When using ~amd64 system with current git and nss, git client hangs with any repository (i tried github and gentoo's gitweb). The log of connections is as follows: ------------------------------------------------------ GIT_CURL_VERBOSE=1 GIT_TRACE=1 git pull 13:38:51.303075 git.c:444 trace: built-in: git pull warning: Pulling without specifying how to reconcile divergent branches is discouraged. You can squelch this message by running one of the following commands sometime before your next pull: git config pull.rebase false # merge (the default strategy) git config pull.rebase true # rebase git config pull.ff only # fast-forward only You can replace "git config" with "git config --global" to set a default preference for all repositories. You can also pass --rebase, --no-rebase, or --ff-only on the command line to override the configured default per invocation. 13:38:51.303524 run-command.c:663 trace: run_command: git fetch --update-head-ok 13:38:51.305655 git.c:444 trace: built-in: git fetch --update-head-ok 13:38:51.317638 run-command.c:663 trace: run_command: GIT_DIR=.git git remote-http origin http://git.tinycorelinux.net/dCore-scripts 13:38:51.318642 git.c:729 trace: exec: git-remote-http origin http://git.tinycorelinux.net/dCore-scripts 13:38:51.318673 run-command.c:663 trace: run_command: git-remote-http origin http://git.tinycorelinux.net/dCore-scripts 13:38:51.332260 http.c:756 == Info: Couldn't find host git.tinycorelinux.net in the .netrc file; using defaults 13:38:51.483780 http.c:756 == Info: Trying 46.166.189.98:80... 13:38:51.515299 http.c:756 == Info: Connected to git.tinycorelinux.net (46.166.189.98) port 80 (#0) 13:38:51.515358 http.c:703 => Send header, 0000000245 bytes (0x000000f5) 13:38:51.515378 http.c:715 => Send header: GET /dCore-scripts/info/refs?service=git-upload-pack HTTP/1.1 13:38:51.515386 http.c:715 => Send header: Host: git.tinycorelinux.net 13:38:51.515391 http.c:715 => Send header: User-Agent: git/2.29.2 13:38:51.515397 http.c:715 => Send header: Accept: */* 13:38:51.515402 http.c:715 => Send header: Accept-Encoding: deflate, gzip, zstd 13:38:51.515409 http.c:715 => Send header: Accept-Language: pl-PL, *;q=0.9 13:38:51.515413 http.c:715 => Send header: Pragma: no-cache 13:38:51.515420 http.c:715 => Send header: Git-Protocol: version=2 13:38:51.515424 http.c:715 => Send header: 13:38:51.549256 http.c:756 == Info: Mark bundle as not supporting multiuse 13:38:51.549276 http.c:703 <= Recv header, 0000000032 bytes (0x00000020) 13:38:51.549283 http.c:715 <= Recv header: HTTP/1.1 302 Moved Temporarily 13:38:51.549290 http.c:703 <= Recv header, 0000000015 bytes (0x0000000f) 13:38:51.549294 http.c:715 <= Recv header: Server: nginx 13:38:51.549300 http.c:703 <= Recv header, 0000000037 bytes (0x00000025) 13:38:51.549305 http.c:715 <= Recv header: Date: Mon, 23 Nov 2020 13:15:27 GMT 13:38:51.549314 http.c:703 <= Recv header, 0000000040 bytes (0x00000028) 13:38:51.549320 http.c:715 <= Recv header: Content-Type: text/html; charset=UTF-8 13:38:51.549326 http.c:703 <= Recv header, 0000000028 bytes (0x0000001c) 13:38:51.549333 http.c:715 <= Recv header: Transfer-Encoding: chunked 13:38:51.549339 http.c:703 <= Recv header, 0000000024 bytes (0x00000018) 13:38:51.549345 http.c:715 <= Recv header: Connection: keep-alive 13:38:51.549353 http.c:703 <= Recv header, 0000000026 bytes (0x0000001a) 13:38:51.549359 http.c:715 <= Recv header: X-Powered-By: PHP/5.6.33 13:38:51.549368 http.c:703 <= Recv header, 0000000092 bytes (0x0000005c) 13:38:51.549380 http.c:715 <= Recv