From unknown Fri Aug 15 02:01:51 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#32530 <32530@debbugs.gnu.org> To: bug#32530 <32530@debbugs.gnu.org> Subject: Status: [PATCH] gnu: octave: Fix CA certificate use. Reply-To: bug#32530 <32530@debbugs.gnu.org> Date: Fri, 15 Aug 2025 09:01:51 +0000 retitle 32530 [PATCH] gnu: octave: Fix CA certificate use. reassign 32530 guix-patches submitter 32530 Kei Kebreau severity 32530 normal tag 32530 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 25 20:42:55 2018 Received: (at submit) by debbugs.gnu.org; 26 Aug 2018 00:42:55 +0000 Received: from localhost ([127.0.0.1]:60852 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ftj8p-00039T-3X for submit@debbugs.gnu.org; Sat, 25 Aug 2018 20:42:55 -0400 Received: from eggs.gnu.org ([208.118.235.92]:57856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ftj8n-00039H-Qi for submit@debbugs.gnu.org; Sat, 25 Aug 2018 20:42:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ftj8h-0008Or-3D for submit@debbugs.gnu.org; Sat, 25 Aug 2018 20:42:47 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:40450) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ftj8f-0008O3-RU for submit@debbugs.gnu.org; Sat, 25 Aug 2018 20:42:46 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50604) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ftj8f-0001B1-11 for guix-patches@gnu.org; Sat, 25 Aug 2018 20:42:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ftj8b-0008Lo-7c for guix-patches@gnu.org; Sat, 25 Aug 2018 20:42:44 -0400 Received: from mout01.posteo.de ([185.67.36.65]:41463) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ftj8X-0008IK-Q2 for guix-patches@gnu.org; Sat, 25 Aug 2018 20:42:39 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 6FE3020E5E for ; Sun, 26 Aug 2018 02:42:34 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1535244154; bh=EkfOrUf31Ohp4f3Pd16pr+CfHNA+3BHe9odA/p90Vyc=; h=From:To:Cc:Subject:Date:From; b=lMEshGERWJeNnCAC5Jhbg2XMackM6kQRxXTsKfKcbwv0NSB0hWcv6h0YjshnKZkA8 pGMFSj5P9BSQCPNvGNk1V6k2BsJxP96DlnMk6YEGTwoDvzJ8TRAUfrLvM0NitMYHRD HGC4LHBdd0BV727r26DMi7s7OURIkQIwdu8u2lWNSYpR+6lxRQ8KGFuqUJhoK+K53h XA74dHSg8g2CLbzU8LlmrHknvCliop5Uh0JAk/4W49mjIxzdoTL8K1cpJqLXntSM4B 4r2xWjMyeu8z63CYIcCtqREvBHcdYvcfX6kWF4DeAPWLu199Nb8x1GmaGLTs0NX0t3 bTIvKBDqtXtIQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 41ybp12xRfz6tm5; Sun, 26 Aug 2018 02:42:33 +0200 (CEST) From: Kei Kebreau To: guix-patches@gnu.org Subject: [PATCH] gnu: octave: Fix CA certificate use. Date: Sat, 25 Aug 2018 20:42:31 -0400 Message-Id: <20180826004231.19350-1-kkebreau@posteo.net> X-Mailer: git-send-email 2.18.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit Cc: Kei Kebreau X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap Octave with the path to system CA certificates. --- gnu/packages/maths.scm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 3d571e8cc..b0caff0f5 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -1417,7 +1417,13 @@ can solve two kinds of problems: (string-append "Vmakeinfo_program = \"" (assoc-ref inputs "texinfo") "/bin/makeinfo\""))) - #t))))) + #t)) + (add-after 'install 'wrap-program + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (wrap-program (string-append out "/bin/octave") + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) + #t)))))) (home-page "https://www.gnu.org/software/octave/") (synopsis "High-level language for numerical computation") (description "GNU Octave is a high-level interpreted language that is -- 2.18.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 13 04:43:40 2018 Received: (at 32530) by debbugs.gnu.org; 13 Sep 2018 08:43:40 +0000 Received: from localhost ([127.0.0.1]:38727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0NDw-0002Sl-4f for submit@debbugs.gnu.org; Thu, 13 Sep 2018 04:43:40 -0400 Received: from eggs.gnu.org ([208.118.235.92]:50581) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0NDt-0002SW-Rn for 32530@debbugs.gnu.org; Thu, 13 Sep 2018 04:43:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g0NDi-0000Fk-6O for 32530@debbugs.gnu.org; Thu, 13 Sep 2018 04:43:30 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58376) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g0NDh-0000Er-TJ; Thu, 13 Sep 2018 04:43:26 -0400 Received: from [193.50.110.53] (port=33836 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1g0NDh-0001Qu-Hp; Thu, 13 Sep 2018 04:43:25 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Kei Kebreau Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> Date: Thu, 13 Sep 2018 10:43:24 +0200 In-Reply-To: <20180826004231.19350-1-kkebreau@posteo.net> (Kei Kebreau's message of "Sat, 25 Aug 2018 20:42:31 -0400") Message-ID: <87tvmtpz2r.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 32530 Cc: 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hi, Kei Kebreau skribis: > * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to= wrap > Octave with the path to system CA certificates. [...] > + (add-after 'install 'wrap-program > + (lambda* (#:key outputs #:allow-other-keys) > + (let ((out (assoc-ref outputs "out"))) > + (wrap-program (string-append out "/bin/octave") > + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) Users might want to ignore /etc/ssl/certs altogether and instead only use their own set of certificates, so I=E2=80=99m rather reluctant to such a change. Now, I agree that there=E2=80=99s a usability problem: we don=E2=80=99t wan= t every Octave user to stumble upon a certificate error message. I can think of several solutions: 1. We could add CURLOPT_CAPATH to the =E2=80=98native-search-paths=E2=80= =99 of =E2=80=98curl=E2=80=99, assuming that variable is honored by libcurl itself. It won=E2=80=99t solve this immediate issue, but it sounds like =E2=80=9Cthe right way.= =E2=80=9D 2. On GuixSD, we could define CURLOPT_CAPATH=3D/etc/ssl/certs in /etc/profile, like we already do for other variables. 3. We could document this variable under =E2=80=9CX.509 Certificates=E2= =80=9D in the manual. #1 would have to go to =E2=80=98core-updates=E2=80=99. WDYT? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 13 19:44:24 2018 Received: (at 32530) by debbugs.gnu.org; 13 Sep 2018 23:44:24 +0000 Received: from localhost ([127.0.0.1]:39809 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0bHc-0002j3-C8 for submit@debbugs.gnu.org; Thu, 13 Sep 2018 19:44:24 -0400 Received: from mout01.posteo.de ([185.67.36.65]:40604) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0bHZ-0002im-Pw for 32530@debbugs.gnu.org; Thu, 13 Sep 2018 19:44:22 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 7BC592108A for <32530@debbugs.gnu.org>; Fri, 14 Sep 2018 01:44:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1536882255; bh=83Jfk6jc3oqs2Nr1jxo4QwvWtFyDjslpYSuAOUA2Bxw=; h=From:To:Cc:Subject:Date:From; b=MeBQsQvZIYGM0BoVi339xJBeYYAQJ8e3wRnmJRS3fzRSLjniaM6veK+Znk7Oxylj1 AyePgO30vBu28CpzIogSJPmFj2ixIfSKAEhcY0zNs/8uGkKyUlgg64CM6AmnpX6jIp lm5rt0bWMcvRW5L7Ul90b3EvpJdYJYQvzREHqc+3rgUujKl6WghIqzKum61Wu0ytxh cvhAbMHJL7P+IHz2PqruiC4bCLzo9zIy7F5QJo5wOeyHEAa8lSfTFuJwAdSQvd+K9q LPh5AGn8jwolnPgqn8Z7g64Xw2ciSkOEgJGnGKBZkJyrySH+Djhsmy2i8H0rQWmgpm QbEXd/IvBNFBg== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42BFby2M5nz6tm6; Fri, 14 Sep 2018 01:44:14 +0200 (CEST) From: Kei Kebreau To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87tvmtpz2r.fsf@gnu.org> Date: Thu, 13 Sep 2018 19:44:12 -0400 In-Reply-To: <87tvmtpz2r.