Unable to compile on current Vagrant environment


I just installed the Vagrant-lxc environment as described in https://doc.turris.cz/doc/en/howto/turris_os_build

$ make -j1 V=s

fails with the following error

make[3]: Entering directory `/openwrt/tools/boot-format'
mkdir -p /openwrt/dl
SHELL= flock /openwrt/tmp/.boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd.tar.gz.flock -c '        echo "Checking out files from the git repository..."; mkdir -p /openwrt/tmp/dl && cd /openwrt/tmp/dl && rm -rf boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd && [ \! -d boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd ] && git clone https://gitlab.labs.nic.cz/turris/boot-format.git boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd && (cd boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd && git checkout e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd && git submodule update --init --recursive) && echo "Packing checkout..." && rm -rf boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd/.git &&    tar czf /openwrt/tmp/dl/boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd.tar.gz boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd && mv /openwrt/tmp/dl/boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd.tar.gz /openwrt/dl/ && rm -rf boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd; '
Checking out files from the git repository...
Cloning into 'boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd'...
fatal: unable to access 'https://gitlab.labs.nic.cz/turris/boot-format.git/': gnutls_handshake() failed: Handshake failed
make[3]: *** [/openwrt/dl/boot-format-e9c6558e5905eff69e7da73814b1c4d9ed6dbcfd.tar.gz] Error 128
make[3]: Leaving directory `/openwrt/tools/boot-format'
make[2]: *** [tools/boot-format/compile] Error 2
make[2]: Leaving directory `/openwrt'
make[1]: *** [/openwrt/staging_dir/target-mips_34kc_uClibc-] Error 2
make[1]: Leaving directory `/openwrt'
make: *** [world] Error 2


$ git clone http://gitlab.labs.nic.cz/turris/boot-format.git

fails within the container, but works on my Ubuntu 19.04 host. I know it’s bad, but I tried the apt upgrade dance within the container without much success.
I ended up using the workaround at https://askubuntu.com/questions/186847/error-gnutls-handshake-failed-when-connecting-to-https-servers
For it to work, I had to:

  1. add deb-src to /etc/apt/sources.list
  2. install various packages in order to get the build process to succeed

Would it make sense to provide an image with a git not failing on TLS, or fix the https server?
For those interested, here is the git 1.9.1 I built that allowed me to perform the checkout. https://drive.google.com/open?id=1hK8m6Bzd6cYuapVLwla1k5xUl2T-xA__

Gitlab server TLS cipher suites were recently upgraded and restricted to strong ones (Support strong TLS cipher suites for gitlab.labs.nic.cz). I had advice Gitlab admins to put AES128 cipher suites back which should fix this problem

1 Like