-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pkg.init() fails with https: Name or service not known #17661
Comments
Don't think libcurl gives libgit2 the capability of using https, it needs to link to openssl for that. |
libcurl3-gnutls is linked to GNU TLS, hence the package name. I tried recompiling the libgit2 Debian package with libcurl3 linked against OpenSSL, but the error persists. |
based on my understanding libgit2 uses libcurl for proxy support, but not for https transport, so it might not matter what curl is built against. check the libgit2 feature flags like we do in our tests. |
currently, proxy is disabled in libgit2 build, because of libcurl is not an official dependency. Using system libs, if they built with |
Right, the issue here is this is the debian build where they're using system libraries for everything, and that system copy of libgit2 is not built directly against openssl (I think) so https isn't working. Report this to the debian libgit2 maintainer I'd say. They're welcome to try @wildart's patch set to link libgit2 against mbedtls if that's preferable to them from a license perspective, but I suspect they might not want to do that since it was declined upstream. Maybe you can package https://github.com/wildart/mbedtlsstream in debian. |
but #17471 will fix this for sure |
As a temporary non-recommended hack that should be removed as soon as possible, another option for debian packaging of 0.5.0 might be patching the default metadata url back to the |
Then #17471 is a release blocker for 0.5.0, at least from the point of Debian/Debian derivatives. Debian ships both libgit2 (without OpenSSL) and libmbedtls, but we cannot expect the libgit2 maintainer to add a patch that has not been accepted upstream; especially considering it is security-related. |
Not our fault that debian ships libgit2 without linking to openssl. That's the only supported way upstream with libgit2 that https can work on Linux right now. |
we can check libgit2 features and create appropriate urls for |
Makes sense. Maybe fall back to |
The reason libgit2 cannot be linked to OpenSSL is the license of the latter. Software linking to OpenSSL must include its advertising clause; this is incompatible with the GPL license of libgit2. The way around this is for the libgit2 authors to add an explicit linking exception for OpenSSL. |
git:// is very much deprecated at this point. Fortunately TLS is no longer considered optional nowadays. |
@tkelman yes |
Why not rewrite urls to use ssh instead for the debian distribution? |
I understand the constraints of the release schedule, but the package manager is an integral part of Julia. If #17471 is not feasible for 0.5.0, would it be for 0.5.1? |
Actually does debian link libgit2 with ssh support even? Our patch for the mbedtls crypto backend isn't upstream yet, so I suspect the answer may be no. |
yes, it does. see |
Ok, but until my patch to libssh that does not support encrypted ssh keys. |
#17471 would require libgit2 version bump cause PR still in review |
I've also pinged the libgit2 maintainers in libgit2/libgit2#3462 to reconsider including the support for mbedtls by default. Their reasoning for rejection was that they only want the support for whatever the platform-default crypto library is in-tree, but if Debian cannot link libgit2 with openssl due to license incompatibilities, then having the mbedtls support in-tree seems prudent for them. |
For short-term workarounds, is libressl in debian? That should theoretically be a drop-in replacement for most consumers of openssl, I believe, but I don't know whether libressl has finished excising the problematic GPL-incompatibly-licensed parts of openssl yet. The license compatibility issue is also open here as #10763, some interpretations say openssl is considered "part of the OS" so excepted from the GPL copyleft requirements, but I guess debian does not do it that way. |
@Keno Indeed, neither Debian nor any other distribution is able to distribute libgit2 linked to OpenSSL without violating the GPL due to OpenSSL’s advertising clause. Unfortunately libressl has not been packaged so far. Debian/Ubuntu have GnuTLS as an alternative though. |
I don't think libgit2 supports gnutls. edit: without writing external custom code / patches, similar to how Art has done for mbedtls |
From my own experience, it's not a big issue to support |
@petercolberg If you haven't seen already, note the discussion on that issue that the libgit2 maintainers believe linking against openssl should not be a problem. Could you contact the libgit2 maintainer or whoever is appropriate on the Debian side to see if we can figure this out? |
@Keno Yes, thank you for pointing me to the discussion. The libgit2 license includes a generalized linking exception; I will contact debian-legal to see if it applies to OpenSSL. |
Our libgit2 now uses curl so that we can support proxies as well. I suspect it is probably doing that on debian too. |
That wasn't the problem here. Debian likely needs to make a second separate libgit2 package that links against openssl for this. |
@petercolberg correct. I have git configured to automatically use |
I suspect that Debian will not package Julia linked to OpenSSL (even indirectly) unless Julia is built with |
Stale, please open at the Pkg.jl repo for further Pkg problems. |
Using julia 0.5.0-rc0 with libgit2 0.24.1 on Debian sid:
The libgit2 Debian package is built with libcurl3-gnutls 7.47.0.
The text was updated successfully, but these errors were encountered: