GNU bug report logs - #26948
'guix publish' file name decoding is locale-dependent

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: important; Reported by: Maxim Cournoyer <maxim.cournoyer@HIDDEN>; dated Tue, 16 May 2017 06:59:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 27 Jul 2017 12:55:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 27 08:55:28 2017
Received: from localhost ([127.0.0.1]:58058 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1daiK8-0000Ej-Cf
	for submit <at> debbugs.gnu.org; Thu, 27 Jul 2017 08:55:28 -0400
Received: from eggs.gnu.org ([208.118.235.92]:52221)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1daiK6-0000ER-GN
 for 26948 <at> debbugs.gnu.org; Thu, 27 Jul 2017 08:55:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1daiJx-0006Zv-H3
 for 26948 <at> debbugs.gnu.org; Thu, 27 Jul 2017 08:55:21 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58869)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1daiJx-0006Zp-F5; Thu, 27 Jul 2017 08:55:17 -0400
Received: from [193.50.110.224] (port=37822 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1daiJv-00052K-Df; Thu, 27 Jul 2017 08:55:16 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#26948: =?utf-8?B?4oCYd3JpdGUtZmlsZeKAmQ==?= output should
 not be locale-dependent
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87o9ucu1t3.fsf@HIDDEN> <87mv9wc9gp.fsf_-_@HIDDEN>
Date: Thu, 27 Jul 2017 14:55:13 +0200
In-Reply-To: <87mv9wc9gp.fsf_-_@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\?\=
 \=\?utf-8\?Q\?\=22's\?\= message of "Mon,
 29 May 2017 11:12:54 +0200")
Message-ID: <874lty3uq6.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

ludo@HIDDEN (Ludovic Court=C3=A8s) skribis:

> =E2=80=98guix publish=E2=80=99 uses the latter, so =E2=80=98guix publish=
=E2=80=99 is sensitive to locale
> settings, which is pretty bad.
>
> Guile currently does not allow us to specify whether/how file names
> should be decoded, but possible solutions have been discussed for 2.2.
>
> In the meantime, solutions are:
>
>   1. To run =E2=80=98guix publish=E2=80=99 in a UTF-8 locale, which appar=
ently was not
>      the case.

Commit 412701b0e5e073e6767eed162c14698db99df69c works around the problem
on GuixSD by running under a UTF-8 locale.

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.
Severity set to 'important' from 'normal' Request was from ludo@HIDDEN (Ludovic Courtès) to control <at> debbugs.gnu.org. Full text available.
Changed bug title to ''guix publish' file name decoding is locale-dependent' from 'gnutls errors on multiple guix commands' Request was from ludo@HIDDEN (Ludovic Courtès) to control <at> debbugs.gnu.org. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 16 Jun 2017 15:09:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 16 11:09:38 2017
Received: from localhost ([127.0.0.1]:51503 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dLssU-0001ct-2F
	for submit <at> debbugs.gnu.org; Fri, 16 Jun 2017 11:09:38 -0400
Received: from eggs.gnu.org ([208.118.235.92]:37485)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dLssS-0001ch-Nq
 for 26948 <at> debbugs.gnu.org; Fri, 16 Jun 2017 11:09:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dLssI-0002tD-Pz
 for 26948 <at> debbugs.gnu.org; Fri, 16 Jun 2017 11:09:31 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54542)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dLssI-0002t2-Lx; Fri, 16 Jun 2017 11:09:26 -0400
Received: from [193.50.110.101] (port=55514 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dLssH-0002LW-NS; Fri, 16 Jun 2017 11:09:26 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#26948: =?utf-8?B?4oCYd3JpdGUtZmlsZeKAmQ==?= output should
 not be locale-dependent
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87o9ucu1t3.fsf@HIDDEN> <87mv9wc9gp.fsf_-_@HIDDEN>
 <87h903s9mf.fsf@HIDDEN> <878tle7e1n.fsf@HIDDEN>
Date: Fri, 16 Jun 2017 17:09:23 +0200
In-Reply-To: <878tle7e1n.fsf@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Tue, 30 May 2017 13:57:24 +0200")
Message-ID: <874lvgdl5o.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -3.4 (---)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.4 (---)

ludo@HIDDEN (Ludovic Court=C3=A8s) skribis:

>>From e7f464bac58e1f09de5ceb194c4a30f6d899b29a Mon Sep 17 00:00:00 2001
> From: =3D?UTF-8?q?Ludovic=3D20Court=3DC3=3DA8s?=3D <ludo@HIDDEN>
> Date: Tue, 30 May 2017 12:03:54 +0200
> Subject: [PATCH] syscalls: Add 'scandir/utf-8'.
>
> * guix/build/syscalls.scm (%struct-dirent-header): New C struct.
> (opendir/utf-8, closedir/utf-8, readdir/utf-8, scandir/utf-8): New
> procedures.
> * tests/syscalls.scm ("scandir/utf-8, ENOENT")
> ("scandir/utf-8, ASCII file names")
> ("scandir/utf8, UTF-8 file names"): New tests.

For unrelated reasons, I pushed an improved variant of this patch as
fa73c1937364872560c509f02b3d7648a5bed006.

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 30 May 2017 11:57:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 30 07:57:40 2017
Received: from localhost ([127.0.0.1]:44238 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFfmN-0000DX-Hl
	for submit <at> debbugs.gnu.org; Tue, 30 May 2017 07:57:40 -0400
Received: from eggs.gnu.org ([208.118.235.92]:55896)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFfmL-0000DJ-6d
 for 26948 <at> debbugs.gnu.org; Tue, 30 May 2017 07:57:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFfmC-0006rO-Ss
 for 26948 <at> debbugs.gnu.org; Tue, 30 May 2017 07:57:32 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47398)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFfmC-0006rJ-N2; Tue, 30 May 2017 07:57:28 -0400
Received: from [193.50.110.69] (port=54562 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFfmC-0006jp-0L; Tue, 30 May 2017 07:57:28 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: =?utf-8?B?4oCYd3JpdGUtZmlsZeKAmQ==?= output should not be
 locale-dependent
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87o9ucu1t3.fsf@HIDDEN> <87mv9wc9gp.fsf_-_@HIDDEN>
 <87h903s9mf.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 11 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Tue, 30 May 2017 13:57:24 +0200
In-Reply-To: <87h903s9mf.fsf@HIDDEN> (Maxim Cournoyer's message of "Mon, 29
 May 2017 13:15:04 -0700")
Message-ID: <878tle7e1n.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:

> ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

[...]

>> But wait!  =E2=80=9Cguix build nss-certs --check -K=E2=80=9D fails, and =
the diff is:
>>
>> $ LANGUAGE=3D diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-c=
erts-3.30.2{,-check}
>> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-che=
ck/etc/ssl/certs: AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.82.147.123.=
224.21.227.87.240.105.140.203.236.12.pem
>> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc=
/ssl/certs: AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.24=
0.105.140.203.236.12.pem
>> diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/et=
c/ssl/certs/ae8153b9.0 /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-cert=
s-3.30.2-check/etc/ssl/certs/ae8153b9.0
>> --- /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl=
/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
>> +++ /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/e=
tc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
>> @@ -3,10 +3,10 @@
>>  # distrust=3D
>>  # openssl-trust=3DcodeSigning emailProtection serverAuth
>>  -----BEGIN CERTIFICATE-----
>> -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
>> +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW
>
> Can this be explained by locale alone? That is troubling.

Yes it=E2=80=99s troubling, it deserves more investigation.

>> There are two ways to create nars.  One is via the =E2=80=98export-paths=
=E2=80=99 RPC
>> (implemented in the daemon in C++), which does not interpret file names
>> and thus leaves them untouched.  The other one is via =E2=80=98write-fil=
e=E2=80=99 from
>> (guix serialization), which is written in Scheme and thus converts file
>> names from locale encoding (specifically, =E2=80=98scandir=E2=80=99 does=
 that.)
>>
>> =E2=80=98guix publish=E2=80=99 uses the latter, so =E2=80=98guix publish=
=E2=80=99 is sensitive to locale
>> settings, which is pretty bad.
>>
>> Guile currently does not allow us to specify whether/how file names
>> should be decoded, but possible solutions have been discussed for 2.2.
>>
>> In the meantime, solutions are:
>>
>>   1. To run =E2=80=98guix publish=E2=80=99 in a UTF-8 locale, which appa=
rently was not
>>      the case.
>
> I'm surprised by that. Wouldn't a utf8 locale be the default?

Users are free to choose their favorite locale.  Also, on a foreign
distro where locales are not properly set up, you end up in the C locale
with US-ASCII encoding (as was the case here).

>>   2. Add to (guix build syscalls) a separate locale-independent
>>      =E2=80=98scandir=E2=80=99 implementation and use that.
>
> If the general solution is to fix it in Guile, the workaround proposed
> in 1. seems preferable.

I implemented =E2=80=98scandir/utf-8=E2=80=99 and used that in =E2=80=98wri=
te-file=E2=80=99 (patches
attached).  Unfortunately that=E2=80=99s not enough since libguile procedur=
es
like =E2=80=98open-file=E2=80=99 still do locale-dependent conversion, so w=
e=E2=80=99d need to
duplicate those as well, which is not great.

But on second thought, I think the problem is not in the =E2=80=98write-fil=
e=E2=80=99
call that =E2=80=98guix publish=E2=80=99 makes: if it were, =E2=80=98scandi=
r=E2=80=99 would return bogus
file names (with question marks), but then trying to open them would
fail, so =E2=80=98write-file=E2=80=99 wouldn=E2=80=99t produce a bogus nar.

So I think the culprit is =E2=80=98restore-file-set=E2=80=99 (used in =E2=
=80=98guix offload=E2=80=99
when retrieving store items from a build machine): this one reads file
names as UTF-8, via =E2=80=98read-store-path=E2=80=99, but then when it tri=
es to create
those files using Guile=E2=80=99s primitives, their names can be be convert=
ed,
possibly with those question marks popping up.  Here =E2=80=98restore-file-=
set=E2=80=99
can=E2=80=99t notice that Guile changed the file names behind its back.

The short-term fix is to ensure guix-daemon itself runs in a UTF-8
locale.  :-/

I=E2=80=99ve restarted guix-daemon and =E2=80=98guix publish=E2=80=99 in a =
UTF-8 locale on
hydra.gnu.org.

Thanks,
Ludo=E2=80=99.



--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline; filename=0001-syscalls-Add-scandir-utf-8.patch
Content-Transfer-Encoding: quoted-printable
Content-Description: the patch

From e7f464bac58e1f09de5ceb194c4a30f6d899b29a Mon Sep 17 00:00:00 2001
From: =3D?UTF-8?q?Ludovic=3D20Court=3DC3=3DA8s?=3D <ludo@HIDDEN>
Date: Tue, 30 May 2017 12:03:54 +0200
Subject: [PATCH] syscalls: Add 'scandir/utf-8'.

* guix/build/syscalls.scm (%struct-dirent-header): New C struct.
(opendir/utf-8, closedir/utf-8, readdir/utf-8, scandir/utf-8): New
procedures.
* tests/syscalls.scm ("scandir/utf-8, ENOENT")
("scandir/utf-8, ASCII file names")
("scandir/utf8, UTF-8 file names"): New tests.
---
 guix/build/syscalls.scm | 73 +++++++++++++++++++++++++++++++++++++++++++++=
++++
 tests/syscalls.scm      | 39 ++++++++++++++++++++++++++
 2 files changed, 112 insertions(+)

diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 52439afd4..cfb43e93b 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -67,6 +67,7 @@
             mkdtemp!
             fdatasync
             pivot-root
+            scandir/utf-8
             fcntl-flock
=20
             set-thread-name
@@ -812,6 +813,78 @@ system to PUT-OLD."
=20
 
 ;;;
+;;; Opendir & co.
+;;;
+
+(define-c-struct %struct-dirent-header
+  sizeof-dirent-header
+  list
+  read-dirent-header
+  write-dirent-header!
+  (inode  int64)
+  (offset int64)
+  (length unsigned-short)
+  (type   uint8)
+  (name   uint8))                                 ;first byte of 'd_name'
+
+(define opendir/utf-8
+  (let ((proc (syscall->procedure '* "opendir" '(*))))
+    (lambda (name)
+      (let-values (((ptr err)
+                    (proc (string->pointer name "UTF-8"))))
+        (if (null-pointer? ptr)
+            (throw 'system-error "opendir/utf-8"
+                   "opendir/utf-8: ~A"
+                   (list (strerror err))
+                   (list err))
+            ptr)))))
+
+(define closedir/utf-8
+  (let ((proc (syscall->procedure int "closedir" '(*))))
+    (lambda (directory)
+      (let-values (((ret err)
+                    (proc directory)))
+        (unless (zero? ret)
+          (throw 'system-error "closedir"
+                 "closedir: ~A" (list (strerror err))
+                 (list err)))))))
+
+(define readdir/utf-8
+  (let ((proc (syscall->procedure '* "readdir64" '(*))))
+    (lambda (directory)
+      (let ((ptr (proc directory)))
+        (and (not (null-pointer? ptr))
+             (pointer->string
+              (make-pointer (+ (pointer-address ptr)
+                               (c-struct-field-offset %struct-dirent-heade=
r name)))
+              -1
+              "UTF-8"))))))
+
+(define* (scandir/utf-8 name #:optional
+                        (select? (const #t))
+                        (string<? string<?))
+  "Like 'scandir', but (1) systematically decode file names as UTF-8, and =
(2)
+raise to 'system-error' when NAME cannot be opened.
+
+This works around a defect in Guile 2.0/2.2 where 'scandir' decodes file n=
ames
+according to the current locale, which is not always desirable."
+  (let ((directory (opendir/utf-8 name)))
+    (dynamic-wind
+      (const #t)
+      (lambda ()
+        (let loop ((result '()))
+          (match (readdir/utf-8 directory)
+            (#f
+             (sort result string<?))
+            (entry
+             (loop (if (select? entry)
+                       (cons entry result)
+                       result))))))
+      (lambda ()
+        (closedir/utf-8 directory)))))
+
+
+;;;
 ;;; Advisory file locking.
 ;;;
=20
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index e20f0600b..02062ec9d 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -24,6 +24,8 @@
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-64)
+  #:use-module (system foreign)
+  #:use-module ((ice-9 ftw) #:select (scandir))
   #:use-module (ice-9 match))
=20
 ;; Test the (guix build syscalls) module, although there's not much that c=
an
@@ -184,6 +186,43 @@
                          (status:exit-val status))))
                (eq? #t result))))))))
=20
+(test-equal "scandir/utf-8, ENOENT"
+  ENOENT
+  (catch 'system-error
+    (lambda ()
+      (scandir/utf-8 "/does/not/exist"))
+    (lambda args
+      (system-error-errno args))))
+
+(test-equal "scandir/utf-8, ASCII file names"
+  (scandir (dirname (search-path %load-path "guix/base32.scm")))
+  (scandir/utf-8 (dirname (search-path %load-path "guix/base32.scm"))))
+
+(test-equal "scandir/utf8, UTF-8 file names"
+  '("." ".." "=CE=B1" "=CE=BB")
+  (call-with-temporary-directory
+   (lambda (directory)
+     ;; Wrap 'creat' to make sure that we really pass a UTF-8-encoded file
+     ;; name to the system call.
+     (let ((creat (pointer->procedure int
+                                      (dynamic-func "creat" (dynamic-link))
+                                      (list '* int))))
+       (creat (string->pointer (string-append directory "/=CE=B1")
+                               "UTF-8")
+              #o644)
+       (creat (string->pointer (string-append directory "/=CE=BB")
+                               "UTF-8")
+              #o644)
+       (let ((locale (setlocale LC_ALL)))
+         (dynamic-wind
+           (lambda ()
+             ;; Make sure that even in a C locale we get the right result.
+             (setlocale LC_ALL "C"))
+           (lambda ()
+             (scandir/utf-8 directory))
+           (lambda ()
+             (setlocale LC_ALL locale))))))))
+
 (false-if-exception (delete-file temp-file))
 (test-equal "fcntl-flock wait"
   42                                              ; the child's exit status
--=20
2.13.0


