GNU bug report logs - #25422
GIT_SSL_CAINFO set incorrectly

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 11 Jan 2017 20:37:02 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

Message #8 received at 25422 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: 25422 <at> debbugs.gnu.org
Subject: Re: bug#25422: GIT_SSL_CAINFO set incorrectly
Date: Sat, 14 Jan 2017 22:20:59 +0100

Hi!

Leo Famulari <leo <at> famulari.name> skribis:

> Recently, Guix started to set the environment GIT_SSL_CAINFO like a
> search path, instead of pointing to single file, which is what it should
> be.

I don’t think anything has changed, maybe it’s just that your profile
now includes ‘ssl/certs’?

On my GuixSD machine, I still have:

  $ env |grep GIT_
  GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt

but that’s because ~/.guix-profile does not contain certificates.

At any rate, you are right that GIT_SSL_CAINFO should be a single file.
There’s a note in the code:

   (native-search-paths
    ;; For HTTPS access, Git needs a single-file certificate bundle, specified
    ;; with $GIT_SSL_CAINFO.
    ;; FIXME: This variable designates a single file; it is not a search path.
    (list (search-path-specification
           (variable "GIT_SSL_CAINFO")
           (file-type 'regular)
           (files '("etc/ssl/certs/ca-certificates.crt")))))

So we’re abusing the search path mechanism here.

A proper fix might be to add an option in ‘search-path-specification’ to
pick only the first match.

WDYT?

Thanks,
Ludo’.
This bug report was last modified 8 years and 102 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.