Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Git clone causes an "SSL error: syscall failure:" with a specific repo #2116

Open
chaoscode opened this issue Jul 31, 2024 · 5 comments
Open

Comments

@chaoscode
Copy link

chaoscode commented Jul 31, 2024

We are going to have to dump this library for this issue and move to using the cli instead. I figured I'd report this issue so maybe in the future someone can get around to fixing it. The issues has been reported before and have been open for over 4 years.

With a specific private repo, this error happens only on Alpine Linux in a container running as an ACA Job in Azure.
Authentication is being used (Personal Access Token) with the user of "default"

"[Message] SSL error: syscall failure: "

No other logging or error message.

Reproduction steps

This is extremely difficult to reproduce. I don't even know what it is about this specific repo that is causing the problem as other, repos owned by the same company using the same token, clone fine.

If I run locally in docker desktop, it does not crash. Everything else being equal.

I see others have reported the same issue and the bug has been open for years.

#1262

Running the same user/token and URL from the cli git client works without issues.

git clone https:{user}:{token}@github.com/path/to/repo

I'm doing some digging to see if I can get more info about why it's happening.

I was able to get a detailed stacktrace from the service.

        [Exception]: [07/31/2024 23:56:31]: (/_/LibGit2Sharp/Core/Ensure.cs):(154)
        [Exception]: [07/31/2024 23:56:31]: (/_/LibGit2Sharp/Core/Ensure.cs):(172)
        [Exception]: [07/31/2024 23:56:31]: (/_/LibGit2Sharp/Core/Proxy.cs):(278)
        [Exception]: [07/31/2024 23:56:31]: (/_/LibGit2Sharp/Repository.cs):(824)

at LibGit2Sharp.Core.Proxy.git_clone(String url, String workdir, GitCloneOptions& opts) in //LibGit2Sharp/Core/Proxy.cs:line 278
at LibGit2Sharp.Repository.Clone(String sourceUrl, String workdirPath, CloneOptions options) in /
/LibGit2Sharp/Repository.cs:line 824

Here is some feedback. The logging isn't very good in this function that's checking the response code from the code repository. If we could see the code that is being returned (and it doesn't seem to the HTTP OK) then we would have a better understanding about what the issue is.

This morning (8/1/2024) I implemented a cli version of git and it had no issues cloning from the ACA Job on the specific repo.

Expected behavior

The repo clones

Actual behavior

The library crashes

Version of LibGit2Sharp (release number or SHA1)

0.30

Operating system(s) tested; .NET runtime tested

Alpine Linux .NET 8.0

@chaoscode chaoscode changed the title Git clone causes an "SSL Error: Unknown" with a specific repo Git clone causes an "SSL error: syscall failure:" with a specific repo Jul 31, 2024
@ethomson
Copy link
Member

ethomson commented Aug 5, 2024

This is extremely difficult to reproduce. I don't even know what it is about this specific repo that is causing the problem as other, repos owned by the same company using the same token, clone fine.

This is in the same environment? To make sure that I understand: you have some app running as an Azure Container App in an Alpine container, and it generally works and can clone most repositories from dev.azure.com, but there's one repository that doesn't work. In addition, this app can clone all repositories locally, including the problematic one. Is that an accurate description?

If we could see the code that is being returned (and it doesn't seem to the HTTP OK) then we would have a better understanding about what the issue is.

This isn't an HTTP protocol level problem. It may be a TLS-level problem, though I suspect not; syscall failure is a messaging coming from OpenSSL. It's some interaction with OpenSSL and Alpine's libc or kernel.

What version of Alpine are you using? What version of OpenSSL? Can you share your Dockerfile?

@MattGal
Copy link

MattGal commented Aug 23, 2024

I have seen this problem reproduce across various different linux machines when calling lib2git via Rust's https://crates.io/crates/git2 wrapper. It's not 100% but it was bad enough to stop running on Linux.

The exact same code works as expected on Windows. If there's anything to try to work around this, I'd love to hear it.

@ethomson
Copy link
Member

Hi @MattGal - do you have any more details offhand?

Is it always the same repo or different repos? Has it ever happened with a public repo or always private? GitHub or somewhere else? Authenticated or anonymous?

@MattGal
Copy link

MattGal commented Aug 23, 2024

Is it always the same repo or different repos?

I hit this maintaining an app that pulls / pushes from ~30 distinct repos across GitHub / Azure Devops. There isn't any obvious correlation between specific repos hitting it but it does seem like, maybe, more changes being pushed leads to the problem happening more.

Has it ever happened with a public repo or always private? GitHub or somewhere else? Authenticated or anonymous?

  • This specific circumstance, and the only place I've seen this problem, is always private.
  • The problem reproduces on pushes to both GitHub and Azure Devops and doesn't seem to be more often in either side.
  • Since this is always private repos, it's always authenticated access.

@topin89
Copy link

topin89 commented Dec 6, 2024

We've got similar problem with C lib, libgit2, where all worked with local test repos (we're using phenompeople/bert-server ), but for large repos git clone from git-http-server always failed.

The problem was with too short timeouts. Both GIT_OPT_SET_SERVER_CONNECT_TIMEOUT and GIT_OPT_SET_SERVER_TIMEOUT was 1 second. When GIT_OPT_SET_SERVER_TIMEOUT was set to 20 seconds, the error disappeared.

Low quality connection can be the cause as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants