GNU bug report logs - #32530
[PATCH] gnu: octave: Fix CA certificate use.

Previous Next

Package: guix-patches;

Reported by: Kei Kebreau <kkebreau <at> posteo.net>

Date: Sun, 26 Aug 2018 00:43:02 UTC

Severity: normal

Tags: patch

Done: Kei Kebreau <kkebreau <at> posteo.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: Kei Kebreau <kkebreau <at> posteo.net>, 32530 <at> debbugs.gnu.org
Subject: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use.
Date: Wed, 19 Sep 2018 21:52:32 +0200

Hello,

Marius Bakke <mbakke <at> fastmail.com> skribis:

> Kei Kebreau <kkebreau <at> posteo.net> writes:

[...]

>> Here's the search path patch. With this, I needed both nss-certs and
>> cURL installed alongside Octave to get certificates working.

This is expected (see <https://issues.guix.info/issue/22138>), which is
why I wrote it wouldn’t quite solve the issue; still, it’s a step in the
right direction.  :-)

>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index 6d45dc0cc..8bdba8655 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -83,7 +83,10 @@
>>             (variable "CURL_CA_BUNDLE")
>>             (file-type 'regular)
>>             (separator #f)                         ;single entry
>> -           (files '("etc/ssl/certs/ca-certificates.crt")))))
>> +           (files '("etc/ssl/certs/ca-certificates.crt")))
>> +          (search-path-specification
>> +           (variable "CURLOPT_CAPATH")
>> +           (files '("etc/ssl/certs")))))
>
> Adding this native-search-path to the "octave" package should be
> sufficient.

I think we should avoid doing this though, because conceptually
CURLOPT_CAPATH “belongs” to cURL, not to Octave.

> Then you won't need curl in the profile, nor do we need to rebuild all
> the things that depend on curl.  Can you try that?

The patch above can go to the next ‘core-updates’ IMO.

Kei, what about the two other options we discussed?  Namely:

>   2. On GuixSD, we could define CURLOPT_CAPATH=/etc/ssl/certs in
>      /etc/profile, like we already do for other variables.
> 
>   3. We could document this variable under “X.509 Certificates” in the
>      manual.

Thank you!

Ludo’.
This bug report was last modified 6 years and 297 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.