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 13 Sep 2018 10:43:24 +0200") Message-ID: <87h8it7yk3.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 32530 Cc: 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Hi, > > Kei Kebreau skribis: > >> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase t= o wrap >> Octave with the path to system CA certificates. > > [...] > >> + (add-after 'install 'wrap-program >> + (lambda* (#:key outputs #:allow-other-keys) >> + (let ((out (assoc-ref outputs "out"))) >> + (wrap-program (string-append out "/bin/octave") >> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) > > Users might want to ignore /etc/ssl/certs altogether and instead only > use their own set of certificates, so I=E2=80=99m rather reluctant to suc= h a > change. > > Now, I agree that there=E2=80=99s a usability problem: we don=E2=80=99t w= ant every > Octave user to stumble upon a certificate error message. I can think of > several solutions: > > 1. We could add CURLOPT_CAPATH to the =E2=80=98native-search-paths=E2= =80=99 of =E2=80=98curl=E2=80=99, > assuming that variable is honored by libcurl itself. It won=E2=80= =99t > solve this immediate issue, but it sounds like =E2=80=9Cthe right wa= y.=E2=80=9D > > 2. On GuixSD, we could define CURLOPT_CAPATH=3D/etc/ssl/certs in > /etc/profile, like we already do for other variables. > > 3. We could document this variable under =E2=80=9CX.509 Certificates=E2= =80=9D in the > manual. > > #1 would have to go to =E2=80=98core-updates=E2=80=99. WDYT? > > Thanks, > Ludo=E2=80=99. I don't mind putting #1 on 'core-updates' assuming it works. I will test it locally first. Also, thanks for looking at this! From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 14 21:54:49 2018 Received: (at 32530) by debbugs.gnu.org; 15 Sep 2018 01:54:49 +0000 Received: from localhost ([127.0.0.1]:41026 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0znN-0005w4-IF for submit@debbugs.gnu.org; Fri, 14 Sep 2018 21:54:49 -0400 Received: from mout02.posteo.de ([185.67.36.66]:56897) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0znI-0005vl-Qh for 32530@debbugs.gnu.org; Fri, 14 Sep 2018 21:54:45 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 8F1B720FDC for <32530@debbugs.gnu.org>; Sat, 15 Sep 2018 03:54:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1536976478; bh=kTCeqkqqnv0sCCbHmbRgErRBC2mBskHXioI7ej5EfKI=; h=From:To:Cc:Subject:Date:From; b=QF47uOtmjw9aTsANYKQoIb+kbUJYeuePpV1AUKjqQEvsGUKYBHRcRiy7AimWxAuoG 1PX7IPudP7xvyb9ck1ANvUofwo1hezwPw/AgItC/SGELWN5b5wiIN5SUugTtJJXFpW mM5vM5wlgXsl+xqhhhQWVKoRI+Ae0p9eGLyORx16wswMkSO4VUkeRZLzyxbPbEr3Bx N7K/dvI1VF83ya8T8ZinTg/pyLBMW+HqGzZ81SbJEL4OraUtMLUIdTkIfxTTRE7Zj6 7Ip5wV8YdIyKX1zid+vFRgw5aatYFwTBGgenwQ43rgNl2HgDrKZH4hC6lJyJDjQBA3 loUX42k69s8jQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42BwRx0N7sz9rxF; Sat, 15 Sep 2018 03:54:36 +0200 (CEST) From: Kei Kebreau To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87tvmtpz2r.fsf@gnu.org> <87h8it7yk3.fsf@posteo.net> Date: Fri, 14 Sep 2018 21:54:35 -0400 In-Reply-To: <87h8it7yk3.fsf@posteo.net> (Kei Kebreau's message of "Thu, 13 Sep 2018 19:44:12 -0400") Message-ID: <87va77zfs4.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 32530 Cc: 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Kei Kebreau writes: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: > >> Hi, >> >> Kei Kebreau skribis: >> >>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' >>> phase to wrap >>> Octave with the path to system CA certificates. >> >> [...] >> >>> + (add-after 'install 'wrap-program >>> + (lambda* (#:key outputs #:allow-other-keys) >>> + (let ((out (assoc-ref outputs "out"))) >>> + (wrap-program (string-append out "/bin/octave") >>> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) >> >> Users might want to ignore /etc/ssl/certs altogether and instead only >> use their own set of certificates, so I=E2=80=99m rather reluctant to su= ch a >> change. >> >> Now, I agree that there=E2=80=99s a usability problem: we don=E2=80=99t = want every >> Octave user to stumble upon a certificate error message. I can think of >> several solutions: >> >> 1. We could add CURLOPT_CAPATH to the =E2=80=98native-search-paths=E2= =80=99 of =E2=80=98curl=E2=80=99, >> assuming that variable is honored by libcurl itself. It won=E2=80= =99t >> solve this immediate issue, but it sounds like =E2=80=9Cthe right w= ay.=E2=80=9D >> >> 2. On GuixSD, we could define CURLOPT_CAPATH=3D/etc/ssl/certs in >> /etc/profile, like we already do for other variables. >> >> 3. We could document this variable under =E2=80=9CX.509 Certificates= =E2=80=9D in the >> manual. >> >> #1 would have to go to =E2=80=98core-updates=E2=80=99. WDYT? >> >> Thanks, >> Ludo=E2=80=99. > > I don't mind putting #1 on 'core-updates' assuming it works. I will test > it locally first. Also, thanks for looking at this! It looks like solution #1 does not work as expected. In this case, perhaps #3 would be preferable because the user can more easily control the environment variable? From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 15 04:37:45 2018 Received: (at 32530) by debbugs.gnu.org; 15 Sep 2018 08:37:45 +0000 Received: from localhost ([127.0.0.1]:41089 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g165I-0007pE-Sh for submit@debbugs.gnu.org; Sat, 15 Sep 2018 04:37:45 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:46157) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g165G-0007p6-TM for 32530@debbugs.gnu.org; Sat, 15 Sep 2018 04:37:43 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 69EC821AC2; Sat, 15 Sep 2018 04:37:42 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 15 Sep 2018 04:37:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=V7cgtpwgtGA+h4ynimbFpE1atZ/HSZPfkFlofbsN+o8=; b=ftu5jMeb 6SC+pokjHKf3y0n8blva9FuBOTg8QYywSxa2ocBUuYPpwNMTEyHJ1MLgjwsVdWl5 wEgx+MKr6wdZ4exqfF9Y89NKdUiDG0XbDWO3T41WBrrnOvG/BhuiJne7h7B2tt+/ srZC3bxZSb1M/0qulh8W0cL7p6AE6Vh0o+ZRsXeRk51XF2uI7JzL7PbrH8j3l5LX 1dDq6KvXXZK/rD3SqA/ULK3RBEtfqW+zUJC28zV5957dSgWQS9sTt6XyOhX3BSmS rqVmpcL4JbF0oTHEazShvbOaNxNzjLTaRyuqWY98SmZCaldmsCbsSc6wBmuSbex4 sMnz1PAxY/NwrA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=V7cgtpwgtGA+h4ynimbFpE1atZ/HS ZPfkFlofbsN+o8=; b=j2HEqopYe3WD+QQnVcz0rVWB1YEn/WLrDVHNXEv/Lty6Y c7SfbPNDaikvzFUWfI5loozb96AsYa1HSdskV13EMycobwlkHmZjYhDKNT0RQ3nu 3u01ygN4DWuKUU8SZDoNByIa3vHmlkdNf90mo3UPg8BSpwi704nfuE1U6Ec+TfP9 zOK+QIRnYIk33GSxCy9Zi1mMXIPhav6UIJKwt14Y25H6mdNiSB0IUjqSOT8TIl2W fXwVtIDUAXrI4sX2Bq/I3oPkeqxCcITcATd1n4juWjq34fNgWP/M9iKtnAqBoyQ4 yifPoquArk4TciRlNfXUkwry0aOc9CRCDpubVUNhA== X-ME-Proxy: X-ME-Sender: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 845D9102A0; Sat, 15 Sep 2018 04:37:41 -0400 (EDT) From: Marius Bakke To: Kei Kebreau , 32530@debbugs.gnu.org Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. In-Reply-To: <20180826004231.19350-1-kkebreau@posteo.net> References: <20180826004231.19350-1-kkebreau@posteo.net> User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Sat, 15 Sep 2018 10:37:39 +0200 Message-ID: <87o9czqhpo.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 32530 Cc: Kei Kebreau X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Kei Kebreau writes: > * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap > Octave with the path to system CA certificates. > --- > gnu/packages/maths.scm | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm > index 3d571e8cc..b0caff0f5 100644 > --- a/gnu/packages/maths.scm > +++ b/gnu/packages/maths.scm > @@ -1417,7 +1417,13 @@ can solve two kinds of problems: > (string-append "Vmakeinfo_program = \"" > (assoc-ref inputs "texinfo") > "/bin/makeinfo\""))) > - #t))))) > + #t)) > + (add-after 'install 'wrap-program > + (lambda* (#:key outputs #:allow-other-keys) > + (let ((out (assoc-ref outputs "out"))) > + (wrap-program (string-append out "/bin/octave") > + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) > + #t)))))) Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH (as with CURL_CA_BUNDLE for `curl`). That way installing certificates to the profile should be sufficient. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlucxNMACgkQoqBt8qM6 VPrkUQf/UeKImV8MyO52Lg9LTMhUMrPfwWSDTnydM6/5JwappyM5DB2S3kgS+IWE Dqm2//4J6uGYEF9VIGy3NMKJ9EubddUG3+0AaXiQppNyjaTyFPqGIV1tl1HpyhmO 0HyA/DEqMFS+w3eznwIMTWicKId8spodT/CqYWNFUO6Rmt2/+kQTnpuAusFeU4DN K+bRKV3ZF0GnLOQekesIfVH0zuTHd2jjLbbYhMYkcm73Vuwvk0RkRY4oE3Ue/0mE Nw6tU28pxAtm/KkJv0oy0PqvhWoDHHrNzkNAV25D75SXCp0b7mojMp+PRxJUraQS HxdF8AEr8PM7GTPi6YXVeojwRz2Xzw== =MhkP -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 15 14:31:15 2018 Received: (at 32530) by debbugs.gnu.org; 15 Sep 2018 18:31:15 +0000 Received: from localhost ([127.0.0.1]:41769 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1FLf-0003Ya-FZ for submit@debbugs.gnu.org; Sat, 15 Sep 2018 14:31:15 -0400 Received: from mout02.posteo.de ([185.67.36.66]:49623) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1FLd-0003YM-BL for 32530@debbugs.gnu.org; Sat, 15 Sep 2018 14:31:14 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 51D942104E for <32530@debbugs.gnu.org>; Sat, 15 Sep 2018 20:31:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1537036267; bh=WEJI2UKfWO9dLU5gPLMrgNEq7+S7fTC94tHwmkKXZac=; h=From:To:Cc:Subject:Date:From; b=LaVHJ2Nlp43dl1l2Hnozb7KCejnr3+iwe2RSwMDumXo88ruCJ5TLrM0h+yFInPsqo 5BnEXPm38P9h/6stOBnmRSkeb+H8nkjtaPuj2FTQw4/Pk5pxOTeUA0K3N+WAg98L/F W5d9JRJ2jBjLOPv+5G7LlXXstMOYORkwJIKnjjG2qvLfpoFwHwOVoPIEeAAtv+FzJP GtAhzAja79H7mXpKZPTqkRX2nYjTMTOt5GX0fPejBJL1lZCRvsfA5Dj1hbPznlvmh3 FbznlgTmMDohFR8zQKk/sVxH/69IG+fmgZEvAnU3CL6lG58OdEjykRVBPB2K1I8UII KcMxSS9zrSfwQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42CLYj640Sz9rxG; Sat, 15 Sep 2018 20:31:05 +0200 (CEST) From: Kei Kebreau To: Marius Bakke Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> Date: Sat, 15 Sep 2018 14:30:43 -0400 In-Reply-To: <87o9czqhpo.fsf@fastmail.com> (Marius Bakke's message of "Sat, 15 Sep 2018 10:37:39 +0200") Message-ID: <87r2huzk8c.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 32530 Cc: 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Marius Bakke writes: > Kei Kebreau writes: > >> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap >> Octave with the path to system CA certificates. >> --- >> gnu/packages/maths.scm | 8 +++++++- >> 1 file changed, 7 insertions(+), 1 deletion(-) >> >> diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm >> index 3d571e8cc..b0caff0f5 100644 >> --- a/gnu/packages/maths.scm >> +++ b/gnu/packages/maths.scm >> @@ -1417,7 +1417,13 @@ can solve two kinds of problems: >> (string-append "Vmakeinfo_program = \"" >> (assoc-ref inputs "texinfo") >> "/bin/makeinfo\""))) >> - #t))))) >> + #t)) >> + (add-after 'install 'wrap-program >> + (lambda* (#:key outputs #:allow-other-keys) >> + (let ((out (assoc-ref outputs "out"))) >> + (wrap-program (string-append out "/bin/octave") >> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) >> + #t)))))) > > Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH > (as with CURL_CA_BUNDLE for `curl`). That way installing certificates > to the profile should be sufficient. Ah! Yes, this works when I add curl to the profile. I didn't do this the first time. I'll upload a patch here soon. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAludT9MACgkQ5qXuPBlG eg396g/+LbIzc1LpdfYQ2DJb2bxgCGfFdMh8Pwh4HfZbcKkd7crEmr9C4fGv3V4C SUIoRk1OFQ1O8WYABB/z+NvAuiqWlAKCTAUjrmDvv64zr84uF6dasByE4h/tVzZk H50AjMqNHyjqBf16sCl7kkAxql14AKgjtKCBQtBDvzsVQV7AR7HJrcI9qO9OgfK1 2ywYmJGTxM0YLiiv3Mdcf6OewwbBfiaN23no1nZ9IldzSoM+mLeQEQV1GUwQc4eY 0fArgMB2lUhASfIbDsE4PR8E7rMfSmH5ST7v5Dvp9cqrRQByGgYVApsMHcIT2iGx u51lTDTOwWepcbJUcYUO4UKCbNisY/FE5Mdw7kgxpcr70R9MMY+baRgqVGa6MpvG Y8NNo8hWPpAKJmaJUVlvBS4xKpDx9B/M+exNH/93w4pZkxls0pJSUC+GPtDi8Lgu Pbi63FTCTxQSxClZdt7aHd/+8fVJ0e2sVNxWZJ8w+HVS5Dv6jAM/j7j5kYZdmYQh nYE3K9dAU9a1UKwKzvZaAvnoQsUa/8+wMcmEPkLuEKpxBnWbPy9ZIDyxU4R8/vYM ryn6+aQ/F2HhZu/YSPjtBeQK/nn2kr9OektBkaEA/EeOPTV4qp5fy5tnnytYsyQh 39Zg87leZPiEBfe3B62W2xa/mFqTtQGJGuuY6vPHKAO1F8ZYjEo= =8Ltm -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 17 12:33:21 2018 Received: (at 32530) by debbugs.gnu.org; 17 Sep 2018 16:33:21 +0000 Received: from localhost ([127.0.0.1]:43301 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1wSe-0000Vc-V0 for submit@debbugs.gnu.org; Mon, 17 Sep 2018 12:33:21 -0400 Received: from mout01.posteo.de ([185.67.36.65]:60438) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1wSc-0000VG-I4 for 32530@debbugs.gnu.org; Mon, 17 Sep 2018 12:33:19 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 1535821153 for <32530@debbugs.gnu.org>; Mon, 17 Sep 2018 18:33:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1537201992; bh=WcfYeIbO/pPjc6lelRZznIFafhaDgexTcDgh4EBqYBw=; h=From:To:Cc:Subject:Date:From; b=RPXRuocrGBE9CQ7ya76Treq+1iGiKXEgYcCOvuZKUuj6MjcADVwKjSBWm9vhNjUvb H9n22xbRYHH7Vgfg0OxA7NfDoqjyeCb7/7r6L2J8Lo32lestyf5eYNzUBiwq6TMuYW +S9WgjlDVLjQdqWn8bi+h4T4okEkMk99vEaiNL1Ks6gxJm/rpZKB99USiYOz5RWzDG zxgruOEz09HYZ6QsRYKIua/qAD2rt0O1pZSh7udGuJLt+tdQIcgKYoOyRt31qeKiBk 8q2Qpspyo64j8BOdTX7EHBt5RWu1HpoGrmR+BWbSrQgitcj7rcVPD5zbVEf5eW8Njh wVfOjtVNxJtEw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42DWrj6B9nz6tm6; Mon, 17 Sep 2018 18:33:09 +0200 (CEST) From: Kei Kebreau To: Marius Bakke , ludo@gnu.org Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> Date: Mon, 17 Sep 2018 12:33:01 -0400 In-Reply-To: <87r2huzk8c.fsf@posteo.net> (Kei Kebreau's message of "Sat, 15 Sep 2018 14:30:43 -0400") Message-ID: <87va74krsy.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 32530 Cc: 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Kei Kebreau writes: > Marius Bakke writes: > >> Kei Kebreau writes: >> >>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap >>> Octave with the path to system CA certificates. >>> --- >>> gnu/packages/maths.scm | 8 +++++++- >>> 1 file changed, 7 insertions(+), 1 deletion(-) >>> >>> diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm >>> index 3d571e8cc..b0caff0f5 100644 >>> --- a/gnu/packages/maths.scm >>> +++ b/gnu/packages/maths.scm >>> @@ -1417,7 +1417,13 @@ can solve two kinds of problems: >>> (string-append "Vmakeinfo_program = \"" >>> (assoc-ref inputs "texinfo") >>> "/bin/makeinfo\""))) >>> - #t))))) >>> + #t)) >>> + (add-after 'install 'wrap-program >>> + (lambda* (#:key outputs #:allow-other-keys) >>> + (let ((out (assoc-ref outputs "out"))) >>> + (wrap-program (string-append out "/bin/octave") >>> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) >>> + #t)))))) >> >> Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH >> (as with CURL_CA_BUNDLE for `curl`). That way installing certificates >> to the profile should be sufficient. > > Ah! Yes, this works when I add curl to the profile. I didn't do this the > first time. I'll upload a patch here soon. Here's the search path patch. With this, I needed both nss-certs and cURL installed alongside Octave to get certificates working. --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-curl-Add-a-search-path-for-CURLOPT_CAPATH.patch Content-Transfer-Encoding: quoted-printable From=2099614c73d5156ded2e865b7daf0955c9ff4eaaf4 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sun, 16 Sep 2018 22:17:06 -0400 Subject: [PATCH] gnu: curl: Add a search path for CURLOPT_CAPATH. * gnu/packages/curl.scm (curl)[native-search-paths]: New field. =2D-- gnu/packages/curl.