GNU bug report logs - #54101
SSL_CERT_DIR is not always unary

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 22 Feb 2022 08:29:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 22 03:29:36 2022
Received: from localhost ([127.0.0.1]:39941 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nMQYC-000140-E3
	for submit <at> debbugs.gnu.org; Tue, 22 Feb 2022 03:29:36 -0500
Received: from lists.gnu.org ([209.51.188.17]:51350)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <david@HIDDEN>) id 1nMN5a-0003cd-5D
 for submit <at> debbugs.gnu.org; Mon, 21 Feb 2022 23:47:50 -0500
Received: from eggs.gnu.org ([209.51.188.92]:49624)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <david@HIDDEN>) id 1nMN5Z-0006No-UJ
 for bug-guix@HIDDEN; Mon, 21 Feb 2022 23:47:49 -0500
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:44935)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <david@HIDDEN>) id 1nMN5W-0005I7-CP
 for bug-guix@HIDDEN; Mon, 21 Feb 2022 23:47:49 -0500
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.west.internal (Postfix) with ESMTP id 90C963202049
 for <bug-guix@HIDDEN>; Mon, 21 Feb 2022 23:47:41 -0500 (EST)
Received: from imap43 ([10.202.2.93])
 by compute5.internal (MEProxy); Mon, 21 Feb 2022 23:47:41 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=jWEygKu8q1n3McdbU2UmpzkTdN4WVVdQdahceff6R
 xs=; b=ZrFIahBI1a06LNG4wA6DpbK8hAEJ+y7stpSmQiRPnfSEzhtqD9Qtq9pI+
 5/DZ2n3Ev0NUK9gPKMChTK0oU92rgEB0wHB0mDwtqSJ/iWHXB3C1IFUF8Ogv4Tc+
 J7UtwTgSHn1KjnwPubmluv/fnhD2IXi0KsFoPBJGfFv79YgPCY50CsBJPmL8payK
 hdnFz8KE0GXEi45XWxk5cZTzX0YPLcYR0jh4rpJiyD31eVrGj9tWoXd+XlucW+px
 qT2bEiI687ZXn1NAxnjoURA94juB488MIJI7KMohIw9OjzsP4ZfGXi5t4fPIs1xu
 /T9pKXvJidYL/AxHXi1lclbNdZYCA==
X-ME-Sender: <xms:7GoUYtqLTfMDNuo8iF7AVF5ygUJHN--Lnsm7A-ePePyBum0aJauJFA>
 <xme:7GoUYvqDmITyORyASqrHVxT5IuKAx2gjFVxMtAp-NGqjKZmdn5W2y51vT0WGli4ui
 KoJCNPm8Cm-_srXSw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeejgdejgecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre
 ertdenucfhrhhomhepfdffrghvihguucetrhhrohihohdfuceouggrvhhiugesrghqfigr
 rhhirdhnvghtqeenucggtffrrghtthgvrhhnpeehjeeltdetjeefgedvgfffueevtdegtd
 etffetvefhteekgefgteeuteekudduieenucffohhmrghinhepghhithhhuhgsrdgtohhm
 necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrvh
 hiugesrghqfigrrhhirdhnvght
X-ME-Proxy: <xmx:7WoUYqMlW-lR5uLoJuoVh4EmqyPfIRHzD7sEqw56VKqHeCSYO4cwtg>
 <xmx:7WoUYo7kxpDEYD5OUudcv5ugDJaqGdPw2G3c6sR9EiwKz222TPFpHg>
 <xmx:7WoUYs6oMmmj5TbXQj-DdU_nM4iLi5eTcVrxZeBxjFic25LL1GYKkg>
 <xmx:7WoUYuHXra-FLozFN7ZKzE4FBKgKucyDLw_OeKvPzlqvHrzqLas07w>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id E49E7AC0E99; Mon, 21 Feb 2022 23:47:40 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-Id: <2556bad4-8f11-4245-9cd0-15fdbe803ac2@HIDDEN>
Date: Mon, 21 Feb 2022 23:47:20 -0500
From: "David Arroyo" <david@HIDDEN>
To: bug-guix@HIDDEN
Subject: SSL_CERT_DIR is not always unary
Content-Type: text/plain
Received-SPF: pass client-ip=64.147.123.21; envelope-from=david@HIDDEN;
 helo=wout5-smtp.messagingengine.com
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 22 Feb 2022 03:29:36 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

The guix shell profile, at least on non-guix SD systems, contains the line

	export SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"

Since it prepends to the SSL_CERT_DIR variable, if a silly user were to accidentally source this file twice, say, to pick up changes they've made to a file that sources this file, the variable will contain duplicate paths.

However, several locations in the guix source assume SSL_CERT_DIR is a single directory. As an example, I ran into this issue when attempting to use `guix import opam -r faraday`:

	Starting download of /tmp/guix-file.XFPss4
	From https://github.com/inhabitedtype/faraday/archive/0.8.1.tar.gz...
	X.509 certificate of 'github.com' could not be verified:
	  signer-not-found
	  invalid

Running the command with `strace -f` showed that guix was attempting to open $SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR.

It might be better to clobber this variable in the guix shell profile, rather than render it unusable for some subcommands. If not that, then we should remove the assumption that it contains a single path element.