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

diff --git a/guix/serialization.scm b/guix/serialization.scm
index e6ae2fc30..77a54f904 100644
--- a/guix/serialization.scm
+++ b/guix/serialization.scm
@@ -18,6 +18,8 @@
=20
 (define-module (guix serialization)
   #:use-module (guix combinators)
+  #:use-module ((guix build syscalls)
+                #:select (scandir/utf-8))
   #:use-module (rnrs bytevectors)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
@@ -285,8 +287,11 @@ result of 'lstat'; exclude entries for which SELECT? d=
oes not return true."
               ;; 'scandir' defaults to 'string-locale<?' to sort files, but
               ;; this happens to be case-insensitive (at least in 'en_US'
               ;; locale on libc 2.18.)  Conversely, we want files to be
-              ;; sorted in a case-sensitive fashion.
-              (scandir f (negate (cut member <> '("." ".."))) string<?)))
+              ;; sorted in a case-sensitive fashion.  Also, always decode =
file
+              ;; names as UTF-8.
+              (scandir/utf-8
+               f (negate (cut member <> '("." "..")))
+                             string<?)))
          (for-each (lambda (e)
                      (let* ((f (string-append f "/" e))
                             (s (lstat f)))
diff --git a/tests/nar.scm b/tests/nar.scm
index 61646db96..d2eae65c4 100644
--- a/tests/nar.scm
+++ b/tests/nar.scm
@@ -25,6 +25,8 @@
                 #:select (open-sha256-port open-sha256-input-port))
   #:use-module ((guix packages)
                 #:select (base32))
+  #:use-module ((guix utils)
+                #:select (call-with-temporary-directory))
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
   #:use-module (srfi srfi-1)
@@ -272,6 +274,36 @@
       (lambda ()
         (rmdir input)))))
=20
+(unless (equal? "UTF-8" (fluid-ref %default-port-encoding))
+  (test-skip 1))
+(test-assert "write-file + restore-file, UTF-8 file names"
+  (let* ((output %test-dir)
+         (nar    (string-append output ".nar"))
+         (locale (setlocale LC_ALL)))
+    (dynamic-wind
+      (lambda () #t)
+      (lambda ()
+        (call-with-temporary-directory
+         (lambda (input)
+           (call-with-output-file (string-append input "/=CE=B1")
+             (const #t))
+           (call-with-output-file (string-append input "/=CE=BB")
+             (const #t))
+           (dynamic-wind
+             (const #f)
+             (lambda ()
+               (setlocale LC_ALL "C")
+               (call-with-output-file nar
+                 (cut write-file input <>)))
+             (lambda ()
+               (setlocale LC_ALL locale)))
+           (call-with-input-file nar
+             (cut restore-file <> output))
+           (file-tree-equal? input output))))
+      (lambda ()
+        (false-if-exception (delete-file nar))
+        (false-if-exception (rm-rf output))))))
+
 ;; 'restore-file-set' depends on 'open-sha256-input-port', which in turn
 ;; relies on a Guile 2.0.10+ feature.
 (test-skip (if (false-if-exception

--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 30 May 2017 11:25:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 30 07:25:58 2017
Received: from localhost ([127.0.0.1]:44199 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFfHg-00068P-Kh
	for submit <at> debbugs.gnu.org; Tue, 30 May 2017 07:25:56 -0400
Received: from eggs.gnu.org ([208.118.235.92]:49491)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFfHe-00068C-35
 for 26948 <at> debbugs.gnu.org; Tue, 30 May 2017 07:25:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFfHU-0006Y7-5j
 for 26948 <at> debbugs.gnu.org; Tue, 30 May 2017 07:25:48 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47079)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFfHU-0006Y3-2d; Tue, 30 May 2017 07:25:44 -0400
Received: from [193.50.110.69] (port=54546 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFfHT-0007Vs-Cl; Tue, 30 May 2017 07:25:43 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Mark H Weaver <mhw@HIDDEN>
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87poes25dw.fsf@HIDDEN> <87a85wc8li.fsf@HIDDEN>
 <87a85v1hik.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 11 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Tue, 30 May 2017 13:25:40 +0200
In-Reply-To: <87a85v1hik.fsf@HIDDEN> (Mark H. Weaver's message of "Mon, 29
 May 2017 17:26:43 -0400")
Message-ID: <87bmqa8u2z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hi Mark,

Mark H Weaver <mhw@HIDDEN> skribis:

>> In the meantime we can work around it this way:
>>
>> diff --git a/guix/build/download.scm b/guix/build/download.scm
>> index ce4708a87..6ef623334 100644
>> --- a/guix/build/download.scm
>> +++ b/guix/build/download.scm
>> @@ -296,6 +296,13 @@ session record port using PORT as its underlying co=
mmunication port."
>>    (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
>>                        (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
>>=20=20
>> +(define (set-certificate-credentials-x509-trust-file!* cred file format)
>> +  "Like 'set-certificate-credentials-x509-trust-file!', but without the=
 file
>> +name decoding bug described at
>> +<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D26948#17>."
>> +  (let ((data (call-with-input-file file get-bytevector-all)))
>> +    (set-certificate-credentials-x509-trust-data! cred data format)))
>> +
>>  (define (make-credendials-with-ca-trust-files directory)
>>    "Return certificate credentials with X.509 authority certificates rea=
d from
>>  DIRECTORY.  Those authority certificates are checked when
>> @@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked=
 when
>>                  (let ((file (string-append directory "/" file)))
>>                    ;; Protect against dangling symlinks.
>>                    (when (file-exists? file)
>> -                    (set-certificate-credentials-x509-trust-file!
>> +                    (set-certificate-credentials-x509-trust-file!*
>>                       cred file
>>                       x509-certificate-format/pem))))
>>                (or files '()))
>>
>>
>> WDYT?  I=E2=80=99ll commit it if that=E2=80=99s fine with you.
>
> I'm not sufficiently familiar with GnuTLS to properly review this, but I
> trust your judgement.

Pushed as 27fd13c3c2701204f48fe0012438edbb91957dfc.

Thanks,
Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 29 May 2017 21:27:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 29 17:27:05 2017
Received: from localhost ([127.0.0.1]:43881 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFSBs-0003Rp-RL
	for submit <at> debbugs.gnu.org; Mon, 29 May 2017 17:27:05 -0400
Received: from world.peace.net ([50.252.239.5]:56467)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1dFSBq-0003RH-Cl
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 17:27:02 -0400
Received: from pool-72-93-28-22.bstnma.east.verizon.net ([72.93.28.22]
 helo=jojen)
 by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <mhw@HIDDEN>)
 id 1dFSBj-0000Tq-UX; Mon, 29 May 2017 17:26:56 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87poes25dw.fsf@HIDDEN> <87a85wc8li.fsf@HIDDEN>
Date: Mon, 29 May 2017 17:26:43 -0400
In-Reply-To: <87a85wc8li.fsf@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Mon, 29 May 2017 11:31:37 +0200")
Message-ID: <87a85v1hik.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Hi Ludovic,

ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

> Mark H Weaver <mhw@HIDDEN> skribis:
>
>> This reminds me of a bug that I found in the Guile binding in GnuTLS a
>> while ago, but forgot to report.  Maybe it's related:
>>
>> In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:
>>
>>   static unsigned int
>>   set_certificate_file (certificate_set_file_function_t set_file,
>>                         SCM cred, SCM file, SCM format, const char *func=
_name)
>>   #define FUNC_NAME func_name
>>   {
>>     int err;
>>     char *c_file;
>>     size_t c_file_len;
>>=20=20=20
>>     gnutls_certificate_credentials_t c_cred;
>>     gnutls_x509_crt_fmt_t c_format;
>>=20=20=20
>>     c_cred =3D scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME=
);
>>     SCM_VALIDATE_STRING (2, file);
>>     c_format =3D scm_to_gnutls_x509_certificate_format (format, 3, FUNC_=
NAME);
>>=20=20=20
>>     c_file_len =3D scm_c_string_length (file);
>>     c_file =3D alloca (c_file_len + 1);
>>=20=20=20
>>     (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
>>     c_file[c_file_len] =3D '\0';
>>=20=20=20
>>     err =3D set_file (c_cred, c_file, c_format);
>>     if (EXPECT_FALSE (err < 0))
>>       scm_gnutls_error (err, FUNC_NAME);
>>=20=20=20
>>     /* Return the number of certificates processed.  */
>>     return ((unsigned int) err);
>>   }
>>
>> 'scm_c_string_length' is inappropriately assumed to return the length
>> of the encoded C string in bytes, whereas it actually returns the
>> number of characters (code points).
>
> This is terrible!  WDYT of this:
>
> diff --git a/guile/src/core.c b/guile/src/core.c
> index 605c91f7a..38d573fa9 100644
> --- a/guile/src/core.c
> +++ b/guile/src/core.c
> @@ -1,5 +1,5 @@
>  /* GnuTLS --- Guile bindings for GnuTLS.
> -   Copyright (C) 2007-2014, 2016 Free Software Foundation, Inc.
> +   Copyright (C) 2007-2014, 2016-2017 Free Software Foundation, Inc.
>=20=20
>     GnuTLS is free software; you can redistribute it and/or
>     modify it under the terms of the GNU Lesser General Public
> @@ -1428,22 +1428,19 @@ set_certificate_file (certificate_set_file_functi=
on_t set_file,
>  {
>    int err;
>    char *c_file;
> -  size_t c_file_len;
>=20=20
>    gnutls_certificate_credentials_t c_cred;
>    gnutls_x509_crt_fmt_t c_format;
>=20=20
>    c_cred =3D scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>    SCM_VALIDATE_STRING (2, file);
> -  c_format =3D scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NA=
ME);
> -
> -  c_file_len =3D scm_c_string_length (file);
> -  c_file =3D alloca (c_file_len + 1);
>=20=20
> -  (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
> -  c_file[c_file_len] =3D '\0';
> +  c_format =3D scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NA=
ME);
> +  c_file =3D scm_to_locale_string (file);
>=20=20
>    err =3D set_file (c_cred, c_file, c_format);
> +  free (c_file);
> +
>    if (EXPECT_FALSE (err < 0))
>      scm_gnutls_error (err, FUNC_NAME);
>=20=20

Looks good to me.  In the case when a UTF-8 locale is active, and where
Guile 2.0.12 or later is available, we could use
'scm_c_string_utf8_length' to find the length in bytes, but optimizing
that case is probably not worth the extra code complexity.

> Unfortunately there=E2=80=99s a dozen of places in core.c that use this i=
diom
> and would need to be fixed (it=E2=80=99s pre-2.0 code I think).

Bummer.

> In the meantime we can work around it this way:
>
> diff --git a/guix/build/download.scm b/guix/build/download.scm
> index ce4708a87..6ef623334 100644
> --- a/guix/build/download.scm
> +++ b/guix/build/download.scm
> @@ -296,6 +296,13 @@ session record port using PORT as its underlying com=
munication port."
>    (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
>                        (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
>=20=20
> +(define (set-certificate-credentials-x509-trust-file!* cred file format)
> +  "Like 'set-certificate-credentials-x509-trust-file!', but without the =
file
> +name decoding bug described at
> +<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D26948#17>."
> +  (let ((data (call-with-input-file file get-bytevector-all)))
> +    (set-certificate-credentials-x509-trust-data! cred data format)))
> +
>  (define (make-credendials-with-ca-trust-files directory)
>    "Return certificate credentials with X.509 authority certificates read=
 from
>  DIRECTORY.  Those authority certificates are checked when
> @@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked =
when
>                  (let ((file (string-append directory "/" file)))
>                    ;; Protect against dangling symlinks.
>                    (when (file-exists? file)
> -                    (set-certificate-credentials-x509-trust-file!
> +                    (set-certificate-credentials-x509-trust-file!*
>                       cred file
>                       x509-certificate-format/pem))))
>                (or files '()))
>
>
> WDYT?  I=E2=80=99ll commit it if that=E2=80=99s fine with you.

I'm not sufficiently familiar with GnuTLS to properly review this, but I
trust your judgement.

     Thanks!
       Mark




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 29 May 2017 20:15:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 29 16:15:14 2017
Received: from localhost ([127.0.0.1]:43814 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFR4M-0006kG-6M
	for submit <at> debbugs.gnu.org; Mon, 29 May 2017 16:15:14 -0400
Received: from mail-pf0-f181.google.com ([209.85.192.181]:34238)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dFR4K-0006dN-Gj
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 16:15:13 -0400
Received: by mail-pf0-f181.google.com with SMTP id 9so52669260pfj.1
 for <26948 <at> debbugs.gnu.org>; Mon, 29 May 2017 13:15:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=jp85q8oIMkSZFXKyLmP8M6F0LS5LaU/d5lCdPx9lBkI=;
 b=cI9Pjf+i9s2mPrn8WubqtCc2MJ/FJYEDkOy3XymardLJaLIc4z4YhKq/Cp+Wo9wucp
 caa2SB94KCiA3ZtSxssusvk02bH2tKeAKUO54c9J2oC8UJREcggVO+36lbhEvbNqDX+q
 MyaK+r4J5oeWtClIST5zxXezm0i3zJrLs/07/5wlyxUtOWoVsEHf1t0Asod5eAs7ATLh
 HCq4E6uzF4wURvMhjJ87NoZqFxciAi6isd0foOOK/mh7q+eqDQzSfuf3bwKLOJHChJmL
 P1bHqS76Ztju1RAxKln1S+Vt5K8dbXWP0bt5U40leQdtxvaM8prdQqfi1+lKd9YDRdWN
 5yuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version:content-transfer-encoding;
 bh=jp85q8oIMkSZFXKyLmP8M6F0LS5LaU/d5lCdPx9lBkI=;
 b=c3vtKnwu8+lAuvQneKl9D7Vz+gs7DB2W+KKsmVI99fLsUk8UvZ7a1FOxFyjbJTD5/3
 KCu/TgaEcND6NSvZsBuO/0os/W4y4/UuurbXFk7oHRBEYFNrqQ6IdYFV0+P9xg8yq7ta
 A5BIyF2u8qFEs2xk92aEQ4Sr4U9M6aLmfFHyKaqNswzJk7A3OWnipP8vCkeL+qd9hMpJ
 XPIEzvdBiJTwFN07Sq74BYVBuVQ1q0ITEC7ndiNOwcC1RpxmCRpfScj6VCG34Xe53CwT
 O9NQvE/+43krTFwVmq6T6fOjTjy6GGMmGRvQKYdez3yICy7z04dNWncpowCKhIf7Vaj1
 EC/A==
X-Gm-Message-State: AODbwcBLo/8ix2vbBkHSQX/E6kXauFVSVLmBBVjksjmThLIUuNgPQtuv
 vLakMSZxWEOOM0LMZZA=
X-Received: by 10.101.86.67 with SMTP id m3mr20878186pgs.137.1496088906256;
 Mon, 29 May 2017 13:15:06 -0700 (PDT)
Received: from apteryx ([2601:647:4a01:bacd:c2f8:daff:fe5d:2f2f])
 by smtp.gmail.com with ESMTPSA id o29sm18211766pgc.27.2017.05.29.13.15.05
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 29 May 2017 13:15:05 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: =?utf-8?B?4oCYd3JpdGUtZmlsZeKAmQ==?= output should not be
 locale-dependent
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87o9ucu1t3.fsf@HIDDEN> <87mv9wc9gp.fsf_-_@HIDDEN>
Date: Mon, 29 May 2017 13:15:04 -0700
In-Reply-To: <87mv9wc9gp.fsf_-_@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\?\=
 \=\?utf-8\?Q\?\=22's\?\= message of "Mon,
 29 May 2017 11:12:54 +0200")
Message-ID: <87h903s9mf.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>
>> ludo@HIDDEN (Ludovic Court=C3=A8s) writes:
>
> [...]
>
>>> Strangely that file name has question marks instead of the non-ASCII
>>> characters on my GuixSD system:
>>>
>>> $ ls -l /etc/ssl/certs/*Certi*mara*
>>> lrwxrwxrwx 8 root root 162 Jan 1 1970
>>> '/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.2=
27.87.240.105.140.203.236.12.pem'
>>> ->
>>> '/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/c=
erts/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.1=
40.203.236.12.pem'
>>
>> Hmm. That is strange. It seems like you also have a locale problem, but
>> that it is handled in a way that doesn't break nss-certs?
>
> AFAICS the file is really called that way, with question marks:
>
> scheme@(guile-user)> (stat "/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-n=
ss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.12=
3.224.21.227.87.240.105.140.203.236.12.pem")
> $2 =3D #(64768 4719936 33060 8 0 0 0 2444 1496043280 1 1492867575 4096 8 =
regular 292 130744281 0 1492867575)
>
>
> And:
>
> $ wget -O - https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vilc0zv6ra42gh=
i04787vrg6bb71-nss-certs-3.30.2 |gunzip -c | guix archive -x t
> --2017-05-29 10:55:36--  https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0v=
ilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2
> Ni solvigas mirror.hydra.gnu.org (mirror.hydra.gnu.org)... 131.159.14.26,=
 2001:4ca0:2001:10:225:90ff:fedb:c720
> Konektado al mirror.hydra.gnu.org (mirror.hydra.gnu.org)|131.159.14.26|:4=
43... konektita.
> HTTP peto sendita, ni atendas respondon... 200 OK
> Grando: 171969 (168K) [application/octet-stream]
> Ni konservas al: 'STDOUT'
>
> -                            100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D>] 167.94K  --.-KB/s    en 0.08s=20=20=20
>
> 2017-05-29 10:55:37 (2.02 MB/s) - skribita al =C4=89efeligujo [171969/171=
969]
>
> $ find t -name AC_Ra\*
> t/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227=
.87.240.105.140.203.236.12.pem
> $ locale
> LANG=3Den_US.utf8
> LC_CTYPE=3D"en_US.utf8"
> LC_NUMERIC=3D"en_US.utf8"
> LC_TIME=3D"en_US.utf8"
> LC_COLLATE=3D"en_US.utf8"
> LC_MONETARY=3D"en_US.utf8"
> LC_MESSAGES=3D"en_US.utf8"
> LC_PAPER=3Dfr_FR.utf8
> LC_NAME=3D"en_US.utf8"
> LC_ADDRESS=3D"en_US.utf8"
> LC_TELEPHONE=3D"en_US.utf8"
> LC_MEASUREMENT=3D"en_US.utf8"
> LC_IDENTIFICATION=3D"en_US.utf8"
> LC_ALL=3D
>

