Received: (at 75902) by debbugs.gnu.org; 15 Feb 2025 21:06:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 15 16:06:09 2025
Received: from localhost ([127.0.0.1]:58243 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tjPMX-0007hp-Iv
for submit <at> debbugs.gnu.org; Sat, 15 Feb 2025 16:06:09 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49958)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tjPMU-0007hI-6Z
for 75902 <at> debbugs.gnu.org; Sat, 15 Feb 2025 16:06:07 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1tjPMN-0003ZO-Ox; Sat, 15 Feb 2025 16:05:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=za2aA7cNu8bwGZWKDrCMtRu1fTFnOe3EJRiBMD7K0OE=; b=DFwDuJ6SIDz8s4oJTZ8O
Qe0IA3IljJGL+DVf+CpOFuQ6Io7wQysG0V01dVeQXOVuX6w047ub4oTw0IYd2Myl8lilW7Doi8M5t
J2ByyBXpwgOco9t8+iD1XyanRLg24zt7izoZKBb4qf0KYqp7SVjTb00XsrFO7SMhHxw9giQXDd3JG
U9yqFFdXQl17f0bWzDXzZ34K1eYRse9nemvsEy/5EQK+Ro+9rgna/0unT0nOY/XECLzNI+nrecdkS
w6NEZ1xWmtHNzka42tIAc/FpZr39lAVh0SyFWT1rKv48YtYkl0iRXEnUc9cPvyhhMqRidWDnbQXKC
Xeoutz9PCkHtBQ==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Tomas Volf <~@wolfsden.cz>
Subject: Re: bug#75902: guile-gnutls does not set up search paths for the
certificates
In-Reply-To: <87ikpzhq1q.fsf@HIDDEN> (Tomas Volf's message of "Mon, 27
Jan 2025 23:04:17 +0100")
References: <87ikpzhq1q.fsf@HIDDEN>
Date: Sat, 15 Feb 2025 22:05:55 +0100
Message-ID: <87bjv2x6j0.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75902
Cc: 75902 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi,
Tomas Volf <~@wolfsden.cz> skribis:
> We can see the difference boils down to different search paths:
>
> $ guix shell -CN guile guile-gnutls nss-certs --search-paths
> export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${P=
ATH:+:}$PATH"
> export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-pro=
file/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH"
> export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2=
mcbyz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q=
3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_L=
OAD_COMPILED_PATH"
GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable.
Instead it=E2=80=99s up to applications to set up their certificate search =
path.
See for example the discussion at <https://issues.guix.gnu.org/46779>.
Thanks,
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#75902; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 27 Jan 2025 22:04:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 27 17:04:34 2025
Received: from localhost ([127.0.0.1]:34717 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tcXDe-0005jQ-4o
for submit <at> debbugs.gnu.org; Mon, 27 Jan 2025 17:04:34 -0500
Received: from lists.gnu.org ([2001:470:142::17]:57096)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tcXDa-0005j5-DE
for submit <at> debbugs.gnu.org; Mon, 27 Jan 2025 17:04:31 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tcXDU-0001B0-NU
for bug-guix@HIDDEN; Mon, 27 Jan 2025 17:04:24 -0500
Received: from wolfsden.cz ([37.205.8.62])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tcXDS-0000ZE-Fe
for bug-guix@HIDDEN; Mon, 27 Jan 2025 17:04:24 -0500
Received: by wolfsden.cz (Postfix, from userid 104)
id 271D231542E; Mon, 27 Jan 2025 22:04:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1738015459; bh=WwZ13/vECLRnfWBfHLdJnOO5vVwA+2oScLNyOB4CZS4=;
h=From:To:Subject:Date;
b=Dy5+1FUsZJNj/HqvX6IymoHYKbN/TFRBRzNsVDbo6rJxO/bjKV7Jj3z8iIbcBFas8
ravtoeiDte48gKq9G6LokT94q2N6Ml8sdVuqJjiaOIBmRVuHIvCCSM1JcE3uXXyyy6
gFehpH3Mc1lne6Z7UvZHj3gT8TCd5rKmCLf1OUsW+7UTiknTW5EjSC0x9Xcjy3ZuFW
tBylacs3/BUKHeXZfm54eP/4y8Ar0iiGtN9MhGIPV3jpgYc5CU/aA4TcoVi0se5GNq
W4AvVXfpBhxzhWiDIZ5+l7Crg81KtS2FrLfzULbUVN66CIbnTXYZuJ/2sURa/ntYgK
NkYmmZ6OXjq5gYh+K+3exjdOyyB+NyDKOMuzla3dqICz/yhQP5X0FszxlgnaRIs29x
KeSMzF999TrH7ASRTIaTGB+ePZM0aWMtcW8DEbn81RDDlX4ilJBXwQaJttfWvEQy9j
SfzewGqe1L82VzXmKaAevF/JXD79Ruf63Q8zRLUKLIuBIpgmjLzls0YZH8q7tn75ya
s/XM9j6zW/Y3VIbirBFz0DqmsHmr1w3zUZVxMwWKUWP6baeJmjhdN4UXlRqEFTaXlK
1AvE5mHGWjXMRdqy7QBPCHDy6hDpC6yUGxP8p9Lo69JkfQTeSvvOyv2uWeRk5VKLOk
5L5sbPaxGuChHT91tyJ9oThA=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level:
X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no
version=3.4.6
Received: from localhost (unknown [128.0.188.242])
by wolfsden.cz (Postfix) with ESMTPSA id 49BAB315C04
for <bug-guix@HIDDEN>; Mon, 27 Jan 2025 22:04:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1738015458; bh=WwZ13/vECLRnfWBfHLdJnOO5vVwA+2oScLNyOB4CZS4=;
h=From:To:Subject:Date;
b=O+zUaNMXP/HThA6YBMyFvld8beORIR/a7y+NJl56Y4AVk3aia0Jk3it+EH4m5DuwB
AOQpHs5OloKl7Ephpv+WKGVfSmP2e09eo4LSuoJ8z/o0Q1aotgplLas04P3UYOPCks
v5FLww22dkst7h9cuM/Kbtcbp6NPGISPTJadTrRcJPi8poLPZnnLpyifNLiy6791B4
gjWx6DGLeQI2tkrIR85jJjyEXeFig23cuPxU25DY6FHoLSLkbAlJT3rBtRysfE59b0
kql/CNIjx4DGiVgt2ZAcrHGaBWXAwubXgOiCU+G7svp6+F0AhaIVaxI/4wfjB83Zb6
md8y0j5eWOYWx2um6CIfHf0Ik/yYgQy6+QkSBafLNd3d9D1Y6ItcaqJBcC+knvazDK
/bF4ePf3iDahThFNXbuYIyPksKvaDaa2a50VY1XlnF5F2wr67sqqtZ6OKrx+tERG/T
JTYujUQ8HQ5NZ7TMl5j2C+x+1mfFsiiPxyZGogiLJ1uJrJX3T1bEfS77en4UkQCDAa
0KNbqUuOo5KHpEJzxim2kd0N7sXvrT+FUTQ7Tdu/an9HAUeCJPyYuYjPeVJVQZ8azI
LZqYep+bbc5Vggjmdzp9w7p4uMmVUBOcZdYUnxrnKRQvLrSMln3SBiAeewxESuRUBl
PFs+gu21t4f3vyEQHfKFICaI=
From: Tomas Volf <~@wolfsden.cz>
To: bug-guix@HIDDEN
Subject: guile-gnutls does not set up search paths for the certificates
Date: Mon, 27 Jan 2025 23:04:17 +0100
Message-ID: <87ikpzhq1q.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz;
helo=wolfsden.cz
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
When trying to use (web client) Guile module, one gets the following
error:
=2D-8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs -- guile -c '((@ (web client)=
http-get) "https://gnu.org")'
Backtrace:
In ice-9/boot-9.scm:
1752:10 7 (with-exception-handler _ _ #:unwind? _ # _)
In unknown file:
6 (apply-smob/0 #<thunk 7f625f6c1300>)
In ice-9/boot-9.scm:
724:2 5 (call-with-prompt _ _ #<procedure default-prompt-handle?>)
In ice-9/eval.scm:
619:8 4 (_ #(#(#<directory (guile-user) 7f625f6c4c80>)))
In ice-9/command-line.scm:
185:19 3 (_ #<input: string 7f625f6be850>)
In unknown file:
2 (eval ((@ (web client) http-get) "https://gnu.org") #<d?>)
In web/client.scm:
576:0 1 (http-get "https://gnu.org" #:body _ # _ #:port _ # #<?> ?)
