Al intentar actualizar WordPress que se ejecuta en un entono chroot , envía un mensaje de error
Descarga fallida. cURL error 77.
Este mensaje indica que curl o la librería curl de php tiene un problema, particularmente con sitios que usan https.
Es un entorno chroot es necesario instalar todas las librerías de curl para establecer una conexión ssl.
Yo encontré este problema en WorPress dentro de un entorno chroot.
Solución de problema:
1. tratar de hacer una conexión manual usando curl.
curl -I -v https://google.com
[email protected]:~$ curl -I -v https://google.com
* About to connect() to google.com port 443 (#0)
* Trying 172.217.165.14...
* Connected to google.com (172.217.165.14) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* Closing connection 0
curl: (77) Problem with the SSL CA cert (path? access rights?)
2. La conexión manual falla con el mismo código de error.
3. Usando strace nos mustra que hay muchos archivos que faltan en el entorno chroot
strace curl -I -v https://google.com
open("/lib64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib64/tls/x86_64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7ffd39b8c9e0) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib64/x86_64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7ffd39b8c9e0) = -1 ENOENT (No such file or directory)
open("/lib64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/tls/x86_64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7ffd39b8c9e0) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/x86_64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64", 0x7ffd39b8c9e0) = -1 ENOENT (No such file or directory)
open("/usr/lib64/libfreeblpriv3.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
4. Copiar todas las librerías faltantes en el entorno chroot, en mi caso fueron todas estas:
/lib64/libfreeblpriv3.so
/lib64/libfreeblpriv3.so
/lib64/libfreeblpriv3.so
/lib64/tls/x86_64/libfreeblpriv3.so
/lib64/tls/libfreeblpriv3.so
/lib64/x86_64/libfreeblpriv3.so
/lib64/libfreeblpriv3.so
/usr/lib64/tls/x86_64/libfreeblpriv3.so
/usr/lib64/tls/libfreeblpriv3.so
/usr/lib64/x86_64/libfreeblpriv3.so
/usr/lib64/libfreeblpriv3.so
/lib64/libnsssysinit.so
/lib64/tls/libnsssysinit.so
/lib64/libnsssysinit.so
/usr/lib64/tls/libnsssysinit.so
/usr/lib64/libnsssysinit.so
/lib64/libfreeblpriv3.so
/lib64/libfreeblpriv3.so
/lib64/libfreeblpriv3.so
/lib64/tls/libfreeblpriv3.so
/lib64/libfreeblpriv3.so
/usr/lib64/tls/libfreeblpriv3.so
/usr/lib64/libfreeblpriv3.so
/lib64/libnsspem.so
5. Hacer una conexión manual con curl:
[[email protected] ~]$curl -I -v https://google.com
* About to connect() to google.com port 443 (#0)
* Trying 172.217.165.14...
* Connected to google.com (172.217.165.14) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
* start date: Oct 06 06:35:57 2020 GMT
* expire date: Dec 29 06:35:57 2020 GMT
* common name: *.google.com
* issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: google.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Mon, 02 Nov 2020 05:54:45 GMT
Date: Mon, 02 Nov 2020 05:54:45 GMT
< Expires: Wed, 02 Dec 2020 05:54:45 GMT
Expires: Wed, 02 Dec 2020 05:54:45 GMT
< Cache-Control: public, max-age=2592000
Cache-Control: public, max-age=2592000
< Server: gws
Server: gws
< Content-Length: 220
Content-Length: 220
< X-XSS-Protection: 0
X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Alt-Svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
6. Al final la copia, reiniciar el proceso php-fpm, con ello será posible hacer la actualización de WordPress.