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 6d45dc0cc..8bdba8655 100644 =2D-- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -83,7 +83,10 @@ (variable "CURL_CA_BUNDLE") (file-type 'regular) (separator #f) ;single entry =2D (files '("etc/ssl/certs/ca-certificates.crt"))))) + (files '("etc/ssl/certs/ca-certificates.crt"))) + (search-path-specification + (variable "CURLOPT_CAPATH") + (files '("etc/ssl/certs"))))) (arguments `(#:configure-flags '("--with-gnutls" "--with-gssapi") ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl =2D-=20 2.19.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAluf1z0ACgkQ5qXuPBlG eg1jNg/+McU6a69SAk85XmNXpqWbQEPa2+IGVyx04ME0iBNNOVaxQunja5EqSrfp uJ0T30EnrzYippmJOnybXtFcWnohuTLOuimR9LuBThYCdxCI66cvxwbK865aWhEc eXKTJZqx5Res7t4+wCCl3XovYEyUwyb2v57rU8O01h4GY2hcJLkNYshGQ1aSskYA LiaVlcWjoNy9WNCCBSyznWWaTree9ZLRtJ3npFy9cl0u10AwYlIBTV01BJKvSp+C P6m2CsUchsL+kB6oyVk40kYx7vXldJf59OCularF3W75B6vyxdwVbN4aOjCApC2Q Pc7XENt9urx4rQue5PS1WEccSMathVlAe1bc/iA4EuX1A3cJ3Jn/2P1A8YLz75bY BWsZKzRPzr0xCAlM8ClFLzrz4eAzDtmLw8NUaCXSBjiy8bCvOhnWkxP2hNdFlFkj hDQcUbTMucI9HlSyWBeaqATEyq4Z1nlrxnrtW1nbHaRB0JPJyncKzciiBvc3BgZA QIEISs6fV7FL9Fpswox6lxfYzdDW7Uuc+snl4xmNpi3X4l+yRhwkvKJwJLkCH1Km Z50nuKL96CQrJpxnDTCc3vE/6SdY8lMZU732O3uQcRdE3j8MT0Ts0EI3fxeTENVK NNFQ8FM9209sE+qutdCjvGOHHHyUZ0IjXkxM3O4WKzRkZi21xko= =yEXp -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 17 13:16:08 2018 Received: (at 32530) by debbugs.gnu.org; 17 Sep 2018 17:16:08 +0000 Received: from localhost ([127.0.0.1]:43324 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1x84-0001sK-1i for submit@debbugs.gnu.org; Mon, 17 Sep 2018 13:16:08 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:36689) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1x81-0001s8-Ss for 32530@debbugs.gnu.org; Mon, 17 Sep 2018 13:16:06 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 95CD321A77; Mon, 17 Sep 2018 13:16:05 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Mon, 17 Sep 2018 13:16:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=UZAXCjiRFGMgy1KknzCyn6nfjVFYWVLJLSlrU2lIspY=; b=jtb6t8+C stI8tn8uIbCtteAZGEhmVX9hzmTtxg2qsomOAzIxoGgqEmitiV3j+praIyC/Zfb3 KuWJGmP5bthZphOqpgdBxbHcJD6n3PYEq5+V6FQHQf8u+QyO4NhhHdv3CaIUb9gN ivKqfCw8Rt+S8uBN7mS4ThXBu9RcM/2Fp2Wxs5HKWqrOA8Ed7ZHY4oynts62e9TK BsjFTs6lmuIgcpK7cVAMKVrRS5fsaBFR2BW+2pcw99HQbQ++RKbQ7iBmcqvuWVdA 8bH2Gnw5tXbeKN90I8NjauMCA1Hn8wynHsMoLHgWfL5qW6nK16dt4hsfi8PFtRUX L/WC2GofDV1mfg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=UZAXCjiRFGMgy1KknzCyn6nfjVFYW VLJLSlrU2lIspY=; b=koabHMpSrRL6iM3BlqsB24yyFSlyStOMYYyx3CMzYqfuk j5iBO+OT0CUapJfVXXltmi5jj5XywujsQ7niX++5gNJp0a1qULpU/GvQP2I2K0Q0 cNEwvLeDheSn2iFXVnaE9ivtQ46IX/HRIwsteNbCRh0E8ebTp57AFTrjYxw+QKF9 Q5Mwwg9jNE1yh94+3qTJ9ol9fTMUhgL3wvdxYJjNU1TGi30YHU7VTb7+P0W52UBK Qfrl6gE+ZceDZFJToIni577MSFn6zZUxOMUJawnJ8GouIVyzvkWzIvo7iG6B+8X0 Cwbtnr+sZNx62FDL7Q29lRsDcY/S23CrK7613u34w== X-ME-Proxy: X-ME-Sender: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id AB1EBE4626; Mon, 17 Sep 2018 13:16:04 -0400 (EDT) From: Marius Bakke To: Kei Kebreau , ludo@gnu.org Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. In-Reply-To: <87va74krsy.fsf@posteo.net> References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Mon, 17 Sep 2018 19:16:02 +0200 Message-ID: <875zz4oxil.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 32530 Cc: 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Kei Kebreau writes: > Kei Kebreau writes: > >> Marius Bakke writes: >> >>> Kei Kebreau writes: >>> >>>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap >>>> Octave with the path to system CA certificates. >>>> --- >>>> gnu/packages/maths.scm | 8 +++++++- >>>> 1 file changed, 7 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm >>>> index 3d571e8cc..b0caff0f5 100644 >>>> --- a/gnu/packages/maths.scm >>>> +++ b/gnu/packages/maths.scm >>>> @@ -1417,7 +1417,13 @@ can solve two kinds of problems: >>>> (string-append "Vmakeinfo_program = \"" >>>> (assoc-ref inputs "texinfo") >>>> "/bin/makeinfo\""))) >>>> - #t))))) >>>> + #t)) >>>> + (add-after 'install 'wrap-program >>>> + (lambda* (#:key outputs #:allow-other-keys) >>>> + (let ((out (assoc-ref outputs "out"))) >>>> + (wrap-program (string-append out "/bin/octave") >>>> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) >>>> + #t)))))) >>> >>> Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH >>> (as with CURL_CA_BUNDLE for `curl`). That way installing certificates >>> to the profile should be sufficient. >> >> Ah! Yes, this works when I add curl to the profile. I didn't do this the >> first time. I'll upload a patch here soon. > > Here's the search path patch. With this, I needed both nss-certs and > cURL installed alongside Octave to get certificates working. [...] > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 6d45dc0cc..8bdba8655 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -83,7 +83,10 @@ > (variable "CURL_CA_BUNDLE") > (file-type 'regular) > (separator #f) ;single entry > - (files '("etc/ssl/certs/ca-certificates.crt"))))) > + (files '("etc/ssl/certs/ca-certificates.crt"))) > + (search-path-specification > + (variable "CURLOPT_CAPATH") > + (files '("etc/ssl/certs"))))) Adding this native-search-path to the "octave" package should be sufficient. Then you won't need curl in the profile, nor do we need to rebuild all the things that depend on curl. Can you try that? Thanks for fixing this issue :-) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAluf4VMACgkQoqBt8qM6 VPqi5QgAvtQ5jKsQCtFqNLWDSB90+isklTD5cDE7gqlloEdUMYAzK7mcv8HNbL7H 6NxEkYeqiB2RgRa9Mraz6LqYfOp3oUllLuRf2yqEs/CqtB/HnrP3mfMWeoY1ybA+ 8f9qRsNB/ZXKkIDL5nXCu6Mrf5j1e6HN6TllQ2UtEbMQQycZhU1dY1AtuSUsHM3h 0Ty55iYbxBXpI4XJJh9GWLkw74FmHlO9BMLvx0TtDt9YS9Nsdr7mTtn/EyQvI8Gs D9MVu7US/EoYaJf3fWVj4/1xaCF4KWAOZ/whrou882YkkEu0jLCFIwsVl2fuym1U WR4CT4FaZzeyhfS70WNLfEzYKNuCHQ== =bv6F -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 18 16:57:41 2018 Received: (at 32530) by debbugs.gnu.org; 18 Sep 2018 20:57:41 +0000 Received: from localhost ([127.0.0.1]:44806 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2N40-0002Kg-QB for submit@debbugs.gnu.org; Tue, 18 Sep 2018 16:57:41 -0400 Received: from mout02.posteo.de ([185.67.36.66]:41999) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2N3z-0002KS-42 for 32530@debbugs.gnu.org; Tue, 18 Sep 2018 16:57:40 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id D6876211CB for <32530@debbugs.gnu.org>; Tue, 18 Sep 2018 22:57:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1537304251; bh=8rrsKhfkyk0ecFDaV4489ZCLk7DV7s/x0FpeMxof6dc=; h=From:To:Cc:Subject:Date:From; b=JHb4hFnzehu6rLFFtmNOc98IlzZwj8hKUsZG8q25CxwyXr1ROgj8/Q2AENiJyzpcf RArFMiz6+JuMzV6B37p+3+Kv/7WthltyWTRrGt+ZVifBwZY03GYLVFmubUTqbzjlMs fIjONUbnMjpvm4nrY0zf/Q4rngx7ax/MOuj57rdXBHL4yggafUG+4dDwUvsq2Tltlt GOZwJcZHhUH8HF9nA7WaYcsdCCpFdYz2VAwzO1dyaViSxCM+/cphVZ23aSxeEk5sxJ e3y41GVC6G7MvT0btYoTzp8SJzNjN49Kj04AjPGblRmD2/6OX+4mVtZLvW5ZJg16vw Gw/AC5Qnl5Jsw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42FFgC26Pxz9rxG; Tue, 18 Sep 2018 22:57:27 +0200 (CEST) From: Kei Kebreau To: Marius Bakke Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> Date: Tue, 18 Sep 2018 16:57:25 -0400 In-Reply-To: <875zz4oxil.fsf@fastmail.com> (Marius Bakke's message of "Mon, 17 Sep 2018 19:16:02 +0200") Message-ID: <87efdqttfu.