Received: (at 75902) by debbugs.gnu.org; 15 Feb 2025 21:06:10 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 15 16:06:09 2025 Received: from localhost ([127.0.0.1]:58243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tjPMX-0007hp-Iv for submit <at> debbugs.gnu.org; Sat, 15 Feb 2025 16:06:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49958) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tjPMU-0007hI-6Z for 75902 <at> debbugs.gnu.org; Sat, 15 Feb 2025 16:06:07 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1tjPMN-0003ZO-Ox; Sat, 15 Feb 2025 16:05:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=za2aA7cNu8bwGZWKDrCMtRu1fTFnOe3EJRiBMD7K0OE=; b=DFwDuJ6SIDz8s4oJTZ8O Qe0IA3IljJGL+DVf+CpOFuQ6Io7wQysG0V01dVeQXOVuX6w047ub4oTw0IYd2Myl8lilW7Doi8M5t J2ByyBXpwgOco9t8+iD1XyanRLg24zt7izoZKBb4qf0KYqp7SVjTb00XsrFO7SMhHxw9giQXDd3JG U9yqFFdXQl17f0bWzDXzZ34K1eYRse9nemvsEy/5EQK+Ro+9rgna/0unT0nOY/XECLzNI+nrecdkS w6NEZ1xWmtHNzka42tIAc/FpZr39lAVh0SyFWT1rKv48YtYkl0iRXEnUc9cPvyhhMqRidWDnbQXKC Xeoutz9PCkHtBQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Tomas Volf <~@wolfsden.cz> Subject: Re: bug#75902: guile-gnutls does not set up search paths for the certificates In-Reply-To: <87ikpzhq1q.fsf@HIDDEN> (Tomas Volf's message of "Mon, 27 Jan 2025 23:04:17 +0100") References: <87ikpzhq1q.fsf@HIDDEN> Date: Sat, 15 Feb 2025 22:05:55 +0100 Message-ID: <87bjv2x6j0.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 75902 Cc: 75902 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, Tomas Volf <~@wolfsden.cz> skribis: > We can see the difference boils down to different search paths: > > $ guix shell -CN guile guile-gnutls nss-certs --search-paths > export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${P= ATH:+:}$PATH" > export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-pro= file/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" > export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2= mcbyz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q= 3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_L= OAD_COMPILED_PATH" GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. Instead it=E2=80=99s up to applications to set up their certificate search = path. See for example the discussion at <https://issues.guix.gnu.org/46779>. Thanks, Ludo=E2=80=99.
bug-guix@HIDDEN
:bug#75902
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 27 Jan 2025 22:04:34 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 27 17:04:34 2025 Received: from localhost ([127.0.0.1]:34717 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tcXDe-0005jQ-4o for submit <at> debbugs.gnu.org; Mon, 27 Jan 2025 17:04:34 -0500 Received: from lists.gnu.org ([2001:470:142::17]:57096) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tcXDa-0005j5-DE for submit <at> debbugs.gnu.org; Mon, 27 Jan 2025 17:04:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tcXDU-0001B0-NU for bug-guix@HIDDEN; Mon, 27 Jan 2025 17:04:24 -0500 Received: from wolfsden.cz ([37.205.8.62]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tcXDS-0000ZE-Fe