--8<---------------cut here---------------start------------->8---
$ find /etc/ssl/certs -name AC_Ra\*
/etc/ssl/certs/AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.82.147.123.224=
.21.227.87.240.105.140.203.236.12.pem

$ locale
LANG=3Den_US.UTF-8
LC_CTYPE=3D"en_US.UTF-8"
LC_NUMERIC=3D"en_US.UTF-8"
LC_TIME=3D"en_US.UTF-8"
LC_COLLATE=3D"en_US.UTF-8"
LC_MONETARY=3D"en_US.UTF-8"
LC_MESSAGES=3D"en_US.UTF-8"
LC_PAPER=3D"en_US.UTF-8"
LC_NAME=3D"en_US.UTF-8"
LC_ADDRESS=3D"en_US.UTF-8"
LC_TELEPHONE=3D"en_US.UTF-8"
LC_MEASUREMENT=3D"en_US.UTF-8"
LC_IDENTIFICATION=3D"en_US.UTF-8"
LC_ALL=3D
--8<---------------cut here---------------end--------------->8---

The file name appears normally here (in xterm). I'm not sure why it's
different on your side, since we are both using UTF-8 locales. It does
still look strange when seen from strace though, but I guess this is
peculiarity of strace:

open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) =3D -1 ENOENT (No=
 such file or directory)

> But wait!  =E2=80=9Cguix build nss-certs --check -K=E2=80=9D fails, and t=
he diff is:
>
> $ LANGUAGE=3D diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-ce=
rts-3.30.2{,-check}
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-chec=
k/etc/ssl/certs: AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.82.147.123.2=
24.21.227.87.240.105.140.203.236.12.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/=
ssl/certs: AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240=
.105.140.203.236.12.pem
> diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc=
/ssl/certs/ae8153b9.0 /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs=
-3.30.2-check/etc/ssl/certs/ae8153b9.0
> --- /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/=
certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
> +++ /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/et=
c/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
> @@ -3,10 +3,10 @@
>  # distrust=3D
>  # openssl-trust=3DcodeSigning emailProtection serverAuth
>  -----BEGIN CERTIFICATE-----
> -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
> +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW

Can this be explained by locale alone? That is troubling.

>  MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
>  Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
> -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
> +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9
                                          ^ ???

>  MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
>
> [...]
>
> +O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
> +um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
> +NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=3D
>  -----END CERTIFICATE-----
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-chec=
k/etc/ssl/certs: Certinomis_-_Autorit=C3=A9_Racine:2.1.1.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/=
ssl/certs: Certinomis_-_Autorit?_Racine:2.1.1.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-chec=
k/etc/ssl/certs: NetLock_Arany_=3DClass_Gold=3D_F=C5=91tan=C3=BAs=C3=ADtv=
=C3=A1ny:2.6.73.65.44.228.0.16.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/=
ssl/certs: NetLock_Arany_=3DClass_Gold=3D_F?tan?s?tv?ny:2.6.73.65.44.228.0.=
16.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/=
ssl/certs: T?B?TAK_UEKAE_K?k_Sertifika_Hizmet_Sa?lay?c?s?_-_S?r?m_3:2.1.17.=
pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/=
ssl/certs: T?RKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5:2.7.0.142.2=
3.254.36.32.129.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-chec=
k/etc/ssl/certs: T=C3=9CB=C4=B0TAK_UEKAE_K=C3=B6k_Sertifika_Hizmet_Sa=C4=9F=
lay=C4=B1c=C4=B1s=C4=B1_-_S=C3=BCr=C3=BCm_3:2.1.17.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-chec=
k/etc/ssl/certs: T=C3=9CRKTRUST_Elektronik_Sertifika_Hizmet_Sa=C4=9Flay=C4=
=B1c=C4=B1s=C4=B1_H5:2.7.0.142.23.254.36.32.129.pem
>
> See?  (The difference in the first certificate is weird too=E2=80=A6)
>
> There are two ways to create nars.  One is via the =E2=80=98export-paths=
=E2=80=99 RPC
> (implemented in the daemon in C++), which does not interpret file names
> and thus leaves them untouched.  The other one is via =E2=80=98write-file=
=E2=80=99 from
> (guix serialization), which is written in Scheme and thus converts file
> names from locale encoding (specifically, =E2=80=98scandir=E2=80=99 does =
that.)
>
> =E2=80=98guix publish=E2=80=99 uses the latter, so =E2=80=98guix publish=
=E2=80=99 is sensitive to locale
> settings, which is pretty bad.
>
> Guile currently does not allow us to specify whether/how file names
> should be decoded, but possible solutions have been discussed for 2.2.
>
> In the meantime, solutions are:
>
>   1. To run =E2=80=98guix publish=E2=80=99 in a UTF-8 locale, which appar=
ently was not
>      the case.

I'm surprised by that. Wouldn't a utf8 locale be the default?

>
>   2. Add to (guix build syscalls) a separate locale-independent
>      =E2=80=98scandir=E2=80=99 implementation and use that.

If the general solution is to fix it in Guile, the workaround proposed
in 1. seems preferable.

Maxim




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 29 May 2017 09:31:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 29 05:31:51 2017
Received: from localhost ([127.0.0.1]:42549 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFH1i-0007hK-Uu
	for submit <at> debbugs.gnu.org; Mon, 29 May 2017 05:31:51 -0400
Received: from eggs.gnu.org ([208.118.235.92]:52954)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFH1g-0007h7-Up
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 05:31:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFH1Y-0006Up-GV
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 05:31:43 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59987)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFH1Y-0006Ul-Ci; Mon, 29 May 2017 05:31:40 -0400
Received: from [193.50.110.67] (port=44326 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFH1X-0002Wq-Li; Mon, 29 May 2017 05:31:40 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Mark H Weaver <mhw@HIDDEN>
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87poes25dw.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 10 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Mon, 29 May 2017 11:31:37 +0200
In-Reply-To: <87poes25dw.fsf@HIDDEN> (Mark H. Weaver's message of "Sun, 28
 May 2017 14:38:51 -0400")
Message-ID: <87a85wc8li.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

--=-=-=
Content-Type: text/plain

Hi Mark,

Mark H Weaver <mhw@HIDDEN> skribis:

> This reminds me of a bug that I found in the Guile binding in GnuTLS a
> while ago, but forgot to report.  Maybe it's related:
>
> In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:
>
>   static unsigned int
>   set_certificate_file (certificate_set_file_function_t set_file,
>                         SCM cred, SCM file, SCM format, const char *func_name)
>   #define FUNC_NAME func_name
>   {
>     int err;
>     char *c_file;
>     size_t c_file_len;
>   
>     gnutls_certificate_credentials_t c_cred;
>     gnutls_x509_crt_fmt_t c_format;
>   
>     c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>     SCM_VALIDATE_STRING (2, file);
>     c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
>   
>     c_file_len = scm_c_string_length (file);
>     c_file = alloca (c_file_len + 1);
>   
>     (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
>     c_file[c_file_len] = '\0';
>   
>     err = set_file (c_cred, c_file, c_format);
>     if (EXPECT_FALSE (err < 0))
>       scm_gnutls_error (err, FUNC_NAME);
>   
>     /* Return the number of certificates processed.  */
>     return ((unsigned int) err);
>   }
>
> 'scm_c_string_length' is inappropriately assumed to return the length
> of the encoded C string in bytes, whereas it actually returns the
> number of characters (code points).

This is terrible!  WDYT of this:


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline

diff --git a/guile/src/core.c b/guile/src/core.c
index 605c91f7a..38d573fa9 100644
--- a/guile/src/core.c
+++ b/guile/src/core.c
@@ -1,5 +1,5 @@
 /* GnuTLS --- Guile bindings for GnuTLS.
-   Copyright (C) 2007-2014, 2016 Free Software Foundation, Inc.
+   Copyright (C) 2007-2014, 2016-2017 Free Software Foundation, Inc.
 
    GnuTLS is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -1428,22 +1428,19 @@ set_certificate_file (certificate_set_file_function_t set_file,
 {
   int err;
   char *c_file;
-  size_t c_file_len;
 
   gnutls_certificate_credentials_t c_cred;
   gnutls_x509_crt_fmt_t c_format;
 
   c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
   SCM_VALIDATE_STRING (2, file);
-  c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
-
-  c_file_len = scm_c_string_length (file);
-  c_file = alloca (c_file_len + 1);
 
-  (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
-  c_file[c_file_len] = '\0';
+  c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
+  c_file = scm_to_locale_string (file);
 
   err = set_file (c_cred, c_file, c_format);
+  free (c_file);
+
   if (EXPECT_FALSE (err < 0))
     scm_gnutls_error (err, FUNC_NAME);
 

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Unfortunately there=E2=80=99s a dozen of places in core.c that use this idi=
om
and would need to be fixed (it=E2=80=99s pre-2.0 code I think).

In the meantime we can work around it this way:


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline

diff --git a/guix/build/download.scm b/guix/build/download.scm
index ce4708a87..6ef623334 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -296,6 +296,13 @@ session record port using PORT as its underlying communication port."
   (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
                       (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
 
+(define (set-certificate-credentials-x509-trust-file!* cred file format)
+  "Like 'set-certificate-credentials-x509-trust-file!', but without the file
+name decoding bug described at
+<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
+  (let ((data (call-with-input-file file get-bytevector-all)))
+    (set-certificate-credentials-x509-trust-data! cred data format)))
+
 (define (make-credendials-with-ca-trust-files directory)
   "Return certificate credentials with X.509 authority certificates read from
 DIRECTORY.  Those authority certificates are checked when
@@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked when
                 (let ((file (string-append directory "/" file)))
                   ;; Protect against dangling symlinks.
                   (when (file-exists? file)
-                    (set-certificate-credentials-x509-trust-file!
+                    (set-certificate-credentials-x509-trust-file!*
                      cred file
                      x509-certificate-format/pem))))
               (or files '()))

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


WDYT?  I=E2=80=99ll commit it if that=E2=80=99s fine with you.

Thanks for the report!

Ludo=E2=80=99.

--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 29 May 2017 09:13:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 29 05:13:10 2017
Received: from localhost ([127.0.0.1]:42532 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFGje-0007G3-Fi
	for submit <at> debbugs.gnu.org; Mon, 29 May 2017 05:13:10 -0400
Received: from eggs.gnu.org ([208.118.235.92]:47108)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFGjc-0007Fr-Fz
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 05:13:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFGjT-0000CC-DF
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 05:13:03 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59770)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFGjT-0000C2-8z; Mon, 29 May 2017 05:12:59 -0400
Received: from [193.50.110.67] (port=44278 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFGjR-0002nC-Hc; Mon, 29 May 2017 05:12:58 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: =?utf-8?B?4oCYd3JpdGUtZmlsZeKAmQ==?= output should not be
 locale-dependent
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87o9ucu1t3.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 10 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Mon, 29 May 2017 11:12:54 +0200
In-Reply-To: <87o9ucu1t3.fsf@HIDDEN> (Maxim Cournoyer's message of "Sun, 28
 May 2017 14:00:59 -0700")
Message-ID: <87mv9wc9gp.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:

> ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

[...]

>> Strangely that file name has question marks instead of the non-ASCII
>> characters on my GuixSD system:
>>
>> $ ls -l /etc/ssl/certs/*Certi*mara*
>> lrwxrwxrwx 8 root root 162 Jan  1  1970 '/etc/ssl/certs/AC_Ra?z_Certic?m=
ara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem' ->=
 '/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/cert=
s/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.=
203.236.12.pem'
>
> Hmm. That is strange. It seems like you also have a locale problem, but
> that it is handled in a way that doesn't break nss-certs?

AFAICS the file is really called that way, with question marks:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (stat "/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss=
-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.=
224.21.227.87.240.105.140.203.236.12.pem")
$2 =3D #(64768 4719936 33060 8 0 0 0 2444 1496043280 1 1492867575 4096 8 re=
gular 292 130744281 0 1492867575)
--8<---------------cut here---------------end--------------->8---

And:

--8<---------------cut here---------------start------------->8---
$ wget -O - https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vilc0zv6ra42ghi0=
4787vrg6bb71-nss-certs-3.30.2 |gunzip -c | guix archive -x t
--2017-05-29 10:55:36--  https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vil=
c0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2
Ni solvigas mirror.hydra.gnu.org (mirror.hydra.gnu.org)... 131.159.14.26, 2=
001:4ca0:2001:10:225:90ff:fedb:c720
Konektado al mirror.hydra.gnu.org (mirror.hydra.gnu.org)|131.159.14.26|:443=
... konektita.
HTTP peto sendita, ni atendas respondon... 200 OK
Grando: 171969 (168K) [application/octet-stream]
Ni konservas al: 'STDOUT'

-                            100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D>] 167.94K  --.-KB/s    en 0.08s=20=20=20

2017-05-29 10:55:37 (2.02 MB/s) - skribita al =C4=89efeligujo [171969/17196=
9]

$ find t -name AC_Ra\*
t/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.8=
7.240.105.140.203.236.12.pem
$ locale
LANG=3Den_US.utf8
LC_CTYPE=3D"en_US.utf8"
LC_NUMERIC=3D"en_US.utf8"
LC_TIME=3D"en_US.utf8"
LC_COLLATE=3D"en_US.utf8"
LC_MONETARY=3D"en_US.utf8"
LC_MESSAGES=3D"en_US.utf8"
LC_PAPER=3Dfr_FR.utf8
LC_NAME=3D"en_US.utf8"
LC_ADDRESS=3D"en_US.utf8"
LC_TELEPHONE=3D"en_US.utf8"
LC_MEASUREMENT=3D"en_US.utf8"
LC_IDENTIFICATION=3D"en_US.utf8"
LC_ALL=3D
--8<---------------cut here---------------end--------------->8---

But wait!  =E2=80=9Cguix build nss-certs --check -K=E2=80=9D fails, and the=
 diff is:

--8<---------------cut here---------------start------------->8---
$ LANGUAGE=3D diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-cert=
s-3.30.2{,-check}
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/=
etc/ssl/certs: AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.82.147.123.224=
.21.227.87.240.105.140.203.236.12.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ss=
l/certs: AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.1=
05.140.203.236.12.pem
diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/s=
sl/certs/ae8153b9.0 /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3=
.30.2-check/etc/ssl/certs/ae8153b9.0
--- /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/ce=
rts/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
+++ /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/=
ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
@@ -3,10 +3,10 @@
 # distrust=3D
 # openssl-trust=3DcodeSigning emailProtection serverAuth
 -----BEGIN CERTIFICATE-----
-MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW
 MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
 Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9
 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi

[...]

+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=3D
 -----END CERTIFICATE-----
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/=
etc/ssl/certs: Certinomis_-_Autorit=C3=A9_Racine:2.1.1.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ss=
l/certs: Certinomis_-_Autorit?_Racine:2.1.1.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/=
etc/ssl/certs: NetLock_Arany_=3DClass_Gold=3D_F=C5=91tan=C3=BAs=C3=ADtv=C3=
=A1ny:2.6.73.65.44.228.0.16.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ss=
l/certs: NetLock_Arany_=3DClass_Gold=3D_F?tan?s?tv?ny:2.6.73.65.44.228.0.16=
.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ss=
l/certs: T?B?TAK_UEKAE_K?k_Sertifika_Hizmet_Sa?lay?c?s?_-_S?r?m_3:2.1.17.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ss=
l/certs: T?RKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5:2.7.0.142.23.=
254.36.32.129.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/=
etc/ssl/certs: T=C3=9CB=C4=B0TAK_UEKAE_K=C3=B6k_Sertifika_Hizmet_Sa=C4=9Fla=
y=C4=B1c=C4=B1s=C4=B1_-_S=C3=BCr=C3=BCm_3:2.1.17.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/=
etc/ssl/certs: T=C3=9CRKTRUST_Elektronik_Sertifika_Hizmet_Sa=C4=9Flay=C4=B1=
c=C4=B1s=C4=B1_H5:2.7.0.142.23.254.36.32.129.pem
--8<---------------cut here---------------end--------------->8---

See?  (The difference in the first certificate is weird too=E2=80=A6)

There are two ways to create nars.  One is via the =E2=80=98export-paths=E2=
=80=99 RPC
(implemented in the daemon in C++), which does not interpret file names
and thus leaves them untouched.  The other one is via =E2=80=98write-file=
=E2=80=99 from
(guix serialization), which is written in Scheme and thus converts file
names from locale encoding (specifically, =E2=80=98scandir=E2=80=99 does th=
at.)

=E2=80=98guix publish=E2=80=99 uses the latter, so =E2=80=98guix publish=E2=
=80=99 is sensitive to locale
settings, which is pretty bad.

Guile currently does not allow us to specify whether/how file names
should be decoded, but possible solutions have been discussed for 2.2.

In the meantime, solutions are:

  1. To run =E2=80=98guix publish=E2=80=99 in a UTF-8 locale, which apparen=
tly was not
     the case.

  2. Add to (guix build syscalls) a separate locale-independent
     =E2=80=98scandir=E2=80=99 implementation and use that.

Thoughts?

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 29 May 2017 04:36:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 29 00:36:14 2017
Received: from localhost ([127.0.0.1]:42396 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFCPa-0000hS-Rq
	for submit <at> debbugs.gnu.org; Mon, 29 May 2017 00:36:14 -0400
Received: from mail-pf0-f169.google.com ([209.85.192.169]:35089)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dFCPY-0000hC-I9
 for 26948 <at> debbugs.gnu.org; Mon, 29 May 2017 00:36:09 -0400
Received: by mail-pf0-f169.google.com with SMTP id n23so42334627pfb.2
 for <26948 <at> debbugs.gnu.org>; Sun, 28 May 2017 21:36:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=AtJ8qgW3OSaiFrL2dRgSB4r0CjlQazXF7TQurP1VERA=;
 b=JFfsNm+6ezMxMMiW0ZxZmoe7Ajd/iyOw28i4bIvzP58twcdBnVHHI9ojK1+NjKnnQO
 E2u677HcSa/C4G1yC/T+1CdjR0uKyyGKvL4X35ghc9pbGiPR/R0fhG/biDC7lMY6awxD
 bzbCMlJeW1KNPqduqb3xYCyaL8GgCVKK9VoheURZZ+sNGfgmGqCB6OIYnLzo0ofPo9LS
 x3r0RPHE40kEJIE/nnrt4LT7RsZYXwHsOkfySOMJQuZd+IqbmsgJtId3v1vovM8nWUXE
 xMasA7/e4/L3vyXQOwuNgMccj2uPYxgDCzY/Pgxa9AVSsBLtWqWY0CAyJEJvxDFKs/K5
 dxKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version:content-transfer-encoding;
 bh=AtJ8qgW3OSaiFrL2dRgSB4r0CjlQazXF7TQurP1VERA=;
 b=DefuESTe41UpUmMlnBVKdB16Cwgm3noev31vI2SR2kpzuOae2V8jjN3y7t1ZMc9ie9
 o23AiwieZYCk1JVFwEb4GDT9s1t6MVFwFcAIK+9QIlvP2ZVgHC6W2fOGdTewFQ51XbPk
 bZFAULjrei3ZJbrnIu8dtVxmAvRG6EcKHQUdIrufh8/CZTVaKAunX3gHY3PrvxN+ywh1
 Uh62zr7tE5x1N3jIZzVOA73k1bSZ52ib+nluS6ioaE5Gg1JCtPwVIlnT+smxYEUDqaSo
 eRoVDcDicoH0uEFdFhT1kvVyccRnAywTjQA1s+ObGyWv96ohtWPNrVJ3Lf0o60kAuMYm
 dRuw==
X-Gm-Message-State: AODbwcAZJvXy0seR+v8mfBsVH8GWQ5JkeOLdNRZLPIHaV/ii1uYp7VNA
 XAHHO955WlBOWsRW9TQ=
X-Received: by 10.98.193.65 with SMTP id i62mr15508137pfg.134.1496032562183;
 Sun, 28 May 2017 21:36:02 -0700 (PDT)
Received: from apteryx ([2601:647:4a01:bacd:c2f8:daff:fe5d:2f2f])
 by smtp.gmail.com with ESMTPSA id o66sm13486028pga.64.2017.05.28.21.36.00
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 28 May 2017 21:36:01 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Mark H Weaver <mhw@HIDDEN>
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
 <87poes25dw.fsf@HIDDEN>
Date: Sun, 28 May 2017 21:36:00 -0700
In-Reply-To: <87poes25dw.fsf@HIDDEN> (Mark H. Weaver's message of "Sun, 28
 May 2017 14:38:51 -0400")
Message-ID: <87poess2j3.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.8 (--)
X-Debbugs-Envelope-To: 26948
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.8 (--)

Mark H Weaver <mhw@HIDDEN> writes:

> ludo@HIDDEN (Ludovic Court=C3=A8s) writes:
>
>> Hi Maxim,
>>
>> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>>
>>> It seems that the problem is caused by the file:
>>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.14=
7.123.224.21.227.87.240.105.140.203.236.12.p".
>
> This reminds me of a bug that I found in the Guile binding in GnuTLS a
> while ago, but forgot to report.  Maybe it's related:
>
> In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:
>
>   static unsigned int
>   set_certificate_file (certificate_set_file_function_t set_file,
>                         SCM cred, SCM file, SCM format, const char *func_=
name)
>   #define FUNC_NAME func_name
>   {
>     int err;
>     char *c_file;
>     size_t c_file_len;
>=20=20=20
>     gnutls_certificate_credentials_t c_cred;
>     gnutls_x509_crt_fmt_t c_format;
>=20=20=20
>     c_cred =3D scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>     SCM_VALIDATE_STRING (2, file);
>     c_format =3D scm_to_gnutls_x509_certificate_format (format, 3, FUNC_N=
AME);
>=20=20=20
>     c_file_len =3D scm_c_string_length (file);
>     c_file =3D alloca (c_file_len + 1);
>=20=20=20
>     (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
>     c_file[c_file_len] =3D '\0';
>=20=20=20
>     err =3D set_file (c_cred, c_file, c_format);
>     if (EXPECT_FALSE (err < 0))
>       scm_gnutls_error (err, FUNC_NAME);
>=20=20=20
>     /* Return the number of certificates processed.  */
>     return ((unsigned int) err);
>   }
>
> 'scm_c_string_length' is inappropriately assumed to return the length
> of the encoded C string in bytes, whereas it actually returns the
> number of characters (code points).
>
> This led to:
>
> stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82=
.147.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=3DS_IFREG|0444=
, st_size=3D2444, ...}) =3D 0
> open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82=
.147.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) =3D -1 ENOENT (=
No such file or directory)
>
> While doing this:
>
> mhw@jojen ~$ strace -o trace.out guix import gem rails
> Backtrace:
> In unknown file:
>    ?: 19 [apply-smob/1 #<catch-closure 2793e20>]
> In ice-9/boot-9.scm:
>   66: 18 [call-with-prompt prompt0 ...]
> In ice-9/eval.scm:
>  432: 17 [eval # #]
> In ice-9/boot-9.scm:
> 2412: 16 [save-module-excursion #<procedure 27b4900 at ice-9/boot-9.scm:4=
084:3 ()>]
> 4089: 15 [#<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
> 1734: 14 [%start-stack load-stack ...]
> 1739: 13 [#<procedure 27c6b40 ()>]
> In unknown file:
>    ?: 12 [primitive-load "/home/mhw/guix/scripts/guix"]
> In guix/ui.scm:
> 1255: 11 [run-guix-command import "gem" "rails"]
> In guix/scripts/import.scm:
>  114: 10 [guix-import "gem" "rails"]
> In guix/scripts/import/gem.scm:
>   84: 9 [guix-import-gem "rails"]
> In guix/import/gem.scm:
>  121: 8 [gem->guix-package "rails" #f]
> In ice-9/boot-9.scm:
>  160: 7 [catch srfi-34 #<procedure 3518440 at guix/import/json.scm:29:2 (=
)> ...]
> In guix/import/json.scm:
>   32: 6 [#<procedure 3518440 at guix/import/json.scm:29:2 ()>]
> In guix/http-client.scm:
>  239: 5 [loop #]
> In guix/build/download.scm:
>  520: 4 [open-connection-for-uri # # #f ...]
>  391: 3 [tls-wrap #<input-output: socket 10> "rubygems.org" ...]
>  308: 2 [make-credendials-with-ca-trust-files "/etc/ssl/certs"]
> In srfi/srfi-1.scm:
>  616: 1 [for-each #<procedure 351f090 at guix/build/download.scm:308:14 (=
file)> #]
> In unknown file:
>    ?: 0 [set-certificate-credentials-x509-trust-file! # ...]
>
> ERROR: In procedure set-certificate-credentials-x509-trust-file!:
> ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error =
while reading file.> set-certificate-credentials-x509-trust-file!)'.
> mhw@jojen ~$
>
> The problem can be worked around by using the C locale:
>
> mhw@jojen ~$ LC_ALL=3DC guix import gem rails
> (package
>   (name "ruby-rails")
>   (version "5.1.0")
>   (source
>     (origin
>       (method url-fetch)
>       (uri (rubygems-uri "rails" version))
>       (sha256
>         (base32
>           "0cpcnrlqg1am2jfdz6pf9snh89qzbny9ikbpg3xz31qrqv9f4hyq"))))
>   (build-system ruby-build-system)
>   (propagated-inputs
>     `(("ruby-actioncable" ,ruby-actioncable)
>       ("ruby-actionmailer" ,ruby-actionmailer)
>       ("ruby-actionpack" ,ruby-actionpack)
>       ("ruby-actionview" ,ruby-actionview)
>       ("ruby-activejob" ,ruby-activejob)
>       ("ruby-activemodel" ,ruby-activemodel)
>       ("ruby-activerecord" ,ruby-activerecord)
>       ("ruby-activesupport" ,ruby-activesupport)
>       ("bundler" ,bundler)
>       ("ruby-railties" ,ruby-railties)
>       ("ruby-sprockets-rails" ,ruby-sprockets-rails)))
>   (synopsis
>     "Ruby on Rails is a full-stack web framework optimized for programmer=
 happiness and sustainable productivity. It encourages beautiful code by fa=
voring convention over configuration.")
>   (description
>     "Ruby on Rails is a full-stack web framework optimized for programmer=
 happiness and sustainable productivity.  It encourages beautiful code by f=
avoring convention over configuration.")
>   (home-page "http://rubyonrails.org")
>   (license license:expat))
> mhw@jojen ~$=20

This is it! Setting "LC_ALL=3DC" works around the problem. Thanks for
chipping in. I've investigated on the Guile side and isolated the
problem to be with the file name only, which corroborates your finding:

--8<---------------cut here---------------start------------->8---
(use-modules (ice-9 ftw)
	     (gnutls))

(define ffile "/etc/ssl/certs/AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126=
.82.147.123.224.21.227.87.240.105.140.203.236.12.pem")

;; Simply copied to my home dir.
(define ffile-2 "/home/maxim/AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.=
82.147.123.224.21.227.87.240.105.140.203.236.12.pem")

;; s/=C3=AD/i/ & s/=C3=A1/a/
(define ffile-3 "/home/maxim/AC_Raiz_Certicamara_S.A.:2.15.7.126.82.147.123=
.224.21.227.87.240.105.140.203.236.12.pem")

(define cred (make-certificate-credentials))

(set-certificate-credentials-x509-trust-file! cred ffile-2
					      x509-certificate-format/pem)
;; =3D> ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum =
Error while reading file.> set-certificate-credentials-x509-trust-file!)'.


