GNU bug report logs - #30619
Cuirass requires TLS certificates

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Andreas Enge <andreas@HIDDEN>; dated Mon, 26 Feb 2018 20:53:01 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 30619 <at> debbugs.gnu.org:


Received: (at 30619) by debbugs.gnu.org; 27 Feb 2018 16:00:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 27 11:00:43 2018
Received: from localhost ([127.0.0.1]:35806 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1eqhgJ-0006FA-G4
	for submit <at> debbugs.gnu.org; Tue, 27 Feb 2018 11:00:43 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:53098)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1eqhgI-0006F2-EY
 for 30619 <at> debbugs.gnu.org; Tue, 27 Feb 2018 11:00:42 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id E07A81054D;
 Tue, 27 Feb 2018 17:00:41 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dwQFyKD6b05f; Tue, 27 Feb 2018 17:00:41 +0100 (CET)
Received: from ribbon (unknown [193.50.110.216])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 3611C228E;
 Tue, 27 Feb 2018 17:00:41 +0100 (CET)
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Andreas Enge <andreas@HIDDEN>
Subject: Re: bug#30619: Cuirass requires TLS certificates
References: <20180226205158.GA2432@jurong>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 =?utf-8?Q?Vent=C3=B4se?= an 226 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 27 Feb 2018 17:00:40 +0100
In-Reply-To: <20180226205158.GA2432@jurong> (Andreas Enge's message of "Mon,
 26 Feb 2018 21:51:58 +0100")
Message-ID: <87lgfe1kyf.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 30619
Cc: 30619 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

Andreas Enge <andreas@HIDDEN> skribis:

> the cuirass service requires TLS certificates to do continuous integration
> of guix (or more generally, git repositories served over https). This wor=
ks
> when nss-certs is installed as a global package in the system.
>
> Should the service depend on the nss-certs package? Or maybe take as an
> optional configuration parameter a certificate package?

I thought that, instead of assuming /etc/ssl/certs exists, the Cuirass
service could use (file-append nss-certs "/etc/ssl/certs/ca-certificates.cr=
t").
That would make it self-contained.

That=E2=80=99s currently not possible though because this certificate bundl=
e is
built as a profile hook.  We would first need to export the procedure
that creates bundles, possibly by moving it to a new (guix
x509-certificates) module.

Thoughts?

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#30619; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 26 Feb 2018 20:52:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 26 15:52:17 2018
Received: from localhost ([127.0.0.1]:33995 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1eqPku-0004W0-VT
	for submit <at> debbugs.gnu.org; Mon, 26 Feb 2018 15:52:17 -0500
Received: from eggs.gnu.org ([208.118.235.92]:60688)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andreas@HIDDEN>) id 1eqPkt-0004Vl-GF
 for submit <at> debbugs.gnu.org; Mon, 26 Feb 2018 15:52:16 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <andreas@HIDDEN>) id 1eqPkn-0007ax-2R
 for submit <at> debbugs.gnu.org; Mon, 26 Feb 2018 15:52:09 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:57729)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <andreas@HIDDEN>) id 1eqPkm-0007an-TV
 for submit <at> debbugs.gnu.org; Mon, 26 Feb 2018 15:52:08 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51647)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <andreas@HIDDEN>) id 1eqPkl-0003AK-PH
 for bug-guix@HIDDEN; Mon, 26 Feb 2018 15:52:08 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <andreas@HIDDEN>) id 1eqPkg-0007YV-Dg
 for bug-guix@HIDDEN; Mon, 26 Feb 2018 15:52:07 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:42748)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <andreas@HIDDEN>) id 1eqPkg-0007Xt-6T
 for bug-guix@HIDDEN; Mon, 26 Feb 2018 15:52:02 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 0616810A02;
 Mon, 26 Feb 2018 21:52:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VSCF8Dt-htRw; Mon, 26 Feb 2018 21:52:00 +0100 (CET)
Received: from jurong (unknown [IPv6:2001:910:103f::c1e])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 63250107DB;
 Mon, 26 Feb 2018 21:52:00 +0100 (CET)
Date: Mon, 26 Feb 2018 21:51:58 +0100
From: Andreas Enge <andreas@HIDDEN>
To: bug-guix@HIDDEN
Subject: Cuirass requires TLS certificates
Message-ID: <20180226205158.GA2432@jurong>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.3 (2018-01-21)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hello,

the cuirass service requires TLS certificates to do continuous integration
of guix (or more generally, git repositories served over https). This works
when nss-certs is installed as a global package in the system.

Should the service depend on the nss-certs package? Or maybe take as an
optional configuration parameter a certificate package?

Andreas





Acknowledgement sent to Andreas Enge <andreas@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#30619; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.