for bug-guix@HIDDEN; Mon, 27 Jan 2025 17:04:24 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 271D231542E; Mon, 27 Jan 2025 22:04:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1738015459; bh=WwZ13/vECLRnfWBfHLdJnOO5vVwA+2oScLNyOB4CZS4=; h=From:To:Subject:Date; b=Dy5+1FUsZJNj/HqvX6IymoHYKbN/TFRBRzNsVDbo6rJxO/bjKV7Jj3z8iIbcBFas8 ravtoeiDte48gKq9G6LokT94q2N6Ml8sdVuqJjiaOIBmRVuHIvCCSM1JcE3uXXyyy6 gFehpH3Mc1lne6Z7UvZHj3gT8TCd5rKmCLf1OUsW+7UTiknTW5EjSC0x9Xcjy3ZuFW tBylacs3/BUKHeXZfm54eP/4y8Ar0iiGtN9MhGIPV3jpgYc5CU/aA4TcoVi0se5GNq W4AvVXfpBhxzhWiDIZ5+l7Crg81KtS2FrLfzULbUVN66CIbnTXYZuJ/2sURa/ntYgK NkYmmZ6OXjq5gYh+K+3exjdOyyB+NyDKOMuzla3dqICz/yhQP5X0FszxlgnaRIs29x KeSMzF999TrH7ASRTIaTGB+ePZM0aWMtcW8DEbn81RDDlX4ilJBXwQaJttfWvEQy9j SfzewGqe1L82VzXmKaAevF/JXD79Ruf63Q8zRLUKLIuBIpgmjLzls0YZH8q7tn75ya s/XM9j6zW/Y3VIbirBFz0DqmsHmr1w3zUZVxMwWKUWP6baeJmjhdN4UXlRqEFTaXlK 1AvE5mHGWjXMRdqy7QBPCHDy6hDpC6yUGxP8p9Lo69JkfQTeSvvOyv2uWeRk5VKLOk 5L5sbPaxGuChHT91tyJ9oThA= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 49BAB315C04 for <bug-guix@HIDDEN>; Mon, 27 Jan 2025 22:04:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1738015458; bh=WwZ13/vECLRnfWBfHLdJnOO5vVwA+2oScLNyOB4CZS4=; h=From:To:Subject:Date; b=O+zUaNMXP/HThA6YBMyFvld8beORIR/a7y+NJl56Y4AVk3aia0Jk3it+EH4m5DuwB AOQpHs5OloKl7Ephpv+WKGVfSmP2e09eo4LSuoJ8z/o0Q1aotgplLas04P3UYOPCks v5FLww22dkst7h9cuM/Kbtcbp6NPGISPTJadTrRcJPi8poLPZnnLpyifNLiy6791B4 gjWx6DGLeQI2tkrIR85jJjyEXeFig23cuPxU25DY6FHoLSLkbAlJT3rBtRysfE59b0 kql/CNIjx4DGiVgt2ZAcrHGaBWXAwubXgOiCU+G7svp6+F0AhaIVaxI/4wfjB83Zb6 md8y0j5eWOYWx2um6CIfHf0Ik/yYgQy6+QkSBafLNd3d9D1Y6ItcaqJBcC+knvazDK /bF4ePf3iDahThFNXbuYIyPksKvaDaa2a50VY1XlnF5F2wr67sqqtZ6OKrx+tERG/T JTYujUQ8HQ5NZ7TMl5j2C+x+1mfFsiiPxyZGogiLJ1uJrJX3T1bEfS77en4UkQCDAa 0KNbqUuOo5KHpEJzxim2kd0N7sXvrT+FUTQ7Tdu/an9HAUeCJPyYuYjPeVJVQZ8azI LZqYep+bbc5Vggjmdzp9w7p4uMmVUBOcZdYUnxrnKRQvLrSMln3SBiAeewxESuRUBl PFs+gu21t4f3vyEQHfKFICaI= From: Tomas Volf <~@wolfsden.cz> To: bug-guix@HIDDEN Subject: guile-gnutls does not set up search paths for the certificates Date: Mon, 27 Jan 2025 23:04:17 +0100 Message-ID: <87ikpzhq1q.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz; helo=wolfsden.cz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable When trying to use (web client) Guile module, one gets the following error: =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs -- guile -c '((@ (web client)= http-get) "https://gnu.org")' Backtrace: In ice-9/boot-9.scm: 1752:10 7 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 6 (apply-smob/0 #<thunk 7f625f6c1300>) In ice-9/boot-9.scm: 724:2 5 (call-with-prompt _ _ #<procedure default-prompt-handle?>) In ice-9/eval.scm: 619:8 4 (_ #(#(#<directory (guile-user) 7f625f6c4c80>))) In ice-9/command-line.scm: 185:19 3 (_ #<input: string 7f625f6be850>) In unknown file: 2 (eval ((@ (web client) http-get) "https://gnu.org") #<d?>) In web/client.scm: 576:0 1 (http-get "https://gnu.org" #:body _ # _ #:port _ # #<?> ?) 