(set-certificate-credentials-x509-trust-file! cred ffile-2
					      x509-certificate-format/pem)
;; =3D> ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum =
Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

(set-certificate-credentials-x509-trust-file! cred ffile-3
					      x509-certificate-format/pem)
;; =3D> 1
--8<---------------cut here---------------end--------------->8---

Maxim




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 28 May 2017 21:08:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 28 17:08:50 2017
Received: from localhost ([127.0.0.1]:42146 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dF5Qg-00020j-AG
	for submit <at> debbugs.gnu.org; Sun, 28 May 2017 17:08:50 -0400
Received: from mail-pg0-f48.google.com ([74.125.83.48]:35129)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dF5Qe-00020W-DM
 for 26948 <at> debbugs.gnu.org; Sun, 28 May 2017 17:08:48 -0400
Received: by mail-pg0-f48.google.com with SMTP id 8so14152204pgc.2
 for <26948 <at> debbugs.gnu.org>; Sun, 28 May 2017 14:08:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:references:message-id:user-agent
 :mime-version:content-transfer-encoding;
 bh=kt2SqYmD/kKavVj1wXxRGqxQ0K5HU9/Ymo0L8TD0p8o=;
 b=qwpRNGCjX9RI2eH6zGNqK4nchOoWOdT709ivuMLHSt5HKZf9x2uGd/wjok4QY4hD3o
 cTJNslqVj1CAE6aHn4UlEGDAZ5O2Sbv1s3hUBWsvvDFG8dwZNW8MYWI+ElL8sillRHHE
 YFX2/4vGZRJGxludKLA4x2ildoX150l4L5C3Idm3Uh289t7flHUhtKIaSUypqfNLhFaS
 s+9UnhBGI4JFFQRrAE3LV4s0x3pzfUBp2ACbeCAcLuTGKGAas6qwNSQYgws7oCawQFsu
 Gx8tOqttvdgCZnV604aDcuvBTOPKFzgdWuDY9SMiF4tX2GbZHK/Gf8YrKEe/PkqyQiCO
 Fddw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:references:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=kt2SqYmD/kKavVj1wXxRGqxQ0K5HU9/Ymo0L8TD0p8o=;
 b=Bhzq1iV0+IAr3spLAfqQAJnKBH95M/dR7XRb4LRtDl3+oPHCRIbWhLzKJcBMT4mLLS
 wdqMhDxIYW63o995XYFfTDeh/bwCEFijMUqgHneEtUukWBvIANDtNoMEUTmDb0kT0g1a
 paJO+8TzkUhMw8hyPTKEXXo6peVP+WQ2a68vg5UlLts0EOvvB28ExKlGR9OfEymm6Aku
 JbngP3TAQItTDtbdjHuTjQl5YR2/whRKWxW4WHb+BnrYMfm56F6FzgSZoIDIF0BPXEgx
 eHrUernFO3d10gZkLI8Io2i/HifdgYo4mUHGL9wuCcD8722pNP8LNCnZOY2wKIYnFkTh
 5NCg==
X-Gm-Message-State: AODbwcAQH32p4CZi/yyDnrKQIPpjRHhPeuXL/8OdcyHqPN7vocE12OWa
 iS5efusNTupc+YW8
X-Received: by 10.98.58.195 with SMTP id v64mr14030188pfj.237.1496005722235;
 Sun, 28 May 2017 14:08:42 -0700 (PDT)
Received: from apteryx ([2601:647:4a01:bacd:c2f8:daff:fe5d:2f2f])
 by smtp.gmail.com with ESMTPSA id a85sm12806106pfg.7.2017.05.28.14.08.41
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 28 May 2017 14:08:41 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: bug#26948: gnutls errors on multiple guix commands
Date: Sun, 28 May 2017 14:00:59 -0700
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
Message-ID: <87o9ucu1t3.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.8 (--)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.8 (--)

Hi Ludovic,

ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>
>> It seems that the problem is caused by the file:
>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147=
.123.224.21.227.87.240.105.140.203.236.12.p".
>
> Indeed.
>
>> The strange thing is that it shouldn't even get into the `files'
>> variable since we are scanning for files ending with a ".pem" suffix.
>>
>> ls /etc/ssl/certs/AC*2.15.7.126*
>> /etc/ssl/certs/AC_Raz_Certicmara_S.A.:2.15.7.126.82.147.123.224.21.227.8=
7.240.105.140.203.236.12.pem
>>
>>
>> It looks like I have a locale problem? In my operating-system
>> definition, I'm using (locale "en_US.UTF-8") and the locale-definitions
>> field is not set (which means it's using %DEFAULT-LOCALE-DEFINITIONS). I
>> also have the following installed in my user profile:
>>
>> guix package -I locale
>> glibc-locales   2.25    out     /gnu/store/2d97vjjx23w3bhwp4sbylwcx6l5fy=
8g2-glibc-locales-2.25
>>
>>
>> Finally,
>>
>> set | grep LOC
>> GUIX_LOCPATH=3D/run/current-system/locale
>> XTERM_LOCALE=3Den_US.UTF-8
>
> Does the 'guix' command say 'failed to install locale'?  It probably
> does, which explains why it fails to decode the file name.

No, it doesn't!

> Strangely that file name has question marks instead of the non-ASCII
> characters on my GuixSD system:
>
> $ ls -l /etc/ssl/certs/*Certi*mara*
> lrwxrwxrwx 8 root root 162 Jan  1  1970 '/etc/ssl/certs/AC_Ra?z_Certic?ma=
ra_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem' -> =
'/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs=
/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.2=
03.236.12.pem'

Hmm. That is strange. It seems like you also have a locale problem, but
that it is handled in a way that doesn't break nss-certs?

> but the initial problem seems to be in nss-certs itself.
>
> What does this report for you:
>
>   guix package -p /run/current-system/profile -I nss-cert

It gives me:

--8<---------------cut here---------------start------------->8---
$ guix package -p /run/current-system/profile -I nss-cert
nss-certs	3.30.2	out
/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2
--8<---------------cut here---------------end--------------->8---

>> I would have liked to exercise the
>> `make-credendials-with-ca-trust-files' function to debug but there's a
>> `make-certificate-credentials' function called which I coudln't source
>> (where does it come from? Doing C-c . u in Geiser didn't help making it
>> visible, as did grepping the Guix sources for its definition)
>
> These procedures come from (gnutls).  They're written in C.
>

Thanks for the information. I'll see if I can debug it further.

Maxim




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 28 May 2017 18:39:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 28 14:39:16 2017
Received: from localhost ([127.0.0.1]:41999 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dF35w-00057r-FI
	for submit <at> debbugs.gnu.org; Sun, 28 May 2017 14:39:16 -0400
Received: from world.peace.net ([50.252.239.5]:54677)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1dF35u-00057e-6S
 for 26948 <at> debbugs.gnu.org; Sun, 28 May 2017 14:39:14 -0400
Received: from pool-72-93-29-40.bstnma.east.verizon.net ([72.93.29.40]
 helo=jojen)
 by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <mhw@HIDDEN>)
 id 1dF35m-0007aG-TW; Sun, 28 May 2017 14:39:07 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN> <87vaoovvvz.fsf@HIDDEN>
Date: Sun, 28 May 2017 14:38:51 -0400
In-Reply-To: <87vaoovvvz.fsf@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Fri, 26 May 2017 10:56:48 +0200")
Message-ID: <87poes25dw.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>
>> It seems that the problem is caused by the file:
>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147=
.123.224.21.227.87.240.105.140.203.236.12.p".

This reminds me of a bug that I found in the Guile binding in GnuTLS a
while ago, but forgot to report.  Maybe it's related:

In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:

  static unsigned int
  set_certificate_file (certificate_set_file_function_t set_file,
                        SCM cred, SCM file, SCM format, const char *func_na=
me)
  #define FUNC_NAME func_name
  {
    int err;
    char *c_file;
    size_t c_file_len;
=20=20
    gnutls_certificate_credentials_t c_cred;
    gnutls_x509_crt_fmt_t c_format;
=20=20
    c_cred =3D scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
    SCM_VALIDATE_STRING (2, file);
    c_format =3D scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAM=
E);
=20=20
    c_file_len =3D scm_c_string_length (file);
    c_file =3D alloca (c_file_len + 1);
=20=20
    (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
    c_file[c_file_len] =3D '\0';
=20=20
    err =3D set_file (c_cred, c_file, c_format);
    if (EXPECT_FALSE (err < 0))
      scm_gnutls_error (err, FUNC_NAME);
=20=20
    /* Return the number of certificates processed.  */
    return ((unsigned int) err);
  }

'scm_c_string_length' is inappropriately assumed to return the length
of the encoded C string in bytes, whereas it actually returns the
number of characters (code points).

This led to:

stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=3DS_IFREG|0444, =
st_size=3D2444, ...}) =3D 0
open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) =3D -1 ENOENT (No=
 such file or directory)

While doing this:

mhw@jojen ~$ strace -o trace.out guix import gem rails
Backtrace:
In unknown file:
   ?: 19 [apply-smob/1 #<catch-closure 2793e20>]
In ice-9/boot-9.scm:
  66: 18 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
 432: 17 [eval # #]
In ice-9/boot-9.scm:
2412: 16 [save-module-excursion #<procedure 27b4900 at ice-9/boot-9.scm:408=
4:3 ()>]
4089: 15 [#<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
1734: 14 [%start-stack load-stack ...]
1739: 13 [#<procedure 27c6b40 ()>]
In unknown file:
   ?: 12 [primitive-load "/home/mhw/guix/scripts/guix"]
In guix/ui.scm:
1255: 11 [run-guix-command import "gem" "rails"]
In guix/scripts/import.scm:
 114: 10 [guix-import "gem" "rails"]
In guix/scripts/import/gem.scm:
  84: 9 [guix-import-gem "rails"]
In guix/import/gem.scm:
 121: 8 [gem->guix-package "rails" #f]
In ice-9/boot-9.scm:
 160: 7 [catch srfi-34 #<procedure 3518440 at guix/import/json.scm:29:2 ()>=
 ...]
In guix/import/json.scm:
  32: 6 [#<procedure 3518440 at guix/import/json.scm:29:2 ()>]
In guix/http-client.scm:
 239: 5 [loop #]
In guix/build/download.scm:
 520: 4 [open-connection-for-uri # # #f ...]
 391: 3 [tls-wrap #<input-output: socket 10> "rubygems.org" ...]
 308: 2 [make-credendials-with-ca-trust-files "/etc/ssl/certs"]
In srfi/srfi-1.scm:
 616: 1 [for-each #<procedure 351f090 at guix/build/download.scm:308:14 (fi=
le)> #]
In unknown file:
   ?: 0 [set-certificate-credentials-x509-trust-file! # ...]

ERROR: In procedure set-certificate-credentials-x509-trust-file!:
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error wh=
ile reading file.> set-certificate-credentials-x509-trust-file!)'.
mhw@jojen ~$

The problem can be worked around by using the C locale:

mhw@jojen ~$ LC_ALL=3DC guix import gem rails
(package
  (name "ruby-rails")
  (version "5.1.0")
  (source
    (origin
      (method url-fetch)
      (uri (rubygems-uri "rails" version))
      (sha256
        (base32
          "0cpcnrlqg1am2jfdz6pf9snh89qzbny9ikbpg3xz31qrqv9f4hyq"))))
  (build-system ruby-build-system)
  (propagated-inputs
    `(("ruby-actioncable" ,ruby-actioncable)
      ("ruby-actionmailer" ,ruby-actionmailer)
      ("ruby-actionpack" ,ruby-actionpack)
      ("ruby-actionview" ,ruby-actionview)
      ("ruby-activejob" ,ruby-activejob)
      ("ruby-activemodel" ,ruby-activemodel)
      ("ruby-activerecord" ,ruby-activerecord)
      ("ruby-activesupport" ,ruby-activesupport)
      ("bundler" ,bundler)
      ("ruby-railties" ,ruby-railties)
      ("ruby-sprockets-rails" ,ruby-sprockets-rails)))
  (synopsis
    "Ruby on Rails is a full-stack web framework optimized for programmer h=
appiness and sustainable productivity. It encourages beautiful code by favo=
ring convention over configuration.")
  (description
    "Ruby on Rails is a full-stack web framework optimized for programmer h=
appiness and sustainable productivity.  It encourages beautiful code by fav=
oring convention over configuration.")
  (home-page "http://rubyonrails.org")
  (license license:expat))
mhw@jojen ~$=20





Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 26 May 2017 08:57:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 26 04:57:01 2017
Received: from localhost ([127.0.0.1]:38601 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dEB3N-0004hZ-Gq
	for submit <at> debbugs.gnu.org; Fri, 26 May 2017 04:57:01 -0400
Received: from eggs.gnu.org ([208.118.235.92]:48935)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dEB3M-0004hF-E0
 for 26948 <at> debbugs.gnu.org; Fri, 26 May 2017 04:57:00 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dEB3D-0004Af-Qt
 for 26948 <at> debbugs.gnu.org; Fri, 26 May 2017 04:56:55 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57278)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dEB3D-0004Ab-NA; Fri, 26 May 2017 04:56:51 -0400
Received: from reverse-83.fdn.fr ([80.67.176.83]:54786 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dEB3D-0004aE-0D; Fri, 26 May 2017 04:56:51 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
 <8737btieie.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 7 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Fri, 26 May 2017 10:56:48 +0200
In-Reply-To: <8737btieie.fsf@HIDDEN> (Maxim Cournoyer's message of "Thu, 25
 May 2017 00:26:01 -0700")
Message-ID: <87vaoovvvz.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:

> It seems that the problem is caused by the file:
> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.=
123.224.21.227.87.240.105.140.203.236.12.p".

Indeed.

> The strange thing is that it shouldn't even get into the `files'
> variable since we are scanning for files ending with a ".pem" suffix.
>
> ls /etc/ssl/certs/AC*2.15.7.126*
> /etc/ssl/certs/AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.82.147.123.2=
24.21.227.87.240.105.140.203.236.12.pem
>
>
> It looks like I have a locale problem? In my operating-system
> definition, I'm using (locale "en_US.UTF-8") and the locale-definitions
> field is not set (which means it's using %DEFAULT-LOCALE-DEFINITIONS). I
> also have the following installed in my user profile:
>
> guix package -I locale
> glibc-locales   2.25    out     /gnu/store/2d97vjjx23w3bhwp4sbylwcx6l5fy8=
g2-glibc-locales-2.25
>
>
> Finally,
>
> set | grep LOC
> GUIX_LOCPATH=3D/run/current-system/locale
> XTERM_LOCALE=3Den_US.UTF-8

Does the =E2=80=98guix=E2=80=99 command say =E2=80=9Cfailed to install loca=
le=E2=80=9D?  It probably
does, which explains why it fails to decode the file name.

Strangely that file name has question marks instead of the non-ASCII
characters on my GuixSD system:

--8<---------------cut here---------------start------------->8---
$ ls -l /etc/ssl/certs/*Certi*mara*
lrwxrwxrwx 8 root root 162 Jan  1  1970 '/etc/ssl/certs/AC_Ra?z_Certic?mara=
_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem' -> '/=
gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/A=
C_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203=
.236.12.pem'
--8<---------------cut here---------------end--------------->8---

but the initial problem seems to be in nss-certs itself.

What does this report for you:

  guix package -p /run/current-system/profile -I nss-cert

?

> I would have liked to exercise the
> `make-credendials-with-ca-trust-files' function to debug but there's a
> `make-certificate-credentials' function called which I coudln't source
> (where does it come from? Doing C-c . u in Geiser didn't help making it
> visible, as did grepping the Guix sources for its definition)

These procedures come from (gnutls).  They=E2=80=99re written in C.

