Hi team,
I was following the “Getting started” guide but neither “dfx start” nor "dfx upgrade " work and both issues seem to be related to SSL certs. Here are the details:
% dfx start
⠁ Starting up the client...
Mar 13 06:51:48.787 INFO Dfinity Replica Started
Mar 13 06:51:48.787 INFO Existing node ID: 6458706763448554563
thread 'main' panicked at 'Could not rename temporary file for port report: Os { code: 18, kind: Other, message: "Invalid cross-device link" }', src/libcore/result.rs:1165:5
⠋ Replica exited with exit code: 101
An error occured:
AgentError(
TimeoutWaitingForResponse,
)
Strace-ing the dfx start execution I figured out that it tries to load a missing cert file, then it fails:
open("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libressl-3.0.2-x86_64-unknown-linux-musl/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 10
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(10, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
epoll_ctl(3, EPOLL_CTL_ADD, 10, {EPOLLIN|EPOLLPRI|EPOLLOUT|EPOLLET, {u32=0, u64=0}}) = 0
epoll_pwait(3, [{EPOLLIN|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=0, u64=0}}], 1024, -1, NULL, 8) = 1
getsockopt(10, SOL_SOCKET, SO_ERROR, [ECONNREFUSED], [4]) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 10, 0x7ffe066bc928) = 0
close(10) = 0
nanosleep({tv_sec=0, tv_nsec=100000000}, Mar 13 06:45:13.731 INFO Dfinity Replica Started
Mar 13 06:45:13.731 INFO Existing node ID: 6458706763448554563
thread 'main' panicked at 'Could not rename temporary file for port report: Os { code: 18, kind: Other, message: "Invalid cross-device link" }', src/libcore/result.rs:1165:5
⠉ Checking client!
I also got the following error while trying the upgrade, somehow it cannot find the SSL certs even if I have both openssl and libressl implementations installed and all certificates are present in /etc/ssl/certs and /etc/libressl/certs
% dfx upgrade
Current version: 0.5.3
Fetching manifest https://sdk.dfinity.org/manifest.json
⠉ Checking for latest dfx version...
An error occured:
Reqwest(
Error(
Hyper(
Error(
Connect,
Custom {
kind: Other,
error: Ssl(
Error {
code: ErrorCode(
1,
),
cause: Some(
Ssl(
ErrorStack(
[
Error {
code: 335573126,
library: "SSL routines",
function: "CONNECT_CR_CERT",
reason: "certificate verify failed",
file: "/build/libressl-3.0.2/ssl/ssl_clnt.c",
line: 1121,
},
],
),
),
),
},
X509VerifyResult {
code: 20,
error: "unable to get local issuer certificate",
},
),
},
),
),
"https://sdk.dfinity.org/manifest.json",
),
)
DFX is a statically linked binary, I looked into it and there is a OPENSSLDIR variable that points to “/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libressl-3.0.2-x86_64-unknown-linux-musl/etc/ssl” but I could not find a way to overwrite and since I don’t have the dfx source code my debugging stops here.
My system is:
OS: Arch Linux x86_64
Host: 81LF Lenovo Legion Y7000P-1060
Kernel: 5.5.9-arch1-1
Shell: zsh 5.8