791      <= Recv header, 0000000041 bytes (0x00000029)
16:06:06.915529 http.patched.c:803      <= Recv header: content-type: application/mercurial-0.1
16:06:06.915536 http.patched.c:791      <= Recv header, 0000000037 bytes (0x00000025)
16:06:06.915542 http.patched.c:803      <= Recv header: date: Thu, 14 Dec 2023 00:06:06 GMT
16:06:06.915549 http.patched.c:791      <= Recv header, 0000000032 bytes (0x00000020)
16:06:06.915556 http.patched.c:803      <= Recv header: access-control-allow-origin: *
16:06:06.915564 http.patched.c:791      <= Recv header, 0000000023 bytes (0x00000017)
16:06:06.915570 http.patched.c:803      <= Recv header: content-length: 18341
16:06:06.915579 http.patched.c:791      <= Recv header, 0000000002 bytes (0x00000002)
16:06:06.915585 http.patched.c:803      <= Recv header:
16:06:06.945255 http.patched.c:844      == Info: Connection #0 to host hg.mozilla.org left intact
16:06:06.955518 http.patched.c:844      == Info: Couldn't find host hg.mozilla.org in the .netrc file; using defaults
16:06:06.955541 http.patched.c:844      == Info: Found bundle for host: 0x600000f389f0 [can multiplex]
16:06:06.955557 http.patched.c:844      == Info: Re-using existing connection with host hg.mozilla.org
16:06:06.955588 http.patched.c:844      == Info: [HTTP/2] [5] OPENED stream for https://hg.mozilla.org/mozilla-unified?cmd=cinnabarclone
16:06:06.955592 http.patched.c:844      == Info: [HTTP/2] [5] [:method: GET]
16:06:06.955596 http.patched.c:844      == Info: [HTTP/2] [5] [:scheme: https]
16:06:06.955598 http.patched.c:844      == Info: [HTTP/2] [5] [:authority: hg.mozilla.org]
16:06:06.955601 http.patched.c:844      == Info: [HTTP/2] [5] [:path: /mozilla-unified?cmd=cinnabarclone]
16:06:06.955604 http.patched.c:844      == Info: [HTTP/2] [5] [user-agent: mercurial/proto-1.0]
16:06:06.955607 http.patched.c:844      == Info: [HTTP/2] [5] [accept-encoding: deflate, gzip]
16:06:06.955610 http.patched.c:844      == Info: [HTTP/2] [5] [accept: application/mercurial-0.1]
16:06:06.955788 http.patched.c:791      => Send header, 0000000171 bytes (0x000000ab)
16:06:06.955796 http.patched.c:803      => Send header: GET /mozilla-unified?cmd=cinnabarclone HTTP/2
16:06:06.955799 http.patched.c:803      => Send header: Host: hg.mozilla.org
16:06:06.955801 http.patched.c:803      => Send header: User-Agent: mercurial/proto-1.0
16:06:06.955803 http.patched.c:803      => Send header: Accept-Encoding: deflate, gzip
16:06:06.955805 http.patched.c:803      => Send header: Accept: application/mercurial-0.1
16:06:06.955808 http.patched.c:803      => Send header:
16:06:07.055999 http.patched.c:791      <= Recv header, 0000000013 bytes (0x0000000d)
16:06:07.056033 http.patched.c:803      <= Recv header: HTTP/2 200
16:06:07.056039 http.patched.c:791      <= Recv header, 0000000016 bytes (0x00000010)
16:06:07.056041 http.patched.c:803      <= Recv header: server: Apache
16:06:07.056045 http.patched.c:791      <= Recv header, 0000000041 bytes (0x00000029)
16:06:07.056082 http.patched.c:803      <= Recv header: content-type: application/mercurial-0.1
16:06:07.056089 http.patched.c:791      <= Recv header, 0000000037 bytes (0x00000025)
16:06:07.056091 http.patched.c:803      <= Recv header: date: Thu, 14 Dec 2023 00:06:07 GMT
16:06:07.056094 http.patched.c:791      <= Recv header, 0000000032 bytes (0x00000020)
16:06:07.056096 http.patched.c:803      <= Recv header: access-control-allow-origin: *
16:06:07.056100 http.patched.c:791      <= Recv header, 0000000021 bytes (0x00000015)
16:06:07.056102 http.patched.c:803      <= Recv header: content-length: 318
16:06:07.056106 http.patched.c:791      <= Recv header, 0000000002 bytes (0x00000002)
16:06:07.056108 http.patched.c:803      <= Recv header:
16:06:07.056165 http.patched.c:844      == Info: Connection #0 to host hg.mozilla.org left intact
Fetching cinnabar metadata from https://community-tc.services.mozilla.com/api/index/v1/task/project.git-cinnabar.bundle.mozilla-unified/artifacts/public/bundle.git
16:06:07.886659 http.patched.c:844      == Info: Couldn't find host community-tc.services.mozilla.com in the .netrc file; using defaults
16:06:07.888721 http.patched.c:844      == Info:   Trying 34.102.144.36:443...
16:06:07.912392 http.patched.c:844      == Info: Connected to community-tc.services.mozilla.com (34.102.144.36) port 443
16:06:07.912574 http.patched.c:844      == Info: ALPN: curl offers h2,http/1.1
