New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

`stack setup` SSL conn.failure on Ubuntu 16 #2372

Closed
ocramz opened this Issue Jul 13, 2016 · 6 comments

Comments

Projects
None yet
3 participants
@ocramz

ocramz commented Jul 13, 2016

I'm getting this SSL connection failure when running stack setup in a Docker image based on Ubuntu 16 (namely, the current phusion/baseimage)

FailedConnectionException2 "raw.githubusercontent.com" 443 True getProtocolByName: does not exist (no such protocol name: tcp)

What SSL tools/libraries does stack require with this configuration? I do have openssl installed at the latest version.

Thank you

@sjakobi

This comment has been minimized.

Contributor

sjakobi commented Jul 14, 2016

I currently don't know enough about stack's docker integration. Maybe @borsboom can help?

@ocramz

This comment has been minimized.

ocramz commented Jul 15, 2016

@sjakobi @borsboom Tried with phusion/baseimage:0.9.18, which is based on Ubuntu 14, and the issue does not appear. According to the changelog, 0.9.18 uses OpenSSL patch CVE-2015-3193.

N.B.: I was pulling in Stack manually (curl -L https://www.stackage.org/stack/linux-x86_64 | tar xz --wildcards --strip-components=1 -C $HOME/.local/bin '*/stack') and not via APT repository.

Thank you again

@sjakobi

This comment has been minimized.

Contributor

sjakobi commented Jul 15, 2016

Thanks for the update!

@sjakobi sjakobi closed this Jul 15, 2016

@ocramz

This comment has been minimized.

ocramz commented Jul 15, 2016

@sjakobi I'm not sure switching to a previous OS version solves it .. Ubuntu 16 seems to have the same issue also with the APT-based installer.

@Blaisorblade

This comment has been minimized.

Collaborator

Blaisorblade commented Jul 20, 2016

TL;DR. The image does not contain /etc/protocols from the netbase package, leading to this failure.

@ocramz apt-get update; apt-get install netbase should fix this particular error. Knowing nothing else, this seems a bug in the image.

The error message is correct and helpful (if not user-friendly): Haskell getProtocolByName fails, that is, C's getprotobyname(3) fails, that is, /etc/protocols is missing from the image. Just in case the info is given in some other way, I also tried to get the info using the proper command-line API , namely getent(1):

$ docker run --rm -t -i phusion/baseimage:0.9.19 /sbin/my_init -- bash -l
# getent protocols tcp; echo $?
2
# ls /etc/protocols
ls: cannot access '/etc/protocols': No such file or directory

Compare with correct results (on a normal LTS 14.04 system):

# getent protocols tcp; echo $?
tcp                   6 TCP
0
# ls /etc/protocols
/etc/protocols
# dpkg -S /etc/protocols
netbase: /etc/protocols

phusion 0.9.18 also has netbase:

$ docker run --rm -t -i phusion/baseimage:0.9.18 /sbin/my_init -- bash -l
root@0e67dce35f7b:/# getent protocols tcp
tcp                   6 TCP
root@0e67dce35f7b:/# ls /etc/protocols
/etc/protocols

The change seems unintentional, based on:
phusion/baseimage-docker@e436d1c

@ocramz

This comment has been minimized.

ocramz commented Jul 21, 2016

Thank you @Blaisorblade , I'll use your fix. Opened an issue with Phusion about this : phusion/baseimage-docker#323

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment