依赖于https的curl、dnf等命令行工具无法正常工作
$ curl -vvv --insecure https://google.com
* Rebuilt URL to: https://google.com/
* Trying 172.217.29.14...
* TCP_NODELAY set
* Connected to google.com (172.217.29.14) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
dnf也卡住了:
[root@merov2 ~]# dnf update
Copr repo for alacritty owned by pschyska [=== ] --- B/s | 0 B --:-- ETA
使用 strace 运行上面的命令会得到以下结果(仅复制最后几行):
openat(AT_FDCWD, "/lib64/libnsspem.so", O_RDONLY|O_CLOEXEC) = 8
read(8, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P8\0\0\0\0\0\0"..., 832) = 832
fstat(8, {st_mode=S_IFREG|0755, st_size=197352, ...}) = 0
mmap(NULL, 189280, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 8, 0) = 0x7f52b1654000
mmap(0x7f52b1657000, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x3000) = 0x7f52b1657000
mmap(0x7f52b1673000, 57344, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x1f000) = 0x7f52b1673000
mmap(0x7f52b1681000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x2c000) = 0x7f52b1681000
close(8) = 0
mprotect(0x7f52b1681000, 4096, PROT_READ) = 0
munmap(0x7f52b1683000, 366361) = 0
brk(NULL) = 0xf1d000
brk(0xf3e000) = 0xf3e000
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 8
fcntl(8, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0
getpeername(8, 0x7fffae5fa7f0, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
write(2, "*", 1*) = 1
write(2, " ", 1 ) = 1
write(2, " CAfile: /etc/pki/tls/certs/ca-"..., 58 CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
) = 58
stat("/etc/pki/tls/certs/ca-bundle.crt", {st_mode=S_IFREG|0444, st_size=221322, ...}) = 0
futex(0xf152f0, FUTEX_WAIT_PRIVATE, 2, NULL
答案1
我使用的是从源代码构建的curl 7.60。升级到最新版本后,它又开始工作了。
使用fedora 32,因为dnf依赖于curl,所以我必须使用rpm来删除和升级软件包。