GNU bug report logs - #54102
SSL_CERT_DIR is not always unary

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix; Reported by: "David Arroyo" <david@HIDDEN>; merged with #54101; dated Tue, 22 Feb 2022 08:30:02 UTC; Maintainer for guix is bug-guix@HIDDEN.
Merged 54101 54102. Request was from Tobias Geerinckx-Rice <me@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 22 Feb 2022 08:29:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 22 03:29:37 2022
Received: from localhost ([127.0.0.1]:39943 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nMQYC-000143-Qz
	for submit <at> debbugs.gnu.org; Tue, 22 Feb 2022 03:29:37 -0500
Received: from lists.gnu.org ([209.51.188.17]:51858)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <david@HIDDEN>) id 1nMNEL-0003rB-NM
 for submit <at> debbugs.gnu.org; Mon, 21 Feb 2022 23:56:54 -0500
Received: from eggs.gnu.org ([209.51.188.92]:51190)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <david@HIDDEN>) id 1nMNEL-0007CP-FQ
 for bug-guix@HIDDEN; Mon, 21 Feb 2022 23:56:53 -0500
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:39479)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <david@HIDDEN>) id 1nMNEJ-0006bP-Rv
 for bug-guix@HIDDEN; Mon, 21 Feb 2022 23:56:53 -0500
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.west.internal (Postfix) with ESMTP id 7ABE23200F81
 for <bug-guix@HIDDEN>; Mon, 21 Feb 2022 23:56:50 -0500 (EST)
Received: from imap43 ([10.202.2.93])
 by compute5.internal (MEProxy); Mon, 21 Feb 2022 23:56:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=cmya4Bu2ydjFUZpowTBXmi91ofBBV55FaVNnaSOB1
 oM=; b=QuddOgDJX1dyWeklNp74wdxh4ixbeadbBsZTwHcMHr3Vpzw+4DKMUvalw
 WUo4Dez01DOwMmzOvoXG8DLF1pkTO6E9PL/VjKcvoVICMKbkN5ITBIoDDcCWTn6F
 m8AoH2t+MhFA9VP/ql0H6UsQa1b5iPrF3XRXL9cZDMnc/5RycmaHL1eaGDY88437
 LqskFvWkXTKM98s5s7Gu6pxejiaY8qGqBpILV3aPfjmdE0gsOHSaJgc0B9Yu3CcO
 DygPk1nrFsBvG4XdV2zgaa6t4Fiv+yQ6kwzTVJMtppCPz2ktuHL9unpxC82FY/3x
 VM7Ob5AjLC3cx8e16gMtkSsUQrCvg==
X-ME-Sender: <xms:EW0UYqWIeQfj-Yf_Gg4GLGMIiSAYdnkPrumLjz2NlquZg_WpxCfSqA>
 <xme:EW0UYmmIlbWlP7qFJsVtHaO-MT11_KEuGWreSnon_1JZvT8EZuNXkoPMKIP9re0C7
 dqpO1AxjzMRi93z9w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeejgdejiecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre
 ertdenucfhrhhomhepfdffrghvihguucetrhhrohihohdfuceouggrvhhiugesrghqfigr
 rhhirdhnvghtqeenucggtffrrghtthgvrhhnpeehjeeltdetjeefgedvgfffueevtdegtd
 etffetvefhteekgefgteeuteekudduieenucffohhmrghinhepghhithhhuhgsrdgtohhm
 necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrvh
 hiugesrghqfigrrhhirdhnvght
X-ME-Proxy: <xmx:EW0UYubCZW-4EaYEasx2uF9gFNFnnzIo59ngmmbQL6vUy1210XPEug>
 <xmx:EW0UYhUMWkAuo_33wEK9Jm8aJMVSoyF_EizKa6u7Qzd-A1kpJ7JwVw>
 <xmx:EW0UYknH0eK0GTb6zbf13uIksVrNUCX4bogSMBgsao6-ntFfWor8bw>
 <xmx:Em0UYgyDsjmGLy0WlDIm-AI034dYiFGDPTK20xg0X-qQJuB5N1-Scg>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id C6F67AC0E99; Mon, 21 Feb 2022 23:56:49 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-Id: <775ea9f0-6247-4b0e-a89f-dc9e9ba9d75d@HIDDEN>
Date: Mon, 21 Feb 2022 23:56:29 -0500
From: "David Arroyo" <david@HIDDEN>
To: bug-guix@HIDDEN
Subject: SSL_CERT_DIR is not always unary
Content-Type: text/plain
Received-SPF: pass client-ip=64.147.123.21; envelope-from=david@HIDDEN;
 helo=wout5-smtp.messagingengine.com
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 22 Feb 2022 03:29:36 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

The guix shell profile, at least on non-guix SD systems, contains the line

	export SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"

Since it prepends to the SSL_CERT_DIR variable, if a silly user were to accidentally source this file twice, say, to pick up changes they've made to a file that sources this file, the variable will contain duplicate paths.

However, several locations in the guix source assume SSL_CERT_DIR is a single directory. As an example, I ran into this issue when attempting to use `guix import opam -r faraday`:

	Starting download of /tmp/guix-file.XFPss4
	From https://github.com/inhabitedtype/faraday/archive/0.8.1.tar.gz...
	X.509 certificate of 'github.com' could not be verified:
	  signer-not-found
	  invalid

Running the command with `strace -f` showed that guix was attempting to open $SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR.

It might be better to clobber this variable in the guix shell profile, rather than render it unusable for some subcommands. If not that, then we should remove the assumption that it contains a single path element.

(apologies if this is a duplicate email; I sent this earlier before subscribing to the list)
Acknowledgement sent to "David Arroyo" <david@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#54102; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 22 Feb 2022 17:30:03 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.