286:6 0 (tls-wrap #<closed: file 7f6256da2c40> _ # _)
web/client.scm:286:6: In procedure tls-wrap:
X.509 certificate of 'gnu.org' could not be verified:
signer-not-found invalid
=2D-8<---------------cut here---------------end--------------->8---
It seems that guile-gnutls fails to find the certificates, which is
unexpected. Adding `curl' into the list of packages works around the
problem:
=2D-8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs curl -- guile -c '((@ (web cl=
ient) http-get) "https://gnu.org")'
=2D-8<---------------cut here---------------end--------------->8---
We can see the difference boils down to different search paths:
=2D-8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs --search-paths
export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${PAT=
H:+:}$PATH"
export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profi=
le/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH"
export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mc=
byz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m=
2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOA=
D_COMPILED_PATH"
=2D-8<---------------cut here---------------end--------------->8---
and
=2D-8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs curl --search-paths
export PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/bin${PAT=
H:+:}$PATH"
export SSL_CERT_DIR=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/=
etc/ssl/certs"
export SSL_CERT_FILE=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile=
/etc/ssl/certs/ca-certificates.crt"
export CURL_CA_BUNDLE=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profil=
e/etc/ssl/certs/ca-certificates.crt"
export GUILE_LOAD_PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profi=
le/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH"
export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnx=
iql-profile/lib/guile/3.0/site-ccache:/gnu/store/6zbi90idpfww3y4k7bcnm38lwi=
lnxiql-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOA=
D_COMPILED_PATH"
=2D-8<---------------cut here---------------end--------------->8---
I think guile-gnutls should also declare the SSL_* variables, since it
needs the certificates for vast majority of things one could want to do
with it..
Have a nice day,
Tomas
=2D-=20
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmeYAuEOHH5Ad29sZnNk
ZW4uY3oACgkQL7/ufbZ/walKnhAAgMHr0fRFxh6x4Ghh5q0ts2XClSI7m4yfdz4S
q7hicMaz6fKlS9PJMYTrTOlskAn48NvfLV7dGoCLrMIZrqPZRc8+BvnsvoJJgoU6
BAK6+F0zBPFSEpu60tm1AKQp6ZMGJ9gGWPgOAVwt3a9A6ZciiAcY+sgq8WLRd6bU
LegyE0ePZFXq6WAACMDijO5NBf45V4FSIlA6bWWkFkYI7KalsjJlCC8DYvOC+D9+
x1BlMVPQ7hnCVj5DW3bqA1FpT6BXYO6GTs9U0njaKCYtbD7jPQO8vmH21u38qcoe
6c0nqXBTR6EoyBRXv0pquKXz6nXr30Obi3TAecw1jSuODoRhWto8Rb6HQVmPN8VV
Bp6Sieyunl/RnF2NEIu2FUmSc6qrpwm4qGSGC0GECVaONH346ZBQWR9+q4tUNn2M
W0DA9MUT+XxnAICREZW8llYI9q4QK4qs5pNEzt1QpicxJIqchcyY9mjwMX7JCyQj
2eJiRnqvXRkgs/LdDJh2wHMdJlBgqK56iKKDAgCxErgCvH4aTyBttLC/0AGtmRYY
EzEV4Imillt4uSoSwLyPWMOcTzVpSr2NxkpnTHMJk6aJlpfIYlVVSy2L0SKUWK+0
ATFbSqlXYQF0/p0aUY0yw4PBzAIypE8Pwf5VMVuPzmMnVIvPVZF8UvZ81XiZbwFC
SdRI8js=
=hLQN
-----END PGP SIGNATURE-----
--=-=-=--
Tomas Volf <~@wolfsden.cz>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#75902; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.