GNU bug report logs - #32530
[PATCH] gnu: octave: Fix CA certificate use.

Previous Next

Package: guix-patches;

Reported by: Kei Kebreau <kkebreau <at> posteo.net>

Date: Sun, 26 Aug 2018 00:43:02 UTC

Severity: normal

Tags: patch

Done: Kei Kebreau <kkebreau <at> posteo.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Marius Bakke <mbakke <at> fastmail.com>
To: Kei Kebreau <kkebreau <at> posteo.net>, ludo <at> gnu.org
Cc: 32530 <at> debbugs.gnu.org
Subject: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use.
Date: Mon, 17 Sep 2018 19:16:02 +0200

[Message part 1 (text/plain, inline)]
Kei Kebreau <kkebreau <at> posteo.net> writes:

> Kei Kebreau <kkebreau <at> posteo.net> writes:
>
>> Marius Bakke <mbakke <at> fastmail.com> writes:
>>
>>> Kei Kebreau <kkebreau <at> posteo.net> writes:
>>>
>>>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap
>>>> Octave with the path to system CA certificates.
>>>> ---
>>>>  gnu/packages/maths.scm | 8 +++++++-
>>>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
>>>> index 3d571e8cc..b0caff0f5 100644
>>>> --- a/gnu/packages/maths.scm
>>>> +++ b/gnu/packages/maths.scm
>>>> @@ -1417,7 +1417,13 @@ can solve two kinds of problems:
>>>>                  (string-append "Vmakeinfo_program = \""
>>>>                                 (assoc-ref inputs "texinfo")
>>>>                                 "/bin/makeinfo\"")))
>>>> -             #t)))))
>>>> +             #t))
>>>> +         (add-after 'install 'wrap-program
>>>> +           (lambda* (#:key outputs #:allow-other-keys)
>>>> +             (let ((out (assoc-ref outputs "out")))
>>>> +               (wrap-program (string-append out "/bin/octave")
>>>> +                 '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs")))
>>>> +               #t))))))
>>>
>>> Instead of wrapping you can add a native-search-path for CURLOPT_CAPATH
>>> (as with CURL_CA_BUNDLE for `curl`).  That way installing certificates
>>> to the profile should be sufficient.
>>
>> Ah! Yes, this works when I add curl to the profile. I didn't do this the
>> first time. I'll upload a patch here soon.
>
> Here's the search path patch. With this, I needed both nss-certs and
> cURL installed alongside Octave to get certificates working.

[...]

> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 6d45dc0cc..8bdba8655 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -83,7 +83,10 @@
>             (variable "CURL_CA_BUNDLE")
>             (file-type 'regular)
>             (separator #f)                         ;single entry
> -           (files '("etc/ssl/certs/ca-certificates.crt")))))
> +           (files '("etc/ssl/certs/ca-certificates.crt")))
> +          (search-path-specification
> +           (variable "CURLOPT_CAPATH")
> +           (files '("etc/ssl/certs")))))

Adding this native-search-path to the "octave" package should be
sufficient.  Then you won't need curl in the profile, nor do we need to
rebuild all the things that depend on curl.  Can you try that?

Thanks for fixing this issue :-)

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 297 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.