Thanks,
Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 25 May 2017 07:26:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu May 25 03:26:16 2017
Received: from localhost ([127.0.0.1]:36861 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dDn9y-0007Ks-CU
	for submit <at> debbugs.gnu.org; Thu, 25 May 2017 03:26:16 -0400
Received: from mail-pf0-f182.google.com ([209.85.192.182]:33705)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dDn9v-0007Kf-Ob
 for 26948 <at> debbugs.gnu.org; Thu, 25 May 2017 03:26:13 -0400
Received: by mail-pf0-f182.google.com with SMTP id e193so159373728pfh.0
 for <26948 <at> debbugs.gnu.org>; Thu, 25 May 2017 00:26:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=mFvH4UMPovsFcfDdFQUzer+6Z6qirmc7MIJyVgu/JQY=;
 b=jZ6f3Ojj//UOgakMm5p6pL8X0DzHxY/6VeaHFWuDisesUH3VDvQhaVJ2RzynyuSb5x
 kpwrp3Yug2RG+0aEleVUMZYPBC9gnlKrWiTb748mYcaygfDJYqUZbBDOR/8N1vtoG6ll
 Rir7eQXX/ODRUG5knbXWDFz9oCo16sG4PlMwY1u5Z/4g05PxuHeuq01EpzrMCKNRnPsl
 qzcuhkm+DpxXvd3nfncYsHaVxuTmpOWQn6x1mlbNeK/VpGtUBAmO7nzsJ037dqKolll7
 hEJhdD5bu/bD3a3ouR+RQt70J052jQfnaQTSh0dYMPbYL3h8pXnMmqPnNkisI+HucKkT
 L4WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version:content-transfer-encoding;
 bh=mFvH4UMPovsFcfDdFQUzer+6Z6qirmc7MIJyVgu/JQY=;
 b=SiKu9pl1DXSvjUm88QuwDE7Zg9Qira75MefTIPWN0NXHlrZOvLvBoJbIPt9YB2RevV
 zdkWfOrApZS2x2teZ9F8FI9ew9EIA7YcMZmkZ/uGO4KYX6CcoGZhAeZTQq2NNTt5JNTp
 Ga3r9a9FrWf1L/ZgSa1ltZoDNr8jCxT49iLjCSKepAnWeWM2jGzDbhtSRDgBpuJGnER/
 tjjsSYuf7u/oEkrnDjlNu7CoVXtoK1mrueB7bgLUkDE18cV1q8BcBpH9h1hBDNHdPAwq
 BLTt1Cc3vFwgG+WrfLfyOaEeb0m/QM4gd76iYezlbngAsNoIFaQqaU4Fj2PFr9TJG0dz
 qaZw==
X-Gm-Message-State: AODbwcB4gpGs+ZG7hCaN+Ba5Au9tTRiL5fU687s2hLPoE+PUj5NEk+zb
 wTHoCjlKCMDLJJMt
X-Received: by 10.98.55.198 with SMTP id e189mr43915909pfa.38.1495697164765;
 Thu, 25 May 2017 00:26:04 -0700 (PDT)
Received: from apteryx ([2601:647:4a01:bacd:c2f8:daff:fe5d:2f2f])
 by smtp.gmail.com with ESMTPSA id a12sm2826798pgn.62.2017.05.25.00.26.03
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 25 May 2017 00:26:03 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN> <87shk3y74g.fsf@HIDDEN>
Date: Thu, 25 May 2017 00:26:01 -0700
In-Reply-To: <87shk3y74g.fsf@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Wed, 17 May 2017 14:56:15 +0200")
Message-ID: <8737btieie.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.8 (--)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.8 (--)

Hi Ludovic!

ludo@HIDDEN (Ludovic Court=C3=A8s) writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>
>> This problem has been ongoing for some time. It prevents me from using
>> things such as "guix lint" or "guix import" (seems to be related to
>> certs and gnutls). I thought a guix system reconfigure (I'm on GuixSD)
>> would fix it but it hasn't, even after rebooting the system.
>>
>> It is reminiscent of bug#25200, but there doesn't appear to be any
>> dangling symlinks this time around.
>>
>> The nss-certs package is present in my operating system declaration, and
>> the /etc/ssl/certs directory is populated ('/etc/ssl' is a symbolic link
>> pointing to /run/current-system/profile/etc/ssl).
>>
>> SSL_CERT_DIR is set to "/etc/ssl/certs"
>> SSL_CERT_FILE is set to "/etc/ssl/certs/ca-certificates.crt"
>>
>>
>> A couple examples of how things break:
>>
>> * guix lint
>>
>> guix lint emacs
>> Backtrace:macs@HIDDEN [cve]...
>>            9 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
>> In guix/ui.scm:
>>    1257:8  8 (run-guix-command _ . _)
>> In srfi/srfi-1.scm:
>>     640:9  7 (for-each #<procedure 183c060 at guix/scripts/lint.scm&> &)
>> In guix/scripts/lint.scm:
>>     982:4  6 (run-checkers _ _)
>> In srfi/srfi-1.scm:
>>     640:9  5 (for-each #<procedure 1f252a0 at guix/scripts/lint.scm&> &)
>> In guix/scripts/lint.scm:
>>     805:4  4 (check-vulnerabilities _)
>>     800:9  3 (_ _)
>> In unknown file:
>>            2 (force #<promise #<procedure 7f1db4d41f88 at guix/scrip&>)
>> In guix/scripts/lint.scm:
>>    789:24  1 (_)
>> In ice-9/boot-9.scm:
>>     837:9  0 (catch srfi-34 #<procedure 7f1db4d4d3a8 at guix/script&> &)
>>
>> ice-9/boot-9.scm:837:9: In procedure catch:
>> ice-9/boot-9.scm:837:9: Throw to key `gnutls-error' with args `(#<gnutls=
-error-enum Error while reading file.> set-certificate-credentials-x509-tru=
st-file!)'.
>
> So the problem here is that $SSL_CERT_DIR or $SSL_CERT_FILE is
> unreadable for some reason.  Could you =E2=80=98strace=E2=80=99 it to see=
 exactly which
> file cannot be opened and why?
>
> However, I cannot reproduce it with current master:
>
> --8<---------------cut here---------------start------------->8---
> $ rm -rf ~/.cache/guix/cve
> $ SSL_CERT_FILE=3D/sdfsfd SSL_CERT_DIR=3D/sdfs  guix lint emacs
> gnu/packages/emacs.scm:99:2: emacs@HIDDEN: TLS certificate error: ERROR: X.=
509 certificate of 'www.gnu.org' could not be verified:
>   signer-not-found
>   invalid
>
>
> guix lint: warning: TLS certificate error: ERROR: X.509 certificate of 's=
tatic.nvd.nist.gov' could not be verified:
>   signer-not-found
>   invalid
>
> guix lint: warning: assuming no CVE vulnerabilities
> --8<---------------cut here---------------end--------------->8---
>
> This is the same story for the other ones.
>
> Essentially, this code from (guix build download):
>
>   (define (make-credendials-with-ca-trust-files directory)
>     "Return certificate credentials with X.509 authority certificates rea=
d from
>   DIRECTORY.  Those authority certificates are checked when
>   'peer-certificate-status' is later called."
>     (let ((cred  (make-certificate-credentials))
>           (files (or (scandir directory
>                               (lambda (file)
>                                 (string-suffix? ".pem" file)))
>                      '())))
>       (for-each (lambda (file)
>                   (let ((file (string-append directory "/" file)))
>                     ;; Protect against dangling symlinks.
>                     (when (file-exists? file)
>                       (set-certificate-credentials-x509-trust-file!
>                        cred file
>                        x509-certificate-format/pem))))
>                 (or files '()))
>       cred))
>
> seems to select a FILE that passes =E2=80=98file-exists?=E2=80=99 but tha=
t cannot be
> read by =E2=80=98set-certificate-credentials-x509-trust-file!=E2=80=99.  =
I think that
> can happen with unreadable files (EPERM), though I can=E2=80=99t reproduc=
e it.
>
> The =E2=80=98strace=E2=80=99 output should help us figure out what=E2=80=
=99s going on.
>
> Thanks,
> Ludo=E2=80=99.

Thanks for the explanation and the suggestion of strace. Here's the
(troncated from the point close to where the error occurs) strace:

--8<---------------cut here---------------start------------->8---
stat("/etc/ssl/certs/ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.pem", {st_=
mode=3DS_IFREG|0444, st_size=3D2939, ...}) =3D 0
open("/etc/ssl/certs/ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.pem", O_RD=
ONLY) =3D 15
fstat(15, {st_mode=3DS_IFREG|0444, st_size=3D2939, ...}) =3D 0
lseek(15, 0, SEEK_CUR)                  =3D 0
fstat(15, {st_mode=3DS_IFREG|0444, st_size=3D2939, ...}) =3D 0
read(15, "# alias=3D\"ACCVRAIZ1\"\n# trust=3DCKA_"..., 4096) =3D 2939
read(15, "", 4096)                      =3D 0
close(15)                               =3D 0
stat("/etc/ssl/certs/ACEDICOM_Root:2.8.97.141.199.134.59.1.130.5.pem", {st_=
mode=3DS_IFREG|0444, st_size=3D2212, ...}) =3D 0
open("/etc/ssl/certs/ACEDICOM_Root:2.8.97.141.199.134.59.1.130.5.pem", O_RD=
ONLY) =3D 15
fstat(15, {st_mode=3DS_IFREG|0444, st_size=3D2212, ...}) =3D 0
lseek(15, 0, SEEK_CUR)                  =3D 0
fstat(15, {st_mode=3DS_IFREG|0444, st_size=3D2212, ...}) =3D 0
read(15, "# alias=3D\"ACEDICOM Root\"\n# trust=3D"..., 4096) =3D 2212

