GNU bug report logs - #38254
Download code should honor /etc/ssl/certs/*.crt

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Mon, 18 Nov 2019 09:33:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38254 in the body.
You can then email your comments to 38254 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#38254; Package guix. (Mon, 18 Nov 2019 09:33:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ludovic Courtès <ludovic.courtes <at> inria.fr>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 18 Nov 2019 09:33:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
To: bug-Guix <at> gnu.org
Subject: Download code should honor /etc/ssl/certs/*.crt
Date: Mon, 18 Nov 2019 10:29:06 +0100

Hello,

Some distros such as CentOS 7 with its ‘ca-certificates’ package provide
nothing but a certificate bundle in /etc/ssl:

--8<---------------cut here---------------start------------->8---
$ ls -l /etc/ssl/certs/
total 12
lrwxrwxrwx. 1 root root   49  8 nov.  16:44 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55  8 nov.  16:44 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rwxr-xr-x. 1 root root  610 30 oct.   2018 make-dummy-cert
-rw-r--r--. 1 root root 2516 30 oct.   2018 Makefile
-rwxr-xr-x. 1 root root  829 30 oct.   2018 renew-dummy-cert
--8<---------------cut here---------------end--------------->8---

As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, ‘guix download’ &
co. (anything that relies on (guix build download)) fail because they
looks for /etc/ssl/certs/*.pem by default and there’s no such file.

Thanks,
Ludo’.
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Mon, 18 Nov 2019 11:22:02 GMT) Full text and rfc822 format available.
Notification sent to Ludovic Courtès <ludovic.courtes <at> inria.fr>:
bug acknowledged by developer. (Mon, 18 Nov 2019 11:22:02 GMT) Full text and rfc822 format available.

Message #10 received at 38254-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 38254-done <at> debbugs.gnu.org
Subject: Re: bug#38254: Download code should honor /etc/ssl/certs/*.crt
Date: Mon, 18 Nov 2019 12:21:38 +0100

Ludovic Courtès <ludovic.courtes <at> inria.fr> skribis:

> Some distros such as CentOS 7 with its ‘ca-certificates’ package provide
> nothing but a certificate bundle in /etc/ssl:
>
> $ ls -l /etc/ssl/certs/
> total 12
> lrwxrwxrwx. 1 root root   49  8 nov.  16:44 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> lrwxrwxrwx. 1 root root   55  8 nov.  16:44 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> -rwxr-xr-x. 1 root root  610 30 oct.   2018 make-dummy-cert
> -rw-r--r--. 1 root root 2516 30 oct.   2018 Makefile
> -rwxr-xr-x. 1 root root  829 30 oct.   2018 renew-dummy-cert
>
> As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, ‘guix download’ &
> co. (anything that relies on (guix build download)) fail because they
> looks for /etc/ssl/certs/*.pem by default and there’s no such file.

Fixed in 0d78d0f09c10f5c7a25ac2ab4da4197913cd3321.

Ludo'.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 16 Dec 2019 12:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 125 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.