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 32530 Cc: ludo@gnu.org, 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Marius Bakke writes: > Kei Kebreau writes: > >> Kei Kebreau writes: >> >>> Marius Bakke writes: >>> >>>> Kei Kebreau writes: >>>> >>>>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap >>>>> Octave with the path to system CA certificates. >>>>> --- >>>>> gnu/packages/maths.scm | 8 +++++++- >>>>> 1 file changed, 7 insertions(+), 1 deletion(-) >>>>> >>>>> diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm >>>>> index 3d571e8cc..b0caff0f5 100644 >>>>> --- a/gnu/packages/maths.scm >>>>> +++ b/gnu/packages/maths.scm >>>>> @@ -1417,7 +1417,13 @@ can solve two kinds of problems: >>>>> (string-append "Vmakeinfo_program = \"" >>>>> (assoc-ref inputs "texinfo") >>>>> "/bin/makeinfo\""))) >>>>> - #t))))) >>>>> + #t)) >>>>> + (add-after 'install 'wrap-program >>>>> + (lambda* (#:key outputs #:allow-other-keys) >>>>> + (let ((out (assoc-ref outputs "out"))) >>>>> + (wrap-program (string-append out "/bin/octave") >>>>> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) >>>>> + #t)))))) >>>> >>>> Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH >>>> (as with CURL_CA_BUNDLE for `curl`). That way installing certificates >>>> to the profile should be sufficient. >>> >>> Ah! Yes, this works when I add curl to the profile. I didn't do this the >>> first time. I'll upload a patch here soon. >> >> Here's the search path patch. With this, I needed both nss-certs and >> cURL installed alongside Octave to get certificates working. > > [...] > >> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm >> index 6d45dc0cc..8bdba8655 100644 >> --- a/gnu/packages/curl.scm >> +++ b/gnu/packages/curl.scm >> @@ -83,7 +83,10 @@ >> (variable "CURL_CA_BUNDLE") >> (file-type 'regular) >> (separator #f) ;single entry >> - (files '("etc/ssl/certs/ca-certificates.crt"))))) >> + (files '("etc/ssl/certs/ca-certificates.crt"))) >> + (search-path-specification >> + (variable "CURLOPT_CAPATH") >> + (files '("etc/ssl/certs"))))) > > Adding this native-search-path to the "octave" package should be > sufficient. Then you won't need curl in the profile, nor do we need to > rebuild all the things that depend on curl. Can you try that? Adding the native-search-path to the "octave" package works! > > Thanks for fixing this issue :-) --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-octave-Add-a-search-path-for-CURLOPT_CAPATH.patch Content-Transfer-Encoding: quoted-printable From=20df88f083f8974b1cb17d03ede300505ec3ecabc1 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sun, 16 Sep 2018 22:17:06 -0400 Subject: [PATCH] gnu: octave: Add a search path for CURLOPT_CAPATH. * gnu/packages/maths.scm (octave)[native-search-paths]: New field. =2D-- gnu/packages/maths.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index d3e72128c..7389f972b 100644 =2D-- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -1397,6 +1397,10 @@ can solve two kinds of problems: ("less" ,less) ("ghostscript" ,ghostscript) ("gnuplot" ,gnuplot))) + (native-search-paths + (list (search-path-specification + (variable "CURLOPT_CAPATH") + (files '("etc/ssl/certs"))))) (arguments `(#:configure-flags (list (string-append "--with-shell=3D" =2D-=20 2.19.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAluhZrUACgkQ5qXuPBlG eg2v0RAAwDiORqKU69okM3DC/b3wpWtglK6ZmEt9YQl1AtemjMfFEL8uXHKt4Ocx 0ENo8xL/CGdo+35EVAJ7igNBAOps61Np1mRki001ICINJ4YcwyQYoCjesoCScWpa 6y17d67LyLlOFZZGp57H39hGzkVHXvcNrfB5h5pDGEBdiyPphNprOMRpam7Y0ZJP PELC2LPDaO7tUehAwlyYNdy0vE/WcJ1xJ3CQLTNYx1AjxkOIJ39g/UejAuqdPPrp uKjeyx73bAkXHEY3aIZH+gZDUMy3tNHj7sP0o6cnYu/2jkVaKNvW0rHl268KgtYn 9eWtpA65P1b5zww0Td90oKcYac9WWLDA/x6ltKsRoXVZRF96r2gBjg8k0varHbgy YOoUztV06Eve0hqfORMv6rRtCy1dhAep0vNvWnr9g82OxQP+Agy2qN8rzqrILBg1 nesj0NzjEZoEqGTL2sei2ku53WL9Ve+lne2R/GTtOkeOG5w7iquFfEOIaupoMYBt h4vGCq30OFWagspFDvQQHJgTqETzlZMFAEq/SQIpfxv0wEXP41C83yC4aFP4g6K6 cu3DhGh0VUns81N8Rrib/hK6UXqO3P7Zhiv8/oRSKVbr5vB4eERRy9AE8focPeDH 2J0hVkcYojeiqbZ0EoODXulIYXq6DlhwcYw5C1eBaWPOV9H5KaI= =+PJk -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 19 13:27:34 2018 Received: (at 32530) by debbugs.gnu.org; 19 Sep 2018 17:27:34 +0000 Received: from localhost ([127.0.0.1]:45917 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2gGD-00089f-IE for submit@debbugs.gnu.org; Wed, 19 Sep 2018 13:27:34 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:58429) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2gGB-00089U-Mj for 32530@debbugs.gnu.org; Wed, 19 Sep 2018 13:27:32 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 4B6F021FC0; Wed, 19 Sep 2018 13:27:31 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 19 Sep 2018 13:27:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=ZN6tJGSkPzTrYtvounv0nMnZP2Kn2OwE+ufoB+AFTGk=; b=DpwI/nZZ XrN32xSREwOfjaF+gVH0w5W6kX/GWQguJ/17x9Rgosgex8hZHFro6st/hMNs7XkQ Cjr2Fr8CcjU/YxjCfd/dR71EijaoJjz20AhJTyf6LieFJIW7h3H70ByUdWjZQ8B+ Wf4MbR5OGvJKTONQjKfsqWpSxu4fW92E1lnquCO/KIuC0Psdgvl3V9n4E1OCO3lF jtg0c0k5Y03dPx2rEJOJZI3juAMviBcrmQAFc2ZSBg0LVNolx+J0JMVASKWE1hME k11JbfGr5Uq2OcBvsX7mxzIaqnBRN7ULSt2UuveGlEMxqJXiMLVSS1X7L/faedp5 CGeRtFT3yeyUsA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=ZN6tJGSkPzTrYtvounv0nMnZP2Kn2 OwE+ufoB+AFTGk=; b=ARdiduVPy/Q/nfdNZkcaqV+6HPMBfdhZURmShV7MBwUVZ zKvU0pcFSWQmpcV6e6J5JnjYYYl2qEgDBsgR/YD6z4tVKiNt01fq7EWo1AO42Qse mS/40JNBlO7Ge3nud4fqVXQFWU4ilgYP+QB6K3SFEGGBJ789NOUYFJQ2+jceFPwh +cnIONgFskgrEP+ByRICKW70plpeLBHVrStvmx3vmmGa+CdOrXDpBCoI0mw92ha7 v2FNnz2BfFVVt1Say7z5oz/K08WwxsnZuQewrzCY95RYdJHV0L18vGUyBzz6qJ7o Kkt4aT2KeJslgaryrJet1XaMh3H0esQ5jqDR3M/9Q== X-ME-Proxy: X-ME-Sender: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 4C51C102E4; Wed, 19 Sep 2018 13:27:30 -0400 (EDT) From: Marius Bakke To: Kei Kebreau Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. In-Reply-To: <87efdqttfu.fsf@posteo.net> References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> <87efdqttfu.fsf@posteo.net> User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Wed, 19 Sep 2018 19:27:28 +0200 Message-ID: <8736u5pfcv.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 32530 Cc: ludo@gnu.org, 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Kei Kebreau writes: > Marius Bakke writes: > >> Kei Kebreau writes: >> >>> Kei Kebreau writes: >>> >>>> Marius Bakke writes: >>>> >>>>> Kei Kebreau writes: >>>>> >>>>>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap >>>>>> Octave with the path to system CA certificates. >>>>>> --- >>>>>> gnu/packages/maths.scm | 8 +++++++- >>>>>> 1 file changed, 7 insertions(+), 1 deletion(-) >>>>>> >>>>>> diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm >>>>>> index 3d571e8cc..b0caff0f5 100644 >>>>>> --- a/gnu/packages/maths.scm >>>>>> +++ b/gnu/packages/maths.scm >>>>>> @@ -1417,7 +1417,13 @@ can solve two kinds of problems: >>>>>> (string-append "Vmakeinfo_program = \"" >>>>>> (assoc-ref inputs "texinfo") >>>>>> "/bin/makeinfo\""))) >>>>>> - #t))))) >>>>>> + #t)) >>>>>> + (add-after 'install 'wrap-program >>>>>> + (lambda* (#:key outputs #:allow-other-keys) >>>>>> + (let ((out (assoc-ref outputs "out"))) >>>>>> + (wrap-program (string-append out "/bin/octave") >>>>>> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs"))) >>>>>> + #t)))))) >>>>> >>>>> Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH >>>>> (as with CURL_CA_BUNDLE for `curl`). That way installing certificates >>>>> to the profile should be sufficient. >>>> >>>> Ah! Yes, this works when I add curl to the profile. I didn't do this the >>>> first time. I'll upload a patch here soon. >>> >>> Here's the search path patch. With this, I needed both nss-certs and >>> cURL installed alongside Octave to get certificates working. >> >> [...] >> >>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm >>> index 6d45dc0cc..8bdba8655 100644 >>> --- a/gnu/packages/curl.scm >>> +++ b/gnu/packages/curl.scm >>> @@ -83,7 +83,10 @@ >>> (variable "CURL_CA_BUNDLE") >>> (file-type 'regular) >>> (separator #f) ;single entry >>> - (files '("etc/ssl/certs/ca-certificates.crt"))))) >>> + (files '("etc/ssl/certs/ca-certificates.crt"))) >>> + (search-path-specification >>> + (variable "CURLOPT_CAPATH") >>> + (files '("etc/ssl/certs"))))) >> >> Adding this native-search-path to the "octave" package should be >> sufficient. Then you won't need curl in the profile, nor do we need to >> rebuild all the things that depend on curl. Can you try that? > > Adding the native-search-path to the "octave" package works! Excellent! :-) [...] > diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm > index d3e72128c..7389f972b 100644 > --- a/gnu/packages/maths.scm > +++ b/gnu/packages/maths.scm > @@ -1397,6 +1397,10 @@ can solve two kinds of problems: > ("less" ,less) > ("ghostscript" ,ghostscript) > ("gnuplot" ,gnuplot))) > + (native-search-paths > + (list (search-path-specification > + (variable "CURLOPT_CAPATH") > + (files '("etc/ssl/certs"))))) LGTM. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAluihwAACgkQoqBt8qM6 VPpVJwf8C9cA3reBvLayHAyCSi+/Y/vCqz33WSSZiedpZMe1AJlCpPWacZCu7v3i jfJ9nsd433qDE8LWcWyDXMYISAOSsju8vN55ou2YyPhZsm2oNXUvEVyhExd1tQ0W 7Wr1MBK5M5zi6HvAMW2eBUqoAeoLeYriFzccx+fI6OevFzipiEIt3F+zAmDTkDlP 7cQOf+83v88gX0qBAFRtStBedsBUKiOyJz5udUvcnBFJ2qGo1MJpskT/ZXc0O2pt tx6qwoVYp8y21JDfm1SepCy9oq3Wx9smfxTH6wCpqGD9DfrO1Wrp5MddSkOB3bb0 oFjGJJW91r9/7XsdWv03lS9RlQmXNw== =rIGr -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 19 15:52:49 2018 Received: (at 32530) by debbugs.gnu.org; 19 Sep 2018 19:52:49 +0000 Received: from localhost ([127.0.0.1]:46031 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2iWm-0005y6-UZ for submit@debbugs.gnu.org; Wed, 19 Sep 2018 15:52:49 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55833) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2iWl-0005xr-Dj for 32530@debbugs.gnu.org; Wed, 19 Sep 2018 15:52:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g2iWf-0000aI-3J for 32530@debbugs.gnu.org; Wed, 19 Sep 2018 15:52:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:48685) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g2iWY-0000Wd-Id; Wed, 19 Sep 2018 15:52:37 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60886 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1g2iWX-0005Xd-Cy; Wed, 19 Sep 2018 15:52:33 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Marius Bakke Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Jour du Travail de =?utf-8?Q?l'Ann=C3=A9e?= 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 19 Sep 2018 21:52:32 +0200 In-Reply-To: <875zz4oxil.fsf@fastmail.com> (Marius Bakke's message of "Mon, 17 Sep 2018 19:16:02 +0200") Message-ID: <87k1nhfenz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 32530 Cc: Kei Kebreau , 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello, Marius Bakke skribis: > Kei Kebreau writes: [...] >> Here's the search path patch. With this, I needed both nss-certs and >> cURL installed alongside Octave to get certificates working. This is expected (see ), which is why I wrote it wouldn=E2=80=99t quite solve the issue; still, it=E2=80=99s = a step in the right direction. :-) >> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm >> index 6d45dc0cc..8bdba8655 100644 >> --- a/gnu/packages/curl.scm >> +++ b/gnu/packages/curl.scm >> @@ -83,7 +83,10 @@ >> (variable "CURL_CA_BUNDLE") >> (file-type 'regular) >> (separator #f) ;single entry >> - (files '("etc/ssl/certs/ca-certificates.crt"))))) >> + (files '("etc/ssl/certs/ca-certificates.crt"))) >> + (search-path-specification >> + (variable "CURLOPT_CAPATH") >> + (files '("etc/ssl/certs"))))) > > Adding this native-search-path to the "octave" package should be > sufficient. I think we should avoid doing this though, because conceptually CURLOPT_CAPATH =E2=80=9Cbelongs=E2=80=9D to cURL, not to Octave. > Then you won't need curl in the profile, nor do we need to rebuild all > the things that depend on curl. Can you try that? The patch above can go to the next =E2=80=98core-updates=E2=80=99 IMO. Kei, what about the two other options we discussed? Namely: > 2. On GuixSD, we could define CURLOPT_CAPATH=3D/etc/ssl/certs in > /etc/profile, like we already do for other variables. >=20 > 3. We could document this variable under =E2=80=9CX.509 Certificates=E2= =80=9D in the > manual. Thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 19 16:09:40 2018 Received: (at 32530) by debbugs.gnu.org; 19 Sep 2018 20:09:40 +0000 Received: from localhost ([127.0.0.1]:46042 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2in1-0006SZ-NP for submit@debbugs.gnu.org; Wed, 19 Sep 2018 16:09:40 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:42587) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2imz-0006SP-SL for 32530@debbugs.gnu.org; Wed, 19 Sep 2018 16:09:34 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 8BDED21F60; Wed, 19 Sep 2018 16:09:33 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 19 Sep 2018 16:09:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=E10bSWfCfmahn0GaVUYaTuLnmpbrYxjDSlYeELpkezc=; b=FxGA6GWI tZlHg3UGQvGVOzbX+xyWW+COzLPLQPp+SE33sdt1agKmieCBCi8J4iCCUFOXXuIj ol3w2VPJWkAm5sO9ZHGGOmOkI5kVe/Sg6HzVSM8OdnGyPJMAcrnMiDoiCnuCgQRq QiqoQQ875mrOyuZoiqRzfID2tvt6wSoJXyJvGwycp9x7BqzCAUY4QkMc01eqIz7z BIL3ef4W7e/+yvLGsH+/9/009cqJXxUAFXTxZPsJN5nKqEYI8Dcb9gmPsrKmKG5O Gn8A6ipxNUd7Hgz2IQQkEOOt3tEAPwRiFUTj7zQY9Q9fnQhdxvMIvZWFvz4QpRPl uB01jNotTWFjRQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=E10bSWfCfmahn0GaVUYaTuLnmpbrY xjDSlYeELpkezc=; b=QSOBDFBu1rIbHdwM9rdv/onOlKXEGedUxpLCY3ftfQCPA BWULFWyiaPndWh5I+Sda1rljkk/QXiiRIzvLJkzOqlZrJrQDugxkMr1iejYTmTaH YxQLWEkcwFKnto22ItaC+1VS3vnG32UNfe8hB4QUcW8AfAC6l7x/vTHZ4KV16Sxb IMCZ4sqjDNh8ftQTFFCQIj7XFNZBH1X45vMHQW8HmAYal+qvUf0CcSy0XSavIkX4 9pAE/wGkY6WxbuFyRGWsDFtrArS9wH/PWrxvjJBea95MK3jwZmW/RQ67fvcPGaGx XcIXY6H5zqkPwlnwbDGVzOEgV00gj1ab6y3hIqECQ== X-ME-Proxy: X-ME-Sender: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 44008102E2; Wed, 19 Sep 2018 16:09:32 -0400 (EDT) From: Marius Bakke To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. In-Reply-To: <87k1nhfenz.fsf@gnu.org> References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> <87k1nhfenz.fsf@gnu.org> User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Wed, 19 Sep 2018 22:09:30 +0200 Message-ID: <87musdntad.