预计阅读时间: 5 分钟
最近一段时间发现手中的Debian机器在Git Clone的时候出现奇怪的错误,经过一番Google,最终发现是libcurl3-gnutls这个库的bug。
2021-10-01 Update: Buster-backports仍未修复此问题,但是Bullseye已经合入了新的版本,修复了此问题。
2021-06-19 Update: 修复补丁仍未合入backports中,问题的原因似乎是libcurl-guntls的TLSv1.3实现有问题。
2021-08-03 Update: Curl 7.76.1修复了此问题,但尚未合并进入Buster backports, Bullseye也未更新。
现象
在使用https协议进行git clone的时候,出现HTTP2报错
xxxxx$> git clone https://github.com/TechMinerApps/portier Cloning into 'portier'... fatal: unable to access 'https://github.com/TechMinerApps/portier/': Failed sending HTTP2 data
起初我以为和GitHub即将禁止Basic Auth的https操作有关,但是使用GIT_TRACE2=2 GIT_CURL_VERBOSE=1
进行调试的时候,发现是curl中的问题。
20:35:22.968833 http.c:756 == Info: Couldn't find host github.com in the .netrc file; using defaults 20:35:22.973819 http.c:756 == Info: Trying 192.30.255.113:443... 20:35:23.144791 http.c:756 == Info: Connected to github.com (192.30.255.113) port 443 (#0) 20:35:23.168789 http.c:756 == Info: found 411 certificates in /etc/ssl/certs 20:35:23.169022 http.c:756 == Info: ALPN, offering h2 20:35:23.169092 http.c:756 == Info: ALPN, offering http/1.1 20:35:23.341023 http.c:756 == Info: SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256 20:35:23.341674 http.c:756 == Info: server certificate verification OK 20:35:23.341682 http.c:756 == Info: server certificate status verification SKIPPED 20:35:23.341750 http.c:756 == Info: common name: github.com (matched) 20:35:23.341754 http.c:756 == Info: server certificate expiration date OK 20:35:23.341757 http.c:756 == Info: server certificate activation date OK 20:35:23.341763 http.c:756 == Info: certificate public key: EC/ECDSA 20:35:23.341766 http.c:756 == Info: certificate version: #3 20:35:23.341786 http.c:756 == Info: subject: C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=github.com 20:35:23.341791 http.c:756 == Info: start date: Thu, 25 Mar 2021 00:00:00 GMT 20:35:23.341795 http.c:756 == Info: expire date: Wed, 30 Mar 2022 23:59:59 GMT 20:35:23.341807 http.c:756 == Info: issuer: C=US,O=DigiCert\, Inc.,CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1 20:35:23.341818 http.c:756 == Info: ALPN, server accepted to use h2 20:35:23.341851 http.c:756 == Info: Using HTTP2, server supports multi-use 20:35:23.341853 http.c:756 == Info: Connection state changed (HTTP/2 confirmed) 20:35:23.341858 http.c:756 == Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 20:35:23.341866 http.c:756 == Info: Failed sending HTTP2 data 20:35:23.341873 http.c:756 == Info: Connection #0 to host github.com left intact
随即Google了一番后找到了Debian Bug Tracker中的一个提交 libcurl3-gnutls from debian backports breaks git http operations
原文如下,完全一模一样。
Package: libcurl3-gnutls Version: 7.74.0-1.2~bpo10+1 Severity: important |X-Debbugs-CC: |debian-backports@lists.debian.org After upgrading the Debian system from "backports" any git http operations (clone/fetch ...) has stopped working, bringing libcurl3-gnutls to the previous version (7.74.0-1.2~bpo10+1) fix the problem: Output of git command > git clone https://github.com/git/git Cloning into 'git'... fatal: unable to access 'https://github.com/git/git/': Failed sending HTTP2 data > -- apt-cache policy libcurl3-gnutls libcurl3-gnutls: Installato: 7.74.0-1.2~bpo10+1 Candidato: 7.74.0-1.2~bpo10+1 Tabella versione: *** 7.74.0-1.2~bpo10+1 100 100 https://deb.debian.org/debian buster-backports/main amd64 Packages 100 /var/lib/dpkg/status 7.64.0-4+deb10u2 500 500 https://deb.debian.org/debian-security buster/updates/main amd64 Packages 7.64.0-4+deb10u1 500 500 https://deb.debian.org/debian buster/main amd64 Packages -- Extra detailed informations: - Output of GIT_CURL_VERBOSE=1 GIT_TRACE2=1 git clone https://github.com/git/git 13:03:36.251941 common-main.c:48 version 2.29.2 13:03:36.251960 common-main.c:49 start git clone https://github.com/git/git 13:03:36.251981 git.c:445 cmd_name clone (clone) 13:03:36.252185 repository.c:130 worktree /tmp/gh/git Clone in 'git' in corso... 13:03:36.253276 run-command.c:735 child_start[0] git remote-https origin https://github.com/git/git 13:03:36.254468 common-main.c:48 version 2.29.2 13:03:36.254485 common-main.c:49 start /usr/lib/git-core/git remote-https origin https://github.com/git/git 13:03:36.254572 git.c:723 cmd_name _run_dashed_ (clone/_run_dashed_) 13:03:36.254586 run-command.c:735 child_start[0] git-remote-https origin https://github.com/git/git 13:03:36.259050 common-main.c:48 version 2.29.2 13:03:36.259065 common-main.c:49 start /usr/lib/git-core/git-remote-https origin https://github.com/git/git 13:03:36.259138 repository.c:130 worktree /tmp/gh 13:03:36.259176 remote-curl.c:1482 cmd_name remote-curl (clone/_run_dashed_/remote-curl) 13:03:36.259581 http.c:756 == Info: Couldn't find host github.com in the .netrc file; using defaults 13:03:36.469244 http.c:756 == Info: Trying 140.82.121.3:443... 13:03:36.520476 http.c:756 == Info: Connected to github.com (140.82.121.3) port 443 (#0) 13:03:36.544248 http.c:756 == Info: found 381 certificates in /etc/ssl/certs 13:03:36.544365 http.c:756 == Info: ALPN, offering h2 13:03:36.544371 http.c:756 == Info: ALPN, offering http/1.1 13:03:36.595957 http.c:756 == Info: SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256 13:03:36.596671 http.c:756 == Info: server certificate verification OK 13:03:36.596680 http.c:756 == Info: server certificate status verification SKIPPED 13:03:36.596778 http.c:756 == Info: common name: github.com (matched) 13:03:36.596786 http.c:756 == Info: server certificate expiration date OK 13:03:36.596790 http.c:756 == Info: server certificate activation date OK 13:03:36.596799 http.c:756 == Info: certificate public key: EC/ECDSA 13:03:36.596804 http.c:756 == Info: certificate version: #3 13:03:36.596838 http.c:756 == Info: subject: C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=github.com 13:03:36.596854 http.c:756 == Info: start date: Thu, 25 Mar 2021 00:00:00 GMT 13:03:36.596868 http.c:756 == Info: expire date: Wed, 30 Mar 2022 23:59:59 GMT 13:03:36.596884 http.c:756 == Info: issuer: C=US,O=DigiCert\, Inc.,CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1 13:03:36.596914 http.c:756 == Info: ALPN, server accepted to use h2 13:03:36.596955 http.c:756 == Info: Using HTTP2, server supports multi-use 13:03:36.596960 http.c:756 == Info: Connection state changed (HTTP/2 confirmed) 13:03:36.596974 http.c:756 == Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 13:03:36.596984 http.c:756 == Info: Failed sending HTTP2 data 13:03:36.596993 http.c:756 == Info: Connection #0 to host github.com left intact 13:03:36.597168 usage.c:64 error impossibile accedere a 'https://github.com/git/git/': Failed sending HTTP2 data fatal: impossibile accedere a 'https://github.com/git/git/': Failed sending HTTP2 data 13:03:36.597194 usage.c:68 exit elapsed:0.338490 code:128 13:03:36.597203 trace2/tr2_tgt_normal.c:123 atexit elapsed:0.338501 code:128 13:03:36.598095 run-command.c:990 child_exit[0] pid:179509 code:128 elapsed:0.343497 13:03:36.598114 git.c:745 exit elapsed:0.343919 code:128 13:03:36.598155 trace2/tr2_tgt_normal.c:123 atexit elapsed:0.343959 code:128 13:03:36.598389 transport-helper.c:581 exit elapsed:0.346748 code:128 13:03:36.598639 trace2/tr2_tgt_normal.c:123 atexit elapsed:0.347003 code:128
解决方法
既然是Debian官方源中的问题,那除了等官方解决以外,就只能降级这个库了。
降级到stable,也就是buster的命令如下。APT会自动降级有依赖关系的库,如libcurl4
2021-10-01 Update:Debian 11发布后Buster不再是Stable,因此在Debian 10遇到此问题需要降级到buster或者oldstable,推荐升级至Debian 11解决此问题。
# Downgrade command sudo apt reinstall libcurl3-gnutls/buster
执行了 sudo apt reinstall libcurl3-gnutls/stable 之后,还要安装什么吗
如果正常APT安装的Git,就不需要再安装什么了。
博主您好,执行命令后提示如下,有什么办法可以解决吗?
Release ‘stable’ for ‘libcurl3-gnutls’ was not found
可能是因为Debian11发布以后,Debian10也就是buster不再是stable了,所以配置的源中不存在stable这个release了。
Debian11中的版本已经修复了这个bug,可以尝试升级到11看看。
欸,Debian 的 curl 居然链接的是 gnutls 而不是 OpenSSL 欸