read(15, "", 4096)                      =3D 0
close(15)                               =3D 0
stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=3DS_IFREG|0444, =
st_size=3D2444, ...}) =3D 0
open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) =3D -1 ENOENT (No=
 such file or directory)
write(2, "Backtrace:\n", 11Backtrace:
)            =3D 11
stat("/home/maxim/src/guix-packages/system/repl/debug.scm", 0x7ffe124af550)=
 =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/repl/debug", 0x7ffe124af550) =3D=
 -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/repl/debug.scm", 0x7ffe124af55=
0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/repl/debug", 0x7ffe124af550) =
=3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/repl/debug", 0x7ffe124af550) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/repl/debug", 0x7ffe124af550) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/repl/debug", 0x7ffe124af550) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/repl/debug", 0x7ffe124af550) =3D -1 ENOENT (No suc=
h file or directory)
stat("/home/maxim/src/guix/system/repl/debug.scm", 0x7ffe124af550) =3D -1 E=
NOENT (No such file or directory)
stat("/home/maxim/src/guix/system/repl/debug", 0x7ffe124af550) =3D -1 ENOEN=
T (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/repl/debug.scm"=
, 0x7ffe124af550) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/repl/debug", 0x=
7ffe124af550) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/repl/debug.sc=
m", 0x7ffe124af550) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/repl/debug", =
0x7ffe124af550) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/repl/debug.scm", {st_mode=3DS_IFREG|0444, st_size=3D7461, ...}) =
=3D 0
stat("/home/maxim/src/guix-packages/system/repl/debug.go", 0x7ffe124af360) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/repl/debug.go", 0x7ffe124af360=
) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/repl/debug.go", 0x7ffe124af360) =3D -1 ENOENT=
 (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/repl/debug.go", 0x7ffe124af360) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/repl/debug.go", 0x7ffe124af360) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/repl/debug.go", 0x7ffe124af360) =3D -1 ENOENT (No =
such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/repl/debug=
.go", 0x7ffe124af360) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/repl/debug.go",=
 0x7ffe124af360) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/repl/deb=
ug.go", 0x7ffe124af360) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/repl/debug.go=
", 0x7ffe124af360) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/repl/debug.go", {st_mode=3DS_IFREG|0444, st_size=3D78421, ..=
.}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/repl/debug.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 78421
mmap(NULL, 78421, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cdf14000
close(15)                               =3D 0
mprotect(0x7fc6cdf24000, 7112, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/system/base/syntax.scm", 0x7ffe124af1c0=
) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/base/syntax", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/syntax.scm", 0x7ffe124af1=
c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/syntax", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) =3D -1 ENOENT (N=
o such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/base/syntax", 0x7ffe124af1c0) =3D -1 ENOENT (No such fi=
le or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/base/syntax", 0x7ffe124af1c0) =3D -1 ENOENT (No such fi=
le or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) =3D -1 ENOENT (N=
o such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/home/maxim/src/guix/system/base/syntax.scm", 0x7ffe124af1c0) =3D -1 =
ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/base/syntax", 0x7ffe124af1c0) =3D -1 ENOE=
NT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/syntax.scm=
", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/syntax", 0=
x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/syntax.s=
cm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/syntax",=
 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/base/syntax.scm", {st_mode=3DS_IFREG|0444, st_size=3D13135, ...})=
 =3D 0
stat("/home/maxim/src/guix-packages/system/base/syntax.go", 0x7ffe124aefd0)=
 =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/syntax.go", 0x7ffe124aefd=
0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/base/syntax.go", 0x7ffe124aefd0) =3D -1 ENOEN=
T (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) =3D -1 ENOENT (No=
 such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/base/synta=
x.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/syntax.go"=
, 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/base/syn=
tax.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/syntax.g=
o", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/base/syntax.go", {st_mode=3DS_IFREG|0444, st_size=3D86477, .=
..}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/base/syntax.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 86477
mmap(NULL, 86477, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cdefe000
close(15)                               =3D 0
mprotect(0x7fc6cdf0e000, 9704, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/system/base/language.scm", 0x7ffe124af1=
c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/base/language", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/language.scm", 0x7ffe124a=
f1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/language", 0x7ffe124af1c0=
) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) =3D -1 ENOENT =
(No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/base/language", 0x7ffe124af1c0) =3D -1 ENOENT (No =
such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No s=
uch file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/base/language", 0x7ffe124af1c0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No s=
uch file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/base/language", 0x7ffe124af1c0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) =3D -1 ENOENT =
(No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/base/language", 0x7ffe124af1c0) =3D -1 ENOENT (No =
such file or directory)
stat("/home/maxim/src/guix/system/base/language.scm", 0x7ffe124af1c0) =3D -=
1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/base/language", 0x7ffe124af1c0) =3D -1 EN=
OENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/language.s=
cm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/language",=
 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/language=
.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/language=
", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/base/language.scm", {st_mode=3DS_IFREG|0444, st_size=3D3799, ...}=
) =3D 0
stat("/home/maxim/src/guix-packages/system/base/language.go", 0x7ffe124aefd=
0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/language.go", 0x7ffe124ae=
fd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/base/language.go", 0x7ffe124aefd0) =3D -1 ENO=
ENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/base/language.go", 0x7ffe124aefd0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/base/language.go", 0x7ffe124aefd0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/base/language.go", 0x7ffe124aefd0) =3D -1 ENOENT (=
No such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/base/langu=
age.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/language.g=
o", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/base/lan=
guage.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/language=
.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/base/language.go", {st_mode=3DS_IFREG|0444, st_size=3D74965,=
 ...}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/base/language.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 74965
mmap(NULL, 74965, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cdeeb000
close(15)                               =3D 0
mprotect(0x7fc6cdefb000, 4408, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/system/vm/vm.scm", 0x7ffe124af1c0) =3D =
-1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/vm/vm", 0x7ffe124af1c0) =3D -1 E=
NOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/vm.scm", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/vm", 0x7ffe124af1c0) =3D -1=
 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/vm.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/vm", 0x7ffe124af1c0) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/vm.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file=
 or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/vm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or =
directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/vm.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file=
 or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/vm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or =
directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/vm.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/vm", 0x7ffe124af1c0) =3D -1 ENOENT (No such fil=
e or directory)
stat("/home/maxim/src/guix/system/vm/vm.scm", 0x7ffe124af1c0) =3D -1 ENOENT=
 (No such file or directory)
stat("/home/maxim/src/guix/system/vm/vm", 0x7ffe124af1c0) =3D -1 ENOENT (No=
 such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/vm.scm", 0x7=
ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/vm", 0x7ffe1=
24af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/vm.scm", 0=
x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/vm", 0x7ff=
e124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/vm/vm.scm", {st_mode=3DS_IFREG|0444, st_size=3D1321, ...}) =3D 0
stat("/home/maxim/src/guix-packages/system/vm/vm.go", 0x7ffe124aefd0) =3D -=
1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/vm.go", 0x7ffe124aefd0) =3D=
 -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/vm/vm.go", 0x7ffe124aefd0) =3D -1 ENOENT (No =
such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/vm.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file =
or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/vm.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file =
or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/vm.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such =
file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/vm/vm.go",=
 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/vm.go", 0x7f=
fe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/vm/vm.go=
", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/vm.go", 0x=
7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/vm.go", {st_mode=3DS_IFREG|0444, st_size=3D68797, ...}) =
=3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/vm.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 68797
mmap(NULL, 68797, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cdeda000
close(15)                               =3D 0
mprotect(0x7fc6cdeea000, 1280, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/system/vm/frame.scm", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/vm/frame", 0x7ffe124af1c0) =3D -=
1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/frame.scm", 0x7ffe124af1c0)=
 =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/frame", 0x7ffe124af1c0) =3D=
 -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/frame.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No s=
uch file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/frame", 0x7ffe124af1c0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/frame.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such f=
ile or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/frame", 0x7ffe124af1c0) =3D -1 ENOENT (No such file =
or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/frame.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such f=
ile or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/frame", 0x7ffe124af1c0) =3D -1 ENOENT (No such file =
or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/frame.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No s=
uch file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/frame", 0x7ffe124af1c0) =3D -1 ENOENT (No such =
file or directory)
stat("/home/maxim/src/guix/system/vm/frame.scm", 0x7ffe124af1c0) =3D -1 ENO=
ENT (No such file or directory)
stat("/home/maxim/src/guix/system/vm/frame", 0x7ffe124af1c0) =3D -1 ENOENT =
(No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/frame.scm", =
0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/frame", 0x7f=
fe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/frame.scm"=
, 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/frame", 0x=
7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/vm/frame.scm", {st_mode=3DS_IFREG|0444, st_size=3D19619, ...}) =
=3D 0
stat("/home/maxim/src/guix-packages/system/vm/frame.go", 0x7ffe124aefd0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/frame.go", 0x7ffe124aefd0) =
=3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/vm/frame.go", 0x7ffe124aefd0) =3D -1 ENOENT (=
No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/frame.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such fi=
le or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/frame.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such fi=
le or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/frame.go", 0x7ffe124aefd0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/vm/frame.g=
o", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/frame.go", 0=
x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/vm/frame=
.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/frame.go",=
 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/frame.go", {st_mode=3DS_IFREG|0444, st_size=3D188181, ...=
}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/frame.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 188181
mmap(NULL, 188181, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cdeac000
close(15)                               =3D 0
mprotect(0x7fc6cdecc000, 39688, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/system/vm/disassembler.scm", 0x7ffe124a=
ee30) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/vm/disassembler", 0x7ffe124aee30=
) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/disassembler.scm", 0x7ffe12=
4aee30) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/disassembler", 0x7ffe124aee=
30) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/disassembler.scm", 0x7ffe124aee30) =3D -1 ENOEN=
T (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/disassembler", 0x7ffe124aee30) =3D -1 ENOENT (N=
o such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/disassembler.scm", 0x7ffe124aee30) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/disassembler", 0x7ffe124aee30) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/disassembler.scm", 0x7ffe124aee30) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/disassembler", 0x7ffe124aee30) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/disassembler.scm", 0x7ffe124aee30) =3D -1 ENOEN=
T (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/disassembler", 0x7ffe124aee30) =3D -1 ENOENT (N=
o such file or directory)
stat("/home/maxim/src/guix/system/vm/disassembler.scm", 0x7ffe124aee30) =3D=
 -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/vm/disassembler", 0x7ffe124aee30) =3D -1 =
ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/disassembler=
.scm", 0x7ffe124aee30) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/disassembler=
", 0x7ffe124aee30) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/disassembl=
er.scm", 0x7ffe124aee30) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/disassembl=
er", 0x7ffe124aee30) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/vm/disassembler.scm", {st_mode=3DS_IFREG|0444, st_size=3D25824, .=
..}) =3D 0
stat("/home/maxim/src/guix-packages/system/vm/disassembler.go", 0x7ffe124ae=
c40) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/disassembler.go", 0x7ffe124=
aec40) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/vm/disassembler.go", 0x7ffe124aec40) =3D -1 E=
NOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/disassembler.go", 0x7ffe124aec40) =3D -1 ENOENT (No =
such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/disassembler.go", 0x7ffe124aec40) =3D -1 ENOENT (No =
such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/disassembler.go", 0x7ffe124aec40) =3D -1 ENOENT=
 (No such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/vm/disasse=
mbler.go", 0x7ffe124aec40) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/disassembler=
.go", 0x7ffe124aec40) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/vm/disas=
sembler.go", 0x7ffe124aec40) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/disassembl=
er.go", 0x7ffe124aec40) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/disassembler.go", {st_mode=3DS_IFREG|0444, st_size=3D3205=
49, ...}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/disassembler.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 320549
mmap(NULL, 320549, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cde5d000
close(15)                               =3D 0
mprotect(0x7fc6cde8d000, 46848, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/language/bytecode.scm", 0x7ffe124aeaa0)=
 =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/language/bytecode", 0x7ffe124aeaa0) =3D=
 -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/language/bytecode.scm", 0x7ffe124aeaa=
0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/language/bytecode", 0x7ffe124aeaa0) =
=3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/language/bytecode.scm", 0x7ffe124aeaa0) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/language/bytecode", 0x7ffe124aeaa0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/language/bytecode.scm", 0x7ffe124aeaa0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/language/bytecode", 0x7ffe124aeaa0) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/language/bytecode.scm", 0x7ffe124aeaa0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/language/bytecode", 0x7ffe124aeaa0) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/language/bytecode.scm", 0x7ffe124aeaa0) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/language/bytecode", 0x7ffe124aeaa0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/home/maxim/src/guix/language/bytecode.scm", 0x7ffe124aeaa0) =3D -1 E=
NOENT (No such file or directory)
stat("/home/maxim/src/guix/language/bytecode", 0x7ffe124aeaa0) =3D -1 ENOEN=
T (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/language/bytecode.scm"=
, 0x7ffe124aeaa0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/language/bytecode", 0x=
7ffe124aeaa0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/language/bytecode.sc=
m", 0x7ffe124aeaa0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/language/bytecode", =
0x7ffe124aeaa0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/language/bytecode.scm", {st_mode=3DS_IFREG|0444, st_size=3D3150, ...}) =
=3D 0
stat("/home/maxim/src/guix-packages/language/bytecode.go", 0x7ffe124ae8b0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/language/bytecode.go", 0x7ffe124ae8b0=
) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/language/bytecode.go", 0x7ffe124ae8b0) =3D -1 ENOENT=
 (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/language/bytecode.go", 0x7ffe124ae8b0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/language/bytecode.go", 0x7ffe124ae8b0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/language/bytecode.go", 0x7ffe124ae8b0) =3D -1 ENOENT (No =
such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/language/bytecode=
.go", 0x7ffe124ae8b0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/language/bytecode.go",=
 0x7ffe124ae8b0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/language/byteco=
de.go", 0x7ffe124ae8b0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/language/bytecode.go=
", 0x7ffe124ae8b0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/language/bytecode.go", {st_mode=3DS_IFREG|0444, st_size=3D72661, ..=
.}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/language/bytecode.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 72661
mmap(NULL, 72661, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cde4b000
close(15)                               =3D 0
mprotect(0x7fc6cde5b000, 3680, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/ice-9/pretty-print.scm", 0x7ffe124af1c0=
) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/ice-9/pretty-print", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/ice-9/pretty-print.scm", 0x7ffe124af1=
c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/ice-9/pretty-print", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/ice-9/pretty-print.scm", 0x7ffe124af1c0) =3D -1 ENOENT (N=
o such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/ice-9/pretty-print", 0x7ffe124af1c0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/ice-9/pretty-print.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/ice-9/pretty-print", 0x7ffe124af1c0) =3D -1 ENOENT (No such fi=
le or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/ice-9/pretty-print.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/ice-9/pretty-print", 0x7ffe124af1c0) =3D -1 ENOENT (No such fi=
le or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/ice-9/pretty-print.scm", 0x7ffe124af1c0) =3D -1 ENOENT (N=
o such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/ice-9/pretty-print", 0x7ffe124af1c0) =3D -1 ENOENT (No su=
ch file or directory)
stat("/home/maxim/src/guix/ice-9/pretty-print.scm", 0x7ffe124af1c0) =3D -1 =
ENOENT (No such file or directory)
stat("/home/maxim/src/guix/ice-9/pretty-print", 0x7ffe124af1c0) =3D -1 ENOE=
NT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/ice-9/pretty-print.scm=
", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/ice-9/pretty-print", 0=
x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/ice-9/pretty-print.s=
cm", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/ice-9/pretty-print",=
 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/ice-9/pretty-print.scm", {st_mode=3DS_IFREG|0444, st_size=3D16949, ...})=
 =3D 0
stat("/home/maxim/src/guix-packages/ice-9/pretty-print.go", 0x7ffe124aefd0)=
 =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/ice-9/pretty-print.go", 0x7ffe124aefd=
0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/ice-9/pretty-print.go", 0x7ffe124aefd0) =3D -1 ENOEN=
T (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/ice-9/pretty-print.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/ice-9/pretty-print.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/ice-9/pretty-print.go", 0x7ffe124aefd0) =3D -1 ENOENT (No=
 such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/ice-9/pretty-prin=
t.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/ice-9/pretty-print.go"=
, 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/ice-9/pretty-pr=
int.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/ice-9/pretty-print.g=
o", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/ice-9/pretty-print.go", {st_mode=3DS_IFREG|0444, st_size=3D83317, .=
..}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/ice-9/pretty-print.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 83317
mmap(NULL, 83317, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cde36000
close(15)                               =3D 0
mprotect(0x7fc6cde46000, 5656, PROT_READ|PROT_WRITE) =3D 0
stat("/home/maxim/src/guix-packages/system/vm/inspect.scm", 0x7ffe124af1c0)=
 =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/vm/inspect", 0x7ffe124af1c0) =3D=
 -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/inspect.scm", 0x7ffe124af1c=
0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/inspect", 0x7ffe124af1c0) =
=3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/inspect.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/sha=
re/guile/site/2.2/system/vm/inspect", 0x7ffe124af1c0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/inspect.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/inspect", 0x7ffe124af1c0) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/inspect.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No such=
 file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/inspect", 0x7ffe124af1c0) =3D -1 ENOENT (No such fil=
e or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/inspect.scm", 0x7ffe124af1c0) =3D -1 ENOENT (No=
 such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/inspect", 0x7ffe124af1c0) =3D -1 ENOENT (No suc=
h file or directory)
stat("/home/maxim/src/guix/system/vm/inspect.scm", 0x7ffe124af1c0) =3D -1 E=
NOENT (No such file or directory)
stat("/home/maxim/src/guix/system/vm/inspect", 0x7ffe124af1c0) =3D -1 ENOEN=
T (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/inspect.scm"=
, 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/inspect", 0x=
7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/inspect.sc=
m", 0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/inspect", =
0x7ffe124af1c0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2=
.2/system/vm/inspect.scm", {st_mode=3DS_IFREG|0444, st_size=3D6056, ...}) =
=3D 0
stat("/home/maxim/src/guix-packages/system/vm/inspect.go", 0x7ffe124aefd0) =
=3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/vm/inspect.go", 0x7ffe124aefd0=
) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib=
/guile/2.2/site-ccache/system/vm/inspect.go", 0x7ffe124aefd0) =3D -1 ENOENT=
 (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/gu=
ile/site/2.2/system/vm/inspect.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/gu=
ile/site/2.2/system/vm/inspect.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such =
file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/guile/site/2.2/system/vm/inspect.go", 0x7ffe124aefd0) =3D -1 ENOENT (No =
such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/vm/inspect=
.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/vm/inspect.go",=
 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/vm/inspe=
ct.go", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/vm/inspect.go=
", 0x7ffe124aefd0) =3D -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/inspect.go", {st_mode=3DS_IFREG|0444, st_size=3D76301, ..=
.}) =3D 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2=
/ccache/system/vm/inspect.go", O_RDONLY|O_CLOEXEC) =3D 15
lseek(15, 0, SEEK_END)                  =3D 76301
mmap(NULL, 76301, PROT_READ, MAP_PRIVATE, 15, 0) =3D 0x7fc6cde23000
close(15)                               =3D 0
mprotect(0x7fc6cde33000, 4584, PROT_READ|PROT_WRITE) =3D 0
futex(0x7fc6d81f4928, FUTEX_WAKE_PRIVATE, 2147483647) =3D 0
write(2, "           9 (primitive-load \"/g"..., 87           9 (primitive-=
load "/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.=E2=80=A6")
) =3D 87
write(2, "In guix/ui.scm:\n", 16In guix/ui.scm:
)       =3D 16
write(2, "   1264:8  8 (run-guix-command _"..., 38   1264:8  8 (run-guix-co=
mmand _ . _)
) =3D 38
write(2, "In srfi/srfi-1.scm:\n", 20In srfi/srfi-1.scm:
)   =3D 20
write(2, "    640:9  7 (for-each #<procedu"..., 90    640:9  7 (for-each #<=
procedure 1cad800 at guix/scripts/lint.scm:1075:20 (spe=E2=80=A6> =E2=80=A6)
) =3D 90
write(2, "In guix/scripts/lint.scm:\n", 26In guix/scripts/lint.scm:
) =3D 26
write(2, "    982:4  6 (run-checkers _ _)\n", 32    982:4  6 (run-checkers =
_ _)
) =3D 32
write(2, "In srfi/srfi-1.scm:\n", 20In srfi/srfi-1.scm:
)   =3D 20
write(2, "    640:9  5 (for-each #<procedu"..., 90    640:9  5 (for-each #<=
procedure 2da02c0 at guix/scripts/lint.scm:982:14 (chec=E2=80=A6> =E2=80=A6)
) =3D 90
write(2, "In guix/scripts/lint.scm:\n", 26In guix/scripts/lint.scm:
) =3D 26
write(2, "    805:4  4 (check-vulnerabilit"..., 39    805:4  4 (check-vulne=
rabilities _)
) =3D 39
write(2, "    800:9  3 (_ _)\n", 19    800:9  3 (_ _)
)    =3D 19
write(2, "In unknown file:\n", 17In unknown file:
)      =3D 17
write(2, "           2 (force #<promise #<"..., 87           2 (force #<pro=
mise #<procedure 7fc6d22bef88 at guix/scripts/lint.scm:7=E2=80=A6>)
) =3D 87
write(2, "In guix/scripts/lint.scm:\n", 26In guix/scripts/lint.scm:
) =3D 26
write(2, "   789:24  1 (_)\n", 17   789:24  1 (_)
)      =3D 17
write(2, "In ice-9/boot-9.scm:\n", 21In ice-9/boot-9.scm:
)  =3D 21
write(2, "    837:9  0 (catch srfi-34 #<pr"..., 90    837:9  0 (catch srfi-=
34 #<procedure 7fc6d22ca3d8 at guix/scripts/lint.scm:76=E2=80=A6> =E2=80=A6)
) =3D 90
write(2, "\n", 1
)                       =3D 1
futex(0x7fc6d81f4930, FUTEX_WAKE_PRIVATE, 2147483647) =3D 0
futex(0x7fc6d81f4fc8, FUTEX_WAKE_PRIVATE, 2147483647) =3D 0
write(2, "ice-9/boot-9.scm:837:9: In proce"..., 44ice-9/boot-9.scm:837:9: I=
n procedure catch:
) =3D 44
open("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/locale/en_US.UTF-8/LC_MESSAGES/gnutls.mo", O_RDONLY) =3D -1 ENOENT (No s=
uch file or directory)
open("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/locale/en_US.utf8/LC_MESSAGES/gnutls.mo", O_RDONLY) =3D -1 ENOENT (No su=
ch file or directory)
open("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/locale/en_US/LC_MESSAGES/gnutls.mo", O_RDONLY) =3D -1 ENOENT (No such fi=
le or directory)
open("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/locale/en.UTF-8/LC_MESSAGES/gnutls.mo", O_RDONLY) =3D -1 ENOENT (No such=
 file or directory)
open("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/locale/en.utf8/LC_MESSAGES/gnutls.mo", O_RDONLY) =3D -1 ENOENT (No such =
file or directory)
open("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/sha=
re/locale/en/LC_MESSAGES/gnutls.mo", O_RDONLY) =3D -1 ENOENT (No such file =
or directory)
write(2, "ice-9/boot-9.scm:837:9: Throw to"..., 159ice-9/boot-9.scm:837:9: =
Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while rea=
ding file.> set-certificate-credentials-x509-trust-file!)'.
) =3D 159
exit_group(1)                           =3D ?
+++ exited with 1 +++
--8<---------------cut here---------------end--------------->8---

It seems that the problem is caused by the file:
"/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.12=
3.224.21.227.87.240.105.140.203.236.12.p".

The strange thing is that it shouldn't even get into the `files'
variable since we are scanning for files ending with a ".pem" suffix.

