GNU bug report logs - #54102
SSL_CERT_DIR is not always unary

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: "David Arroyo" <david@HIDDEN>; merged with #54101; dated Tue, 22 Feb 2022 08:30:02 UTC; Maintainer for guix is bug-guix@HIDDEN.
Merged 54101 54102. Request was from Tobias Geerinckx-Rice <me@HIDDEN> to control <at> Full text available.

Message received at submit <at>

Received: (at submit) by; 22 Feb 2022 08:29:37 +0000
From debbugs-submit-bounces <at> Tue Feb 22 03:29:37 2022
Received: from localhost ([]:39943
	by with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at>>)
	id 1nMQYC-000143-Qz
	for submit <at>; Tue, 22 Feb 2022 03:29:37 -0500
Received: from ([]:51858)
 by with esmtp (Exim 4.84_2)
 (envelope-from <david@HIDDEN>) id 1nMNEL-0003rB-NM
 for submit <at>; Mon, 21 Feb 2022 23:56:54 -0500
Received: from ([]:51190)
 by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <david@HIDDEN>) id 1nMNEL-0007CP-FQ
 for bug-guix@HIDDEN; Mon, 21 Feb 2022 23:56:53 -0500
Received: from ([]:39479)
 by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <david@HIDDEN>) id 1nMNEJ-0006bP-Rv
 for bug-guix@HIDDEN; Mon, 21 Feb 2022 23:56:53 -0500
Received: from compute5.internal (compute5.nyi.internal [])
 by mailout.west.internal (Postfix) with ESMTP id 7ABE23200F81
 for <bug-guix@HIDDEN>; Mon, 21 Feb 2022 23:56:50 -0500 (EST)
Received: from imap43 ([])
 by compute5.internal (MEProxy); Mon, 21 Feb 2022 23:56:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:date:from:from
 :x-sasl-enc; s=fm2; bh=cmya4Bu2ydjFUZpowTBXmi91ofBBV55FaVNnaSOB1
 oM=; b=QuddOgDJX1dyWeklNp74wdxh4ixbeadbBsZTwHcMHr3Vpzw+4DKMUvalw
X-ME-Sender: <xms:EW0UYqWIeQfj-Yf_Gg4GLGMIiSAYdnkPrumLjz2NlquZg_WpxCfSqA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeejgdejiecutefuodetggdotefrodftvf
X-ME-Proxy: <xmx:EW0UYubCZW-4EaYEasx2uF9gFNFnnzIo59ngmmbQL6vUy1210XPEug>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id C6F67AC0E99; Mon, 21 Feb 2022 23:56:49 -0500 (EST)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-Id: <775ea9f0-6247-4b0e-a89f-dc9e9ba9d75d@HIDDEN>
Date: Mon, 21 Feb 2022 23:56:29 -0500
From: "David Arroyo" <david@HIDDEN>
To: bug-guix@HIDDEN
Subject: SSL_CERT_DIR is not always unary
Content-Type: text/plain
Received-SPF: pass client-ip=; envelope-from=david@HIDDEN;
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 22 Feb 2022 03:29:36 -0500
X-BeenThere: debbugs-submit <at>
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <>
List-Unsubscribe: <>, 
 <mailto:debbugs-submit-request <at>>
List-Archive: <>
List-Post: <mailto:debbugs-submit <at>>
List-Help: <mailto:debbugs-submit-request <at>>
List-Subscribe: <>, 
 <mailto:debbugs-submit-request <at>>
Errors-To: debbugs-submit-bounces <at>
Sender: "Debbugs-submit" <debbugs-submit-bounces <at>>
X-Spam-Score: -2.4 (--)

The guix shell profile, at least on non-guix SD systems, contains the line

	export SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"

Since it prepends to the SSL_CERT_DIR variable, if a silly user were to accidentally source this file twice, say, to pick up changes they've made to a file that sources this file, the variable will contain duplicate paths.

However, several locations in the guix source assume SSL_CERT_DIR is a single directory. As an example, I ran into this issue when attempting to use `guix import opam -r faraday`:

	Starting download of /tmp/guix-file.XFPss4
	X.509 certificate of '' could not be verified:

Running the command with `strace -f` showed that guix was attempting to open $SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR.

It might be better to clobber this variable in the guix shell profile, rather than render it unusable for some subcommands. If not that, then we should remove the assumption that it contains a single path element.

(apologies if this is a duplicate email; I sent this earlier before subscribing to the list)

Acknowledgement sent to "David Arroyo" <david@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#54102; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 22 Feb 2022 17:30:03 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.