16:06:07.913158 http.patched.c:844      == Info: (304) (OUT), TLS handshake, Client hello (1):
16:06:07.922093 http.patched.c:844      == Info:  CAfile: /etc/ssl/cert.pem
16:06:07.922138 http.patched.c:844      == Info:  CApath: none
16:06:07.945107 http.patched.c:844      == Info: (304) (IN), TLS handshake, Server hello (2):
16:06:07.948006 http.patched.c:844      == Info: (304) (IN), TLS handshake, Unknown (8):
16:06:07.948020 http.patched.c:844      == Info: (304) (IN), TLS handshake, Certificate (11):
16:06:07.948498 http.patched.c:844      == Info: LibreSSL/3.3.6: error:0DFFF0A1:lib(13):func(4095):reason(161)
16:06:07.948515 http.patched.c:844      == Info: Closing connection
ERROR unable to access 'https://community-tc.services.mozilla.com/api/index/v1/task/project.git-cinnabar.bundle.mozilla-unified/artifacts/public/bundle.git': LibreSSL/3.3.6: error:0DFFF0A1:lib(13):func(4095):reason(161)
WARNING Falling back to normal clone.
16:06:07.949977 http.patched.c:844      == Info: Couldn't find host hg.mozilla.org in the .netrc file; using defaults
16:06:07.952500 http.patched.c:844      == Info:   Trying 63.245.208.203:443...
16:06:07.992364 http.patched.c:844      == Info: Connected to hg.mozilla.org (63.245.208.203) port 443
16:06:07.992421 http.patched.c:844      == Info: ALPN: curl offers h2,http/1.1
16:06:07.992669 http.patched.c:844      == Info: (304) (OUT), TLS handshake, Client hello (1):
16:06:07.998177 http.patched.c:844      == Info:  CAfile: /etc/ssl/cert.pem
16:06:07.998182 http.patched.c:844      == Info:  CApath: none
16:06:08.035573 http.patched.c:844      == Info: (304) (IN), TLS handshake, Server hello (2):
16:06:08.036775 http.patched.c:844      == Info: (304) (OUT), TLS handshake, Client hello (1):
16:06:08.079215 http.patched.c:844      == Info: (304) (IN), TLS handshake, Server hello (2):
16:06:08.082102 http.patched.c:844      == Info: (304) (IN), TLS handshake, Unknown (8):
16:06:08.082173 http.patched.c:844      == Info: (304) (IN), TLS handshake, Certificate (11):
16:06:08.082454 http.patched.c:844      == Info: LibreSSL/3.3.6: error:0DFFF0A1:lib(13):func(4095):reason(161)
16:06:08.082462 http.patched.c:844      == Info: Closing connection
fatal: called `Result::unwrap()` on an `Err` value: "unable to access 'https://hg.mozilla.org/mozilla-unified': LibreSSL/3.3.6: error:0DFFF0A1:lib(13):func(4095):reason(161)"
Run the command again with `git -c cinnabar.check=traceback <command>` to see the full traceback.
error: git-remote-hg died of signal 6
fatal: could not read ref refs/cinnabar/refs/heads/branches/default/tip
Could not bootstrap Firefox! Consider filing a bug.
Traceback (most recent call last):
  File "/Users/username/bootstrap.py", line 439, in <module>
    sys.exit(main(sys.argv))
             ^^^^^^^^^^^^^^
  File "/Users/username/bootstrap.py", line 406, in main
    srcdir = clone(options)
             ^^^^^^^^^^^^^^
  File "/Users/username/bootstrap.py", line 352, in clone
    return git_clone_firefox(binary, dest, watchman, head_repo, head_rev)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/username/bootstrap.py", line 204, in git_clone_firefox
    subprocess.check_call(
  File "/Users/username/.pyenv/versions/3.11.7/lib/python3.11/subprocess.py", line 413, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/git', 'clone', '--no-checkout', 'hg::https://hg.mozilla.org/mozilla-unified', '/Users/username/mozilla-unified']' returned non-zero exit status 128.
@glandium
Copy link
Owner

Good news: this is reproducible on Linux when building curl against libressl. How is that good news? because it means I can use rr and it will be much easier to debug.

@glandium
Copy link
Owner

glandium commented Dec 14, 2023
edited
Loading

Interestingly, though, while I'm getting the same error:0DFFF0A1:lib(13):func(4095):reason(161) on community-tc.services.mozilla.com, I'm getting a different error for the hg.mozilla.org request that follows: SSL certificate problem: CA signature digest algorithm too weak.

@glandium
Copy link
Owner

For future reference, in error:0DFFF0A1:lib(13):func(4095):reason(161):

  • 0DFFF0A1 is a packed version of the other numbers
  • 13 is ERR_LIB_ASN1
  • 4095 is a placeholder
  • 161 is ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM

@glandium glandium mentioned this issue Dec 15, 2023
Closed
@glandium
Copy link
Owner

Fixed in 8fb651f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@glandium @ben-c-at-moz