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 32530 Cc: Kei Kebreau , 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Hello, > > Marius Bakke skribis: > >> Kei Kebreau writes: > > [...] > >>> Here's the search path patch. With this, I needed both nss-certs and >>> cURL installed alongside Octave to get certificates working. > > This is expected (see ), which is > why I wrote it wouldn=E2=80=99t quite solve the issue; still, it=E2=80=99= s a step in the > right direction. :-) > >>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm >>> index 6d45dc0cc..8bdba8655 100644 >>> --- a/gnu/packages/curl.scm >>> +++ b/gnu/packages/curl.scm >>> @@ -83,7 +83,10 @@ >>> (variable "CURL_CA_BUNDLE") >>> (file-type 'regular) >>> (separator #f) ;single entry >>> - (files '("etc/ssl/certs/ca-certificates.crt"))))) >>> + (files '("etc/ssl/certs/ca-certificates.crt"))) >>> + (search-path-specification >>> + (variable "CURLOPT_CAPATH") >>> + (files '("etc/ssl/certs"))))) >> >> Adding this native-search-path to the "octave" package should be >> sufficient. > > I think we should avoid doing this though, because conceptually > CURLOPT_CAPATH =E2=80=9Cbelongs=E2=80=9D to cURL, not to Octave. Conceptually maybe, but to my knowledge libcurl itself does not support run-time search paths (due to thread safety concerns IIRC). This search path does seem to be Octave specific. From the ChangeLog: =2D-8<---------------cut here---------------start------------->8--- 2018-04-18 John W. Eaton allow users to set path to CA certificates for cURL * url-transfer.cc (curl_transfer::curl_transfer): Check for CURLOPT_CAINFO and CURLOPT_CAPATH environment variables. If set, u= se them to set the corresponding options for the cURL library. Files: liboctave/util/url-transfer.cc =2D-8<---------------cut here---------------end--------------->8--- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAluirPoACgkQoqBt8qM6 VPpbtAgAh+mX4WIDduADOgwtwBexUoYsd2mUAU34ribqpnvYLTGDsOUAe1CKihcP g8h9eutwYgdqNzisjn+1jIynWa7d1M8Ht0JBPGA8SbHiYSP8BXs8W7RIOjoatWTq 5mC4qh9ek/e5BngWn1TWqUDqEo0T8AlH23pnCvR6+ldy3MtKJ0SThAZ3/Up9Husu MKwt9lNdGO2XV4v4MdhvzI+B9bCF5YB/WevC5rvjehffyQVhJUnoaZ5BBl4q4xTb YEaBDyJ/vf3EiJ+Ecr1q52EUWW1OAfKx42rvO2i9xjpx2LkxbNf1gOx9RW/WGqI2 RbqJSnaYHQj6cqV25yuQ6jbe3I/mzQ== =WDCx -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 19 16:18:43 2018 Received: (at 32530) by debbugs.gnu.org; 19 Sep 2018 20:18:43 +0000 Received: from localhost ([127.0.0.1]:46050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2ivq-0006jx-SP for submit@debbugs.gnu.org; Wed, 19 Sep 2018 16:18:43 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42430) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g2ivp-0006jf-90 for 32530@debbugs.gnu.org; Wed, 19 Sep 2018 16:18:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g2ivi-0002wg-Uc for 32530@debbugs.gnu.org; Wed, 19 Sep 2018 16:18:35 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:49245) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g2ivi-0002wW-N7; Wed, 19 Sep 2018 16:18:34 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=33284 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1g2ivi-0005Wv-FQ; Wed, 19 Sep 2018 16:18:34 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Marius Bakke Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> <87k1nhfenz.fsf@gnu.org> <87musdntad.fsf@fastmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Jour du Travail de =?utf-8?Q?l'Ann=C3=A9e?= 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 19 Sep 2018 22:18:33 +0200 In-Reply-To: <87musdntad.fsf@fastmail.com> (Marius Bakke's message of "Wed, 19 Sep 2018 22:09:30 +0200") Message-ID: <871s9pfdgm.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 32530 Cc: Kei Kebreau , 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Marius Bakke skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: [...] >>> Adding this native-search-path to the "octave" package should be >>> sufficient. >> >> I think we should avoid doing this though, because conceptually >> CURLOPT_CAPATH =E2=80=9Cbelongs=E2=80=9D to cURL, not to Octave. > > Conceptually maybe, but to my knowledge libcurl itself does not support > run-time search paths (due to thread safety concerns IIRC). > > This search path does seem to be Octave specific. From the ChangeLog: > > 2018-04-18 John W. Eaton > > allow users to set path to CA certificates for cURL > > * url-transfer.cc (curl_transfer::curl_transfer): Check for > CURLOPT_CAINFO and CURLOPT_CAPATH environment variables. If set,= use > them to set the corresponding options for the cURL library. > > Files: liboctave/util/url-transfer.cc Oh, I stand corrected! Then the patch LGTM, maybe with a comment saying that those variables are actually Octave-specific. :-) Thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 20 14:03:35 2018 Received: (at 32530) by debbugs.gnu.org; 20 Sep 2018 18:03:35 +0000 Received: from localhost ([127.0.0.1]:47292 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g33IZ-0004eL-UY for submit@debbugs.gnu.org; Thu, 20 Sep 2018 14:03:35 -0400 Received: from mout02.posteo.de ([185.67.36.66]:39127) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g33IY-0004e4-0L for 32530@debbugs.gnu.org; Thu, 20 Sep 2018 14:03:30 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 668B821181 for <32530@debbugs.gnu.org>; Thu, 20 Sep 2018 20:03:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1537466603; bh=sbGx/MUMQwhsLSxt+1opWiRXvi2sVQXhQT4RfEBPKLs=; h=From:To:Cc:Subject:Date:From; b=et1mzbYfKbHpSOsl79vNeZ5zfbd9s2Ovc8o3WnGiw0rCqFtWjeIBceX/YknspJEHr lubRzBbEUziLxDUyzVhNeiK+67Xo8ZhLizERnLxGa7SsJqtCw+BhtRg5qOJbW5Nmkd zW7W+l4qRnL4ODCA7q40Hpwpb7zCk+T/CjdHR0JejWc1A0dhjy95M1guCVbkOhIrrT pUo1+5JMkx/cb7g2UfpuEP1yY5pf17iO/+hXcDnAxXcKuHAEtyKlGRwELdTyMbNV07 Eidtq0bUuQEWZa7RyqUIukWZzWfwwoDT6qaO759pRcE030bTVHq7oFVN4OLtnbf/lz TbTyDp8yyLNEA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42GPjP43Zhz9rxG; Thu, 20 Sep 2018 20:03:21 +0200 (CEST) From: Kei Kebreau To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> <87k1nhfenz.fsf@gnu.org> <87musdntad.fsf@fastmail.com> <871s9pfdgm.fsf@gnu.org> Date: Thu, 20 Sep 2018 14:03:20 -0400 In-Reply-To: <871s9pfdgm.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 19 Sep 2018 22:18:33 +0200") Message-ID: <87a7oct5av.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 32530 Cc: Marius Bakke , 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Marius Bakke skribis: > >> ludo@gnu.org (Ludovic Court=C3=A8s) writes: > > [...] > >>>> Adding this native-search-path to the "octave" package should be >>>> sufficient. >>> >>> I think we should avoid doing this though, because conceptually >>> CURLOPT_CAPATH =E2=80=9Cbelongs=E2=80=9D to cURL, not to Octave. >> >> Conceptually maybe, but to my knowledge libcurl itself does not support >> run-time search paths (due to thread safety concerns IIRC). >> >> This search path does seem to be Octave specific. From the ChangeLog: >> >> 2018-04-18 John W. Eaton >> >> allow users to set path to CA certificates for cURL >> >> * url-transfer.cc (curl_transfer::curl_transfer): Check for >> CURLOPT_CAINFO and CURLOPT_CAPATH environment variables. If set= , use >> them to set the corresponding options for the cURL library. >> >> Files: liboctave/util/url-transfer.cc > > Oh, I stand corrected! Then the patch LGTM, maybe with a comment saying > that those variables are actually Octave-specific. :-) > > Thank you! > > Ludo=E2=80=99. Is it really Octave-specific? It's defined in the libcurl API [0], so other software could make use of the variable. [0]: https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 24 05:02:52 2018 Received: (at 32530) by debbugs.gnu.org; 24 Sep 2018 09:02:53 +0000 Received: from localhost ([127.0.0.1]:51319 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g4MlU-0002aj-LB for submit@debbugs.gnu.org; Mon, 24 Sep 2018 05:02:52 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58557) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g4MlS-0002aX-Nq for 32530@debbugs.gnu.org; Mon, 24 Sep 2018 05:02:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g4MlJ-0001bO-8c for 32530@debbugs.gnu.org; Mon, 24 Sep 2018 05:02:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59262) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g4MlI-0001b4-Uy; Mon, 24 Sep 2018 05:02:37 -0400 Received: from [193.50.110.247] (port=56380 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1g4MlI-0005vz-LJ; Mon, 24 Sep 2018 05:02:36 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Kei Kebreau Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> <87k1nhfenz.fsf@gnu.org> <87musdntad.fsf@fastmail.com> <871s9pfdgm.fsf@gnu.org> <87a7oct5av.fsf@posteo.