Ubuntu下 Git 克隆gnutls_handshake() failed的问题
巢权
在Ubuntu下git克隆的时候提示gnutls_handshake() failed,搜了一下解决方法有两种:
- 使用ssh证书克隆而不是通过https链接进行克隆,但是这样子模块在更新的时候还是会走https,所以有子模块的仓库不适用这个方法。(尝试修改
.gitsubmodule文件的子模块链接为git@github.com:xxxxxx仍然访问不正常,如果有成功的欢迎在下方留言。)
git clone git@github.com:xxxx/xxxxx.git
- 问题出在
gnutls模块,解决方案是从源码重新构建git安装包,将gnutls替换为openssl。github上有一个脚本(paul-nelson-baker/git-openssl-shellscript)可以完成这个操作。在gitee上也有同步脚本。
#建议先卸载自带的git,否则每次apt upgrade就会把自带的git又装回来
sudo apt remove git
完整脚本:
#!/usr/bin/env bash
set -e
# Gather command line options
for i in "$@"; do
case $i in
-skiptests|--skip-tests) # Skip tests portion of the build
SKIPTESTS=YES
shift
;;
-d=*|--build-dir=*) # Specify the directory to use for the build
BUILDDIR="${i#*=}"
shift
;;
-skipinstall|--skip-install) # Skip dpkg install
SKIPINSTALL=YES
;;
*)
#TODO Maybe define a help section?
;;
esac
done
# Use the specified build directory, or create a unique temporary directory
BUILDDIR=${BUILDDIR:-$(mktemp -d)}
echo "BUILD DIRECTORY USED: ${BUILDDIR}"
mkdir -p "${BUILDDIR}"
cd "${BUILDDIR}"
# Download the source tarball from GitHub
sudo apt update
sudo apt install curl -y
sudo apt-get install unzip
git_tarball_url="https://gitee.com$(curl -s -k https://gitee.com/mirrors/git/tags|grep -o 'href="/mirrors/git/repository/archive/.*"'|head -n1 |awk -F '"' '{print $2}' | tr -d '\n')"
echo "DOWNLOADING FROM: ${git_tarball_url}"
curl -s -k -L --retry 5 "${git_tarball_url}" --output "git-source.zip"
unzip -d "${BUILDDIR}" git-source.zip
cd "${BUILDDIR}/git"
# Source dependencies
# Don't use gnutls, this is the problem package.
sudo apt remove --purge libcurl4-gnutls-dev -y || true
# Using apt-get for these commands, they're not supported with the apt alias on 14.04 (but they may be on later systems)
sudo apt-get autoremove -y
sudo apt-get autoclean
# Meta-things for building on the end-user's machine
sudo apt install build-essential autoconf dh-autoreconf -y
# Things for the git itself
sudo apt install libcurl4-openssl-dev tcl-dev gettext asciidoc -y
sudo apt install libexpat1-dev libz-dev -y
# Build it!
make configure
# --prefix=/usr
# Set the prefix based on this decision tree: https://i.stack.imgur.com/BlpRb.png
# Not OS related, is software, not from package manager, has dependencies, and built from source => /usr
# --with-openssl
# Running ripgrep on configure shows that --with-openssl is set by default. Since this could change in the
# future we do it explicitly
./configure --prefix=/usr --with-openssl
make
if [[ "${SKIPTESTS}" != "YES" ]]; then
make test
fi
# Install
if [[ "${SKIPINSTALL}" != "YES" ]]; then
# If you have an apt managed version of git, remove it
if sudo apt remove --purge git -y; then
sudo apt-get autoremove -y
sudo apt-get autoclean
fi
# Install the version we just built
sudo make install #install-doc install-html install-info
echo "Make sure to refresh your shell!"
bash -c 'echo "$(which git) ($(git --version))"'
fi
类似资料: