GNU bug report logs - #32530
[PATCH] gnu: octave: Fix CA certificate use.

Previous Next

Package: guix-patches;

Reported by: Kei Kebreau <kkebreau <at> posteo.net>

Date: Sun, 26 Aug 2018 00:43:02 UTC

Severity: normal

Tags: patch

Done: Kei Kebreau <kkebreau <at> posteo.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Kei Kebreau <kkebreau <at> posteo.net>
Subject: bug#32530: closed (Re: [bug#32530] [PATCH] gnu: octave: Fix CA
 certificate use.)
Date: Tue, 25 Sep 2018 01:44:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#32530: [PATCH] gnu: octave: Fix CA certificate use.

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 32530 <at> debbugs.gnu.org.

-- 
32530: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=32530
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Kei Kebreau <kkebreau <at> posteo.net>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: Marius Bakke <mbakke <at> fastmail.com>, 32530-done <at> debbugs.gnu.org
Subject: Re: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use.
Date: Mon, 24 Sep 2018 21:43:16 -0400

ludo <at> gnu.org (Ludovic Courtès) writes:

> Hello Kei,
>
> Kei Kebreau <kkebreau <at> posteo.net> skribis:
>
>> ludo <at> gnu.org (Ludovic Courtès) writes:
>>
>>> Marius Bakke <mbakke <at> fastmail.com> skribis:
>>>
>>>> ludo <at> gnu.org (Ludovic Courtès) writes:
>>>
>>> [...]
>>>
>>>>>> Adding this native-search-path to the "octave" package should be
>>>>>> sufficient.
>>>>>
>>>>> I think we should avoid doing this though, because conceptually
>>>>> CURLOPT_CAPATH “belongs” to cURL, not to Octave.
>>>>
>>>> Conceptually maybe, but to my knowledge libcurl itself does not support
>>>> run-time search paths (due to thread safety concerns IIRC).
>>>>
>>>> This search path does seem to be Octave specific.  From the ChangeLog:
>>>>
>>>> 2018-04-18  John W. Eaton  <jwe <at> octave.org>
>>>>
>>>>         allow users to set path to CA certificates for cURL
>>>>
>>>>         * url-transfer.cc (curl_transfer::curl_transfer): Check for
>>>>         CURLOPT_CAINFO and CURLOPT_CAPATH environment variables.
>>>> If set, use
>>>>         them to set the corresponding options for the cURL library.
>>>>
>>>>         Files: liboctave/util/url-transfer.cc
>>>
>>> Oh, I stand corrected!  Then the patch LGTM, maybe with a comment saying
>>> that those variables are actually Octave-specific.  :-)
>>>
>>> Thank you!
>>>
>>> Ludo’.
>>
>> Is it really Octave-specific? It's defined in the libcurl API [0], so
>> other software could make use of the variable.
>>
>> [0]: https://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html
>
> I think you’re both right.  :-)
>
> The ‘url-transfer.cc’ file in Octave mentioned above does this:
>
>       std::string cainfo = sys::env::getenv ("CURLOPT_CAINFO");
>       if (! cainfo.empty ())
>         SETOPT (CURLOPT_CAINFO, cainfo.c_str ());
>
>       std::string capath = sys::env::getenv ("CURLOPT_CAPATH");
>       if (! capath.empty ())
>         SETOPT (CURLOPT_CAPATH, capath.c_str ());
>
> Based on that, I think it’s perfectly fine to add these two variables in
> the ‘native-search-paths’ of Octave itself, probably with a comment
> explaining that Octave really honors these variables by itself.
>
> Feel free to push such a change!
>
> Thank you,
> Ludo’.

Finally pushed to master! Thanks to both of you for reviewing this.

[Message part 3 (message/rfc822, inline)]

From: Kei Kebreau <kkebreau <at> posteo.net>
To: guix-patches <at> gnu.org
Cc: Kei Kebreau <kkebreau <at> posteo.net>
Subject: [PATCH] gnu: octave: Fix CA certificate use.
Date: Sat, 25 Aug 2018 20:42:31 -0400

* gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap
Octave with the path to system CA certificates.
---
 gnu/packages/maths.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 3d571e8cc..b0caff0f5 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1417,7 +1417,13 @@ can solve two kinds of problems:
                 (string-append "Vmakeinfo_program = \""
                                (assoc-ref inputs "texinfo")
                                "/bin/makeinfo\"")))
-             #t)))))
+             #t))
+         (add-after 'install 'wrap-program
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (wrap-program (string-append out "/bin/octave")
+                 '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs")))
+               #t))))))
     (home-page "https://www.gnu.org/software/octave/")
     (synopsis "High-level language for numerical computation")
     (description "GNU Octave is a high-level interpreted language that is
-- 
2.18.0

This bug report was last modified 6 years and 297 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #32530 [PATCH] gnu: octave: Fix CA certificate use.

GNU bug report logs - #32530
[PATCH] gnu: octave: Fix CA certificate use.