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 3 =?utf-8?Q?Vend=C3=A9miaire?= an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 24 Sep 2018 11:02:35 +0200 In-Reply-To: <87a7oct5av.fsf@posteo.net> (Kei Kebreau's message of "Thu, 20 Sep 2018 14:03:20 -0400") Message-ID: <871s9jxo7o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 32530 Cc: Marius Bakke , 32530@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello Kei, Kei Kebreau skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: > >> Marius Bakke skribis: >> >>> ludo@gnu.org (Ludovic Court=C3=A8s) writes: >> >> [...] >> >>>>> Adding this native-search-path to the "octave" package should be >>>>> sufficient. >>>> >>>> I think we should avoid doing this though, because conceptually >>>> CURLOPT_CAPATH =E2=80=9Cbelongs=E2=80=9D to cURL, not to Octave. >>> >>> Conceptually maybe, but to my knowledge libcurl itself does not support >>> run-time search paths (due to thread safety concerns IIRC). >>> >>> This search path does seem to be Octave specific. From the ChangeLog: >>> >>> 2018-04-18 John W. Eaton >>> >>> allow users to set path to CA certificates for cURL >>> >>> * url-transfer.cc (curl_transfer::curl_transfer): Check for >>> CURLOPT_CAINFO and CURLOPT_CAPATH environment variables. If se= t, use >>> them to set the corresponding options for the cURL library. >>> >>> Files: liboctave/util/url-transfer.cc >> >> Oh, I stand corrected! Then the patch LGTM, maybe with a comment saying >> that those variables are actually Octave-specific. :-) >> >> Thank you! >> >> Ludo=E2=80=99. > > Is it really Octave-specific? It's defined in the libcurl API [0], so > other software could make use of the variable. > > [0]: https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html I think you=E2=80=99re both right. :-) The =E2=80=98url-transfer.cc=E2=80=99 file in Octave mentioned above does t= his: std::string cainfo =3D sys::env::getenv ("CURLOPT_CAINFO"); if (! cainfo.empty ()) SETOPT (CURLOPT_CAINFO, cainfo.c_str ()); std::string capath =3D sys::env::getenv ("CURLOPT_CAPATH"); if (! capath.empty ()) SETOPT (CURLOPT_CAPATH, capath.c_str ()); Based on that, I think it=E2=80=99s perfectly fine to add these two variabl= es in the =E2=80=98native-search-paths=E2=80=99 of Octave itself, probably with a= comment explaining that Octave really honors these variables by itself. Feel free to push such a change! Thank you, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 24 21:43:33 2018 Received: (at 32530-done) by debbugs.gnu.org; 25 Sep 2018 01:43:33 +0000 Received: from localhost ([127.0.0.1]:52638 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g4cNw-0000SR-Sn for submit@debbugs.gnu.org; Mon, 24 Sep 2018 21:43:33 -0400 Received: from mout01.posteo.de ([185.67.36.65]:43346) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g4cNp-0000S9-TU for 32530-done@debbugs.gnu.org; Mon, 24 Sep 2018 21:43:31 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 810B42115E for <32530-done@debbugs.gnu.org>; Tue, 25 Sep 2018 03:43:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1537839799; bh=ED4gEkzoRhd53ZoBQm6iWAZ9porx+fwmL0pKGn1Xew8=; h=From:To:Cc:Subject:Date:From; b=cltiztey/9jA/bRzSLOzG9W7/LfGa7eqUQxpw0r7x6iYVCp83vS6zwXJdaDTebDZ6 J3oKRqqTSIcgH469DsTikN2yOCMP3rpS5E6jNlNTZmvawrP6mFm7PKPdLU0YKQbU2Q JOYXiS+zBGVGtnuv5sursBhQe7l31eeYultWeqW2BNjVK+jEb0KQaOenAnJsLUbExR x80rlMEpIP0u4fWT9ru7qQAU0v0TZDb1uqp3NE9v0wPTfd9O6wc4N8FrAiTT8QHE20 4iqPRwpGF5efdpBwiZKcpLRhYfJ6tOSu9VNJq3fBYYzMzQjUUNge13HFxUf7OqsI// S5D7XIitjRxDQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 42K3kF6q0xz6tm5; Tue, 25 Sep 2018 03:43:17 +0200 (CEST) From: Kei Kebreau To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use. References: <20180826004231.19350-1-kkebreau@posteo.net> <87o9czqhpo.fsf@fastmail.com> <87r2huzk8c.fsf@posteo.net> <87va74krsy.fsf@posteo.net> <875zz4oxil.fsf@fastmail.com> <87k1nhfenz.fsf@gnu.org> <87musdntad.fsf@fastmail.com> <871s9pfdgm.fsf@gnu.org> <87a7oct5av.fsf@posteo.net> <871s9jxo7o.fsf@gnu.org> Date: Mon, 24 Sep 2018 21:43:16 -0400 In-Reply-To: <871s9jxo7o.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 24 Sep 2018 11:02:35 +0200") Message-ID: <87in2utkqz.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 32530-done Cc: Marius Bakke , 32530-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Hello Kei, > > Kei Kebreau skribis: > >> ludo@gnu.org (Ludovic Court=C3=A8s) writes: >> >>> Marius Bakke skribis: >>> >>>> ludo@gnu.org (Ludovic Court=C3=A8s) writes: >>> >>> [...] >>> >>>>>> Adding this native-search-path to the "octave" package should be >>>>>> sufficient. >>>>> >>>>> I think we should avoid doing this though, because conceptually >>>>> CURLOPT_CAPATH =E2=80=9Cbelongs=E2=80=9D to cURL, not to Octave. >>>> >>>> Conceptually maybe, but to my knowledge libcurl itself does not support >>>> run-time search paths (due to thread safety concerns IIRC). >>>> >>>> This search path does seem to be Octave specific. From the ChangeLog: >>>> >>>> 2018-04-18 John W. Eaton >>>> >>>> allow users to set path to CA certificates for cURL >>>> >>>> * url-transfer.cc (curl_transfer::curl_transfer): Check for >>>> CURLOPT_CAINFO and CURLOPT_CAPATH environment variables. >>>> If set, use >>>> them to set the corresponding options for the cURL library. >>>> >>>> Files: liboctave/util/url-transfer.cc >>> >>> Oh, I stand corrected! Then the patch LGTM, maybe with a comment saying >>> that those variables are actually Octave-specific. :-) >>> >>> Thank you! >>> >>> Ludo=E2=80=99. >> >> Is it really Octave-specific? It's defined in the libcurl API [0], so >> other software could make use of the variable. >> >> [0]: https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html > > I think you=E2=80=99re both right. :-) > > The =E2=80=98url-transfer.cc=E2=80=99 file in Octave mentioned above does= this: > > std::string cainfo =3D sys::env::getenv ("CURLOPT_CAINFO"); > if (! cainfo.empty ()) > SETOPT (CURLOPT_CAINFO, cainfo.c_str ()); > > std::string capath =3D sys::env::getenv ("CURLOPT_CAPATH"); > if (! capath.empty ()) > SETOPT (CURLOPT_CAPATH, capath.c_str ()); > > Based on that, I think it=E2=80=99s perfectly fine to add these two varia= bles in > the =E2=80=98native-search-paths=E2=80=99 of Octave itself, probably with= a comment > explaining that Octave really honors these variables by itself. > > Feel free to push such a change! > > Thank you, > Ludo=E2=80=99. Finally pushed to master! Thanks to both of you for reviewing this. From unknown Fri Aug 15 02:01:51 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 23 Oct 2018 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator