Not sure whether this is a glib-networking or gnutls change, but basically rpm-ostree crashes when trying to do HTTPS, and it's a libsoup/glib-networking level issue: ./get -c /etc/pki/tls/certs/ca-bundle.crt https://google.com>/dev/null GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. (get:3013): GLib-Net-WARNING **: G_TLS_GNUTLS_PRIORITY is invalid; ignoring! (get:3013): GLib-Net-WARNING **: (gtlsconnection-gnutls.c:235):g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) (get:3013): GLib-Net-WARNING **: (gtlsconnection-gnutls.c:240):g_tls_connection_gnutls_init_priorities: runtime check failed: (ret == 0) Segmentation fault (core dumped) However, this works: env G_TLS_GNUTLS_PRIORITY="NORMAL:%COMPAT:%LATEST_RECORD_VERSION" ./get https://google.com >/dev/null GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. [vagrant@localhost ~]$ Which seems strange...I haven't fully debugged what's going on here yet.
Oh...because there's a Fedora patch: http://pkgs.fedoraproject.org/cgit/rpms/glib-networking.git/commit/?id=441e95cc5d2531a0cf6f0317a49660497007bd70 And indeed, explicitly specifying: env G_TLS_GNUTLS_PRIORITY='@SYSTEM:NORMAL:%COMPAT:%LATEST_RECORD_VERSION' ./get -c /etc/pki/tls/cert.pem https://google.com crashes as well.
Looks like 205 packages in Fedora 25 require libsoup: ``` $ rpm -q --provides libsoup | cut -f 1 -d ' ' | xargs -I' ' sudo dnf repoquery --whatrequires ' ' | sort | uniq | wc -l 205 ``` potential blocker bug?
Ah, this is a conflict between ostree and gnutls. OSTree uses an mtime of zero for content in /usr/share. But: static time_t system_priority_last_mod = 0; static void _gnutls_update_system_priorities(void) { ... if (stat(system_priority_file, &sb) < 0) { _gnutls_debug_log("unable to access: %s: %d\n", system_priority_file, errno); return; } if (sb.st_mtime == system_priority_last_mod) { _gnutls_debug_log("system priority %s has not changed\n", system_priority_file); return; } So if the mtime starts out zero, we never read the file at all.
Testing this patch now: diff --git a/lib/priority.c b/lib/priority.c index 0d6b81e..bd4cf25 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -945,7 +945,8 @@ static void _gnutls_update_system_priorities(void) return; } - if (sb.st_mtime == system_priority_last_mod) { + if (system_priority_buf != NULL && + sb.st_mtime == system_priority_last_mod) { _gnutls_debug_log("system priority %s has not changed\n", system_priority_file); return;
https://gitlab.com/gnutls/gnutls/merge_requests/107
Worked for me to: ostree admin unlock rpm -Uvh https://fedorapeople.org/~walters/gnutls-3.5.5-2.atomic.0.fc25.x86_64.rpm systemctl restart rpm-ostreed
gnutls-3.5.5-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-9824a9f2ed
gnutls-3.5.5-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.