286:6 0 (tls-wrap #<closed: file 7f6256da2c40> _ # _) web/client.scm:286:6: In procedure tls-wrap: X.509 certificate of 'gnu.org' could not be verified: signer-not-found invalid =2D-8<---------------cut here---------------end--------------->8--- It seems that guile-gnutls fails to find the certificates, which is unexpected. Adding `curl' into the list of packages works around the problem: =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs curl -- guile -c '((@ (web cl= ient) http-get) "https://gnu.org")' =2D-8<---------------cut here---------------end--------------->8--- We can see the difference boils down to different search paths: =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs --search-paths export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${PAT= H:+:}$PATH" export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profi= le/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mc= byz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m= 2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOA= D_COMPILED_PATH" =2D-8<---------------cut here---------------end--------------->8--- and =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs curl --search-paths export PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/bin${PAT= H:+:}$PATH" export SSL_CERT_DIR=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/= etc/ssl/certs" export SSL_CERT_FILE=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile= /etc/ssl/certs/ca-certificates.crt" export CURL_CA_BUNDLE=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profil= e/etc/ssl/certs/ca-certificates.crt" export GUILE_LOAD_PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profi= le/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnx= iql-profile/lib/guile/3.0/site-ccache:/gnu/store/6zbi90idpfww3y4k7bcnm38lwi= lnxiql-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOA= D_COMPILED_PATH" =2D-8<---------------cut here---------------end--------------->8--- I think guile-gnutls should also declare the SSL_* variables, since it needs the certificates for vast majority of things one could want to do with it.. Have a nice day, Tomas =2D-=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmeYAuEOHH5Ad29sZnNk ZW4uY3oACgkQL7/ufbZ/walKnhAAgMHr0fRFxh6x4Ghh5q0ts2XClSI7m4yfdz4S q7hicMaz6fKlS9PJMYTrTOlskAn48NvfLV7dGoCLrMIZrqPZRc8+BvnsvoJJgoU6 BAK6+F0zBPFSEpu60tm1AKQp6ZMGJ9gGWPgOAVwt3a9A6ZciiAcY+sgq8WLRd6bU LegyE0ePZFXq6WAACMDijO5NBf45V4FSIlA6bWWkFkYI7KalsjJlCC8DYvOC+D9+ x1BlMVPQ7hnCVj5DW3bqA1FpT6BXYO6GTs9U0njaKCYtbD7jPQO8vmH21u38qcoe 6c0nqXBTR6EoyBRXv0pquKXz6nXr30Obi3TAecw1jSuODoRhWto8Rb6HQVmPN8VV Bp6Sieyunl/RnF2NEIu2FUmSc6qrpwm4qGSGC0GECVaONH346ZBQWR9+q4tUNn2M W0DA9MUT+XxnAICREZW8llYI9q4QK4qs5pNEzt1QpicxJIqchcyY9mjwMX7JCyQj 2eJiRnqvXRkgs/LdDJh2wHMdJlBgqK56iKKDAgCxErgCvH4aTyBttLC/0AGtmRYY EzEV4Imillt4uSoSwLyPWMOcTzVpSr2NxkpnTHMJk6aJlpfIYlVVSy2L0SKUWK+0 ATFbSqlXYQF0/p0aUY0yw4PBzAIypE8Pwf5VMVuPzmMnVIvPVZF8UvZ81XiZbwFC SdRI8js= =hLQN -----END PGP SIGNATURE----- --=-=-=--
Tomas Volf <~@wolfsden.cz>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#75902
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.