header: location: https://github.com/tinycorelinux/dCore-scripts/info/refs?service=git-upload-pack 13:38:51.549389 http.c:703 <= Recv header, 0000000002 bytes (0x00000002) 13:38:51.549393 http.c:715 <= Recv header: 13:38:51.549400 http.c:756 == Info: Ignoring the response-body 13:38:51.549417 http.c:756 == Info: Connection #0 to host git.tinycorelinux.net left intact 13:38:51.549444 http.c:756 == Info: Issue another request to this URL: 'https://github.com/tinycorelinux/dCore-scripts/info/refs?service=git-upload-pack' 13:38:51.549518 http.c:756 == Info: Couldn't find host github.com in the .netrc file; using defaults 13:38:51.573223 http.c:756 == Info: Trying 140.82.121.3:443... 13:38:51.600158 http.c:756 == Info: Connected to github.com (140.82.121.3) port 443 (#1) 13:38:51.600212 http.c:756 == Info: Initializing NSS with certpath: none 13:38:51.610545 http.c:756 == Info: CAfile: /etc/ssl/certs/ca-certificates.crt 13:38:51.610564 http.c:756 == Info: CApath: /etc/ssl/certs (it hangs here and nothing happens, i waited for 20 minutes) ------------------------------------------------------ Reproducible: Always Steps to Reproduce: 1. upgrade to nss-3.59 2. git is broken 3. downgrade to nss-3.58-r2 4. git works again eix -e nss [U] dev-libs/nss Available versions: 3.56^t 3.58-r2^t (~)3.59^t {cacert utils ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"} Installed versions: 3.58-r2^t(16:52:20 23.11.2020)(cacert -utils ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32") Homepage: https://www.mozilla.org/projects/security/pki/nss/ Description: Mozilla's Network Security Services library that implements PKI support [I] dev-vcs/git Available versions: 2.23.3^t 2.24.3^t 2.25.4^t 2.26.2^t (~)2.27.0^t (~)2.28.0^t (~)2.29.2^t **9999*l^t **9999-r1*l^t **9999-r2*l^t **9999-r3*l^t {+blksha1 cgi +curl cvs doc emacs gnome-keyring +gpg highlight +iconv libressl mediawiki mediawiki-experimental +nls +pcre +pcre-jit perforce +perl +ppcsha1 subversion test +threads tk +webdav xinetd PYTHON_SINGLE_TARGET="python3_6 python3_7 python3_8"} Installed versions: 2.29.2^t(16:55:47 23.11.2020)(blksha1 curl gpg iconv nls pcre pcre-jit perl subversion threads webdav -cgi -cvs -doc -emacs -gnome-keyring -highlight -libressl -mediawiki -mediawiki-experimental -perforce -ppcsha1 -test -tk -xinetd PYTHON_SINGLE_TARGET="python3_7 -python3_6 -python3_8") Homepage: https://www.git-scm.com/ Description: stupid content tracker: distributed VCS designed for speed and efficiency ------------------------------------
Please show output of `emerge --info net-misc/curl | tail -n 11`.
I've managed to reproduce: 1. CURL_SSL=nss USE="nss -openssl" emerge -1 curl 2. emerge -1 nss-pem 3. try a git pull (hangs indefinitely) Works if nss-pem isn't available. See also bug #743995 [ebuild R ] net-misc/curl-7.73.0::gentoo USE="ftp http2 idn nss progress-meter ssl zstd -adns -alt-svc -brotli -gnutls -gopher -imap -ipv6 -kerberos -ldap -libressl -mbedtls -metalink (-nghttp3) -openssl -pop3 -quiche -rtmp -samba -smtp -ssh -static-libs -telnet -test -tftp -threads (-winssl)" ABI_X86="(64) -32 (-x32)" CURL_SSL="nss -gnutls -libressl -mbedtls -openssl (-winssl)" 0 KiB
(In reply to Ionen Wolkens from comment #2) > I've managed to reproduce: Then again, in my case the logs end with: 14:16:53.501933 http.c:756 == Info: CApath: none 14:16:53.502073 http.c:756 == Info: loaded libnssckbi.so (hangs) Last line which I don't see in original report. Please provide info requested in comment #1 for comparison, and is nss-pem installed?
yes, it is installed, but it doesn't show up in the output. ------------------------------------- emerge --info output : USE="X acl alsa amd64 apng ayatana berkdb bzip2 cacert cairo cg chroma clang cli colormanagement crypt cryptsetup cups curl d3d9 dbus discogs djvu dri drm dvd egl expat experimental ffmpeg firmware flac fluidsynth fontconfig fortran ftp gdbm gif glamor gme gnuefi gphoto2 graphite gstreamer gstvideo gtk3 http2 ibus iconv idm infinality ipv6 javascript jemalloc jemallow jit joystick jpeg lame lastgenre libass libglvnd libguess libkms libnotify libsamplerate libtirpc lto luajit lz4 lzma lzo mad mercurial metalink mikmod minizip mmx mod modern-top modplug mp3 mpdstats mpg123 multilib musepack mutt ncurses nfsv41 nls nptl ogg opengl openmp opus outputs pam pcre pcre16 pcsx-rearmed pgo png postproc pulseaudio quvi raw readline s3tc sdl sdl2 seccomp secure-delete smartcard snes9x-next soundcloud split-usr sqlite squashfs sse sse2 ssl staging startup-notification svg system-sqlite systemd taglib tahoma tcpd theora threads truetype uchardet udev udisks unicode urandom vcd vdpau vhost-user-fs vim-syntax virt-network vitstab vorbis vpx vulkan vulkan-overlay wayland webp x264 x265 xattr xcb xkb xvid zlib zsh-completion zstd" ABI_X86="64 32" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" CURL_SSL="nss" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc efi-64" INPUT_DEVICES="libinput wacom" KERNEL="linux" L10N="pl en de es" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2 php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python3_7 python3_8 python3_9" RUBY_TARGETS="ruby26 ruby27 ruby25" USERLAND="GNU" VIDEO_CARDS="radeonsi amdgpu radeon r600" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= net-misc/curl-7.73.0::gentoo was built with the following: USE="ftp http2 imap ipv6 metalink openssl pop3 progress-meter smtp ssl tftp threads zstd -adns -alt-svc -brotli -gnutls -gopher -idn -kerberos -ldap -libressl -mbedtls (-nghttp3) -nss -quiche -rtmp -samba -ssh -static-libs -telnet -test (-winssl)" ABI_X86="32 (64) (-x32)" CURL_SSL="nss -gnutls -libressl -mbedtls -openssl (-winssl)" FEATURES="pid-sandbox usersandbox binpkg-docompress unmerge-orphans binpkg-dostrip usersync protect-owned sfperms unmerge-logs merge-sync unknown-features-warn ipc-sandbox distlocks preserve-libs parallel-install sandbox assume-digests strict network-sandbox binpkg-logs fixlafiles config-protect-if-modified qa-unresolved-soname-deps multilib-strict ebuild-locks userpriv news parallel-fetch userfetch"
Alright, I get the exact same output if I enable openssl too: 1. CURL_SSL=nss USE="nss openssl" emerge -1 curl 2. emerge -1 nss-pem 3. try a git pull with https (hangs indefinitely) [...] 14:56:04.559040 http.c:756 == Info: Connected to github.com (140.82.113.3) port 443 (#0) 14:56:04.559074 http.c:756 == Info: Initializing NSS with certpath: none 14:56:04.561977 http.c:756 == Info: CAfile: /etc/ssl/certs/ca-certificates.crt 14:56:04.561984 http.c:756 == Info: CApath: /etc/ssl/certs (is last line and hangs) I disabled openssl due to bug #743995 but seems the problem happens either way (just with 1 different line). I see you don't have USE=nss but that doesn't seem to affected anything here (also see bug #750752).
It's not git, cURL will have a problem again and git uses cURL.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3f2cba10c86d044abad85e9b00b539e365eca8f commit d3f2cba10c86d044abad85e9b00b539e365eca8f Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-12-01 16:53:52 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-12-01 16:56:36 +0000 dev-libs/nss: don't hold slot lock when taking session lock Closes: https://bugs.gentoo.org/756244 Package-Manager: Portage-3.0.10, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ...t-hold-slot-lock-when-taking-session-lock.patch | 93 ++++++++++++++++++++++ .../nss/{nss-3.59.ebuild => nss-3.59-r1.ebuild} | 1 + 2 files changed, 94 insertions(+)