--8<---------------cut here---------------start------------->8---
ls /etc/ssl/certs/AC*2.15.7.126*
/etc/ssl/certs/AC_Ra=C3=ADz_Certic=C3=A1mara_S.A.:2.15.7.126.82.147.123.224=
.21.227.87.240.105.140.203.236.12.pem
--8<---------------cut here---------------end--------------->8---

It looks like I have a locale problem? In my operating-system
definition, I'm using (locale "en_US.UTF-8") and the locale-definitions
field is not set (which means it's using %DEFAULT-LOCALE-DEFINITIONS). I
also have the following installed in my user profile:

--8<---------------cut here---------------start------------->8---
guix package -I locale
glibc-locales   2.25    out     /gnu/store/2d97vjjx23w3bhwp4sbylwcx6l5fy8g2=
-glibc-locales-2.25
--8<---------------cut here---------------end--------------->8---

Finally,

--8<---------------cut here---------------start------------->8---
set | grep LOC
GUIX_LOCPATH=3D/run/current-system/locale
XTERM_LOCALE=3Den_US.UTF-8
--8<---------------cut here---------------end--------------->8---

I would have liked to exercise the
`make-credendials-with-ca-trust-files' function to debug but there's a
`make-certificate-credentials' function called which I coudln't source
(where does it come from? Doing C-c . u in Geiser didn't help making it
visible, as did grepping the Guix sources for its definition)

Thanks for you patience, and sorry for the delayed follow-up.

Maxim




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at 26948 <at> debbugs.gnu.org:


Received: (at 26948) by debbugs.gnu.org; 17 May 2017 12:56:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 17 08:56:29 2017
Received: from localhost ([127.0.0.1]:49705 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dAyVA-0004I5-U9
	for submit <at> debbugs.gnu.org; Wed, 17 May 2017 08:56:29 -0400
Received: from eggs.gnu.org ([208.118.235.92]:57974)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dAyV9-0004Ht-NL
 for 26948 <at> debbugs.gnu.org; Wed, 17 May 2017 08:56:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dAyV1-0007WT-B2
 for 26948 <at> debbugs.gnu.org; Wed, 17 May 2017 08:56:22 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58353)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dAyV1-0007WN-7d; Wed, 17 May 2017 08:56:19 -0400
Received: from reverse-83.fdn.fr ([80.67.176.83]:47848 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dAyV0-0003Yu-Gr; Wed, 17 May 2017 08:56:19 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#26948: gnutls errors on multiple guix commands
References: <8737c51e6r.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 28 =?utf-8?Q?Flor=C3=A9al?= an 225 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Wed, 17 May 2017 14:56:15 +0200
In-Reply-To: <8737c51e6r.fsf@HIDDEN> (Maxim Cournoyer's message of "Mon, 15
 May 2017 22:19:26 -0700")
Message-ID: <87shk3y74g.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 26948
Cc: 26948 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:

> This problem has been ongoing for some time. It prevents me from using
> things such as "guix lint" or "guix import" (seems to be related to
> certs and gnutls). I thought a guix system reconfigure (I'm on GuixSD)
> would fix it but it hasn't, even after rebooting the system.
>
> It is reminiscent of bug#25200, but there doesn't appear to be any
> dangling symlinks this time around.
>
> The nss-certs package is present in my operating system declaration, and
> the /etc/ssl/certs directory is populated ('/etc/ssl' is a symbolic link
> pointing to /run/current-system/profile/etc/ssl).
>
> SSL_CERT_DIR is set to "/etc/ssl/certs"
> SSL_CERT_FILE is set to "/etc/ssl/certs/ca-certificates.crt"
>
>
> A couple examples of how things break:
>
> * guix lint
>
> guix lint emacs
> Backtrace:macs@HIDDEN [cve]...
>            9 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
> In guix/ui.scm:
>    1257:8  8 (run-guix-command _ . _)
> In srfi/srfi-1.scm:
>     640:9  7 (for-each #<procedure 183c060 at guix/scripts/lint.scm&> &)
> In guix/scripts/lint.scm:
>     982:4  6 (run-checkers _ _)
> In srfi/srfi-1.scm:
>     640:9  5 (for-each #<procedure 1f252a0 at guix/scripts/lint.scm&> &)
> In guix/scripts/lint.scm:
>     805:4  4 (check-vulnerabilities _)
>     800:9  3 (_ _)
> In unknown file:
>            2 (force #<promise #<procedure 7f1db4d41f88 at guix/scrip&>)
> In guix/scripts/lint.scm:
>    789:24  1 (_)
> In ice-9/boot-9.scm:
>     837:9  0 (catch srfi-34 #<procedure 7f1db4d4d3a8 at guix/script&> &)
>
> ice-9/boot-9.scm:837:9: In procedure catch:
> ice-9/boot-9.scm:837:9: Throw to key `gnutls-error' with args `(#<gnutls-=
error-enum Error while reading file.> set-certificate-credentials-x509-trus=
t-file!)'.

So the problem here is that $SSL_CERT_DIR or $SSL_CERT_FILE is
unreadable for some reason.  Could you =E2=80=98strace=E2=80=99 it to see e=
xactly which
file cannot be opened and why?

However, I cannot reproduce it with current master:

--8<---------------cut here---------------start------------->8---
$ rm -rf ~/.cache/guix/cve
$ SSL_CERT_FILE=3D/sdfsfd SSL_CERT_DIR=3D/sdfs  guix lint emacs
gnu/packages/emacs.scm:99:2: emacs@HIDDEN: TLS certificate error: ERROR: X.50=
9 certificate of 'www.gnu.org' could not be verified:
  signer-not-found
  invalid


guix lint: warning: TLS certificate error: ERROR: X.509 certificate of 'sta=
tic.nvd.nist.gov' could not be verified:
  signer-not-found
  invalid

guix lint: warning: assuming no CVE vulnerabilities
--8<---------------cut here---------------end--------------->8---

This is the same story for the other ones.

Essentially, this code from (guix build download):

  (define (make-credendials-with-ca-trust-files directory)
    "Return certificate credentials with X.509 authority certificates read =
from
  DIRECTORY.  Those authority certificates are checked when
  'peer-certificate-status' is later called."
    (let ((cred  (make-certificate-credentials))
          (files (or (scandir directory
                              (lambda (file)
                                (string-suffix? ".pem" file)))
                     '())))
      (for-each (lambda (file)
                  (let ((file (string-append directory "/" file)))
                    ;; Protect against dangling symlinks.
                    (when (file-exists? file)
                      (set-certificate-credentials-x509-trust-file!
                       cred file
                       x509-certificate-format/pem))))
                (or files '()))
      cred))

seems to select a FILE that passes =E2=80=98file-exists?=E2=80=99 but that =
cannot be
read by =E2=80=98set-certificate-credentials-x509-trust-file!=E2=80=99.  I =
think that
can happen with unreadable files (EPERM), though I can=E2=80=99t reproduce =
it.

The =E2=80=98strace=E2=80=99 output should help us figure out what=E2=80=99=
s going on.

Thanks,
Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 16 May 2017 06:58:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 16 02:58:02 2017
Received: from localhost ([127.0.0.1]:47347 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dAWQj-0000Yn-Ol
	for submit <at> debbugs.gnu.org; Tue, 16 May 2017 02:58:02 -0400
Received: from eggs.gnu.org ([208.118.235.92]:48586)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dAWQi-0000YY-Iy
 for submit <at> debbugs.gnu.org; Tue, 16 May 2017 02:58:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dAWQc-0003Rl-Fq
 for submit <at> debbugs.gnu.org; Tue, 16 May 2017 02:57:55 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 T_DKIM_INVALID autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:50220)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1dAWQc-0003Rf-CT
 for submit <at> debbugs.gnu.org; Tue, 16 May 2017 02:57:54 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39557)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dAWQa-0007BB-Qy
 for bug-guix@HIDDEN; Tue, 16 May 2017 02:57:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1dAWQZ-0003RI-Pg
 for bug-guix@HIDDEN; Tue, 16 May 2017 02:57:52 -0400
Received: from mail-pf0-x234.google.com ([2607:f8b0:400e:c00::234]:34227)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1dAWQZ-0003R9-Ip
 for bug-guix@HIDDEN; Tue, 16 May 2017 02:57:51 -0400
Received: by mail-pf0-x234.google.com with SMTP id 9so35613259pfj.1
 for <bug-guix@HIDDEN>; Mon, 15 May 2017 23:57:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:user-agent:mime-version;
 bh=Vqa5YOngd0THWs6s77EQB8d9/p2aQK2o2X/W9Mm6cqc=;
 b=fITpovmGk6TxFnDJzGzqaPBFZNx+2V7Wo2JUZ6i4d9aZyFUAOX43XZB1QuZd837n+S
 kgsWrtshQJkQ2uLHtT18mzu/greT0TPDAaSvEOy8xQFQliS+sKcTep3YhUyFrXvu94ub
 aeS0wVURyAOhY2q89hx+fFvjL4emfBR14RbBtSj0F439GFhx90I6behn5gMo/li23PZo
 w5MAh0PNU7Cl7UBICVjdjw/+QQCkoNvKcuqEuWti9NFLEtq15jQw8IhnLvuzjDt2fbWv
 8vbEswvYRMeqSRxSIz0KmADpnEC1el/B3xswDGDu+GO4AQYH71sxgh1Sj0q3QssVCPlz
 YnOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:user-agent
 :mime-version;
 bh=Vqa5YOngd0THWs6s77EQB8d9/p2aQK2o2X/W9Mm6cqc=;
 b=oD+H9JG0Zmzq4Zaphc1L9+dBx18EX4sK5PsXfArzRKQ3qczfKcTmnsyjTfq4VV/hJy
 s4WjSgqdn3PWWMYteyDwQ5zr+7D1xpHabtKcCFIOOv3xwVx+IA/aBi+Bx9037PdMpNQ+
 NWxbcBBW/fuq/6sxldZvBGN651RdlbLZjGuJrCSdJQyf7kbPTZ6PDBlrZZRbzgonK+if
 tR2wTBtmunqzRzZDl3w/HBJJ+jKO3EUzlbHPSEBVvUqe+tLODgORL3T71Mnt65GE8ep1
 UD6zJz4UFvA3UNk2sT6o8thTkuTn7O+2AIV4QcXZjoRgtYAqe+Ilnst7jHGSBvWwBDse
 B9qw==
X-Gm-Message-State: AODbwcBO2EHRqqWRXxzZbanhPuBMkKXrcylsZVL0FRYbIf0veFyaFC9L
 G4UF2KFl2n80Pdbh
X-Received: by 10.84.224.4 with SMTP id r4mr13778384plj.173.1494917869785;
 Mon, 15 May 2017 23:57:49 -0700 (PDT)
Received: from apteryx ([2601:647:4a02:70e3:c2f8:daff:fe5d:2f2f])
 by smtp.gmail.com with ESMTPSA id a87sm16570140pfj.50.2017.05.15.23.57.49
 for <bug-guix@HIDDEN>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 15 May 2017 23:57:49 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: bug-guix <bug-guix@HIDDEN>
Subject: gnutls errors on multiple guix commands
Date: Mon, 15 May 2017 22:19:26 -0700
Message-ID: <8737c51e6r.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.0 (----)

Hello Guix!

This problem has been ongoing for some time. It prevents me from using
things such as "guix lint" or "guix import" (seems to be related to
certs and gnutls). I thought a guix system reconfigure (I'm on GuixSD)
would fix it but it hasn't, even after rebooting the system.

It is reminiscent of bug#25200, but there doesn't appear to be any
dangling symlinks this time around.

The nss-certs package is present in my operating system declaration, and
the /etc/ssl/certs directory is populated ('/etc/ssl' is a symbolic link
pointing to /run/current-system/profile/etc/ssl).

SSL_CERT_DIR is set to "/etc/ssl/certs"
SSL_CERT_FILE is set to "/etc/ssl/certs/ca-certificates.crt"


A couple examples of how things break:

* guix lint

--8<---------------cut here---------------start------------->8---
guix lint emacs
Backtrace:macs@HIDDEN [cve]...
           9 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
In guix/ui.scm:
   1257:8  8 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    640:9  7 (for-each #<procedure 183c060 at guix/scripts/lint.scm&> &)
In guix/scripts/lint.scm:
    982:4  6 (run-checkers _ _)
In srfi/srfi-1.scm:
    640:9  5 (for-each #<procedure 1f252a0 at guix/scripts/lint.scm&> &)
In guix/scripts/lint.scm:
    805:4  4 (check-vulnerabilities _)
    800:9  3 (_ _)
In unknown file:
           2 (force #<promise #<procedure 7f1db4d41f88 at guix/scrip&>)
In guix/scripts/lint.scm:
   789:24  1 (_)
In ice-9/boot-9.scm:
    837:9  0 (catch srfi-34 #<procedure 7f1db4d4d3a8 at guix/script&> &)

ice-9/boot-9.scm:837:9: In procedure catch:
ice-9/boot-9.scm:837:9: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

--8<---------------cut here---------------end--------------->8---


* Using guix import

--8<---------------cut here---------------start------------->8---
guix import pypi flask-migrate
Backtrace:
          12 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
In guix/ui.scm:
   1257:8 11 (run-guix-command _ . _)
In guix/scripts/import.scm:
   114:11 10 (guix-import . _)
In guix/scripts/import/pypi.scm:
    84:19  9 (guix-import-pypi . _)
In guix/import/pypi.scm:
   279:17  8 (pypi->guix-package _)
In ice-9/boot-9.scm:
    837:9  7 (catch srfi-34 #<procedure 29a3300 at guix/import/json&> &)
In guix/import/json.scm:
    32:17  6 (_)
In guix/http-client.scm:
   239:25  5 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # &)
In guix/build/download.scm:
    520:4  4 (open-connection-for-uri _ #:timeout _ # _)
   391:34  3 (tls-wrap #<input-output: socket 14> "pypi.python.org" # &)
    308:4  2 (make-credendials-with-ca-trust-files _)
In srfi/srfi-1.scm:
    640:9  1 (for-each #<procedure 29a9680 at guix/build/download.s&> &)
In unknown file:
           0 (set-certificate-credentials-x509-trust-file! #<certif&> &)

ERROR: In procedure set-certificate-credentials-x509-trust-file!:
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.
--8<---------------cut here---------------end--------------->8---


* Using lint from emacs-guix

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> ,m (emacs-guix)
scheme@(emacs-guix)> (guix-command "lint" "grub")
;;; Failed to autoload make-session in (gnutls):
;;; ERROR: missing interface for module (gnutls)
guix/scripts/lint.scm:466:16: In procedure validate-uri:
guix/scripts/lint.scm:466:16: In procedure module-lookup: Unbound variable: make-session

Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
scheme@(emacs-guix) [1]> ,bt
In ice-9/boot-9.scm:
    837:9  5 (catch quit #<procedure 1eeb960 at emacs-guix/commands.scm:51:4 ()> #<procedure 1eeb940 at ice-9/boot-9.scm:1057:2 _> _)
In guix/ui.scm:
   1257:8  4 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    640:9  3 (for-each #<procedure 1eeb7e0 at guix/scripts/lint.scm:1075:20 (spec)> ("grub"))
In guix/scripts/lint.scm:
    982:4  2 (run-checkers #<package grub@HIDDEN gnu/packages/bootloaders.scm:64 3352540> _)
In srfi/srfi-1.scm:
    640:9  1 (for-each #<procedure 39fb4c0 at guix/scripts/lint.scm:982:14 (checker)> _)
In guix/scripts/lint.scm:
   466:16  0 (validate-uri #<<uri> scheme: https userinfo: #f host: "www.gnu.org" port: #f path: "/software/grub/" query: #f fragment: #f> #<package grub@HIDDEN g&> &)
--8<---------------cut here---------------end--------------->8---

Any pointer welcome.

Maxim




Acknowledgement sent to Maxim Cournoyer <maxim.cournoyer@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#26948; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Thu, 27 Jul 2017 13:00:03 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.