GNU bug report logs -
#33272
guix refresh/download backtrace error when missing nss-certs
Previous Next
To reply to this bug, email your comments to 33272 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#33272; Package
guix.
(Mon, 05 Nov 2018 11:17:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
swedebugia <swedebugia <at> riseup.net>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Mon, 05 Nov 2018 11:17:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
In a qemu VM based on the image for 0.15 and pulled once I get:
sdb <at> komputilo ~$ git clone https://git.savannah.gnu.org/git/guix.git test
Cloning into 'test'...
fatal: unable to access 'https://git.savannah.gnu.org/git/guix.git/':
Problem with the SSL CA cert (path? access rights?)
fails nicely in contrast to:
sdb <at> komputilo ~$ guix refresh artanis
Backtrace:
13 (primitive-load "/home/sdb/.config/guix/current/bin/guix")
In guix/ui.scm:
1578:12 12 (run-guix-command _ . _)
In ice-9/boot-9.scm:
829:9 11 (catch srfi-34 #<procedure 28dd540 at guix/ui.scm:610:…> …)
829:9 10 (catch system-error #<procedure 262fe10 at guix/script…> …)
In guix/scripts/refresh.scm:
449:12 9 (_)
In srfi/srfi-1.scm:
640:9 8 (for-each #<procedure 28e3f20 at guix/scripts/refresh.…> …)
In guix/scripts/refresh.scm:
236:2 7 (check-for-package-update #<package artanis <at> 0.2.1-3 gn…> …)
In guix/gnu-maintenance.scm:
472:21 6 (latest-gnu-release _)
457:16 5 (_)
In ice-9/boot-9.scm:
829:9 4 (catch srfi-34 #<procedure 262fdc0 at guix/http-client…> …)
In guix/http-client.scm:
182:20 3 (_)
88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
In guix/build/download.scm:
398:4 1 (open-connection-for-uri _ #:timeout _ # _)
296:6 0 (tls-wrap #<closed: file 2641c40> _ # _)
guix/build/download.scm:296:6: In procedure tls-wrap:
X.509 certificate of 'ftp.gnu.org' could not be verified:
signer-not-found
invalid
I suggest we change it to fail nicely. I am willing to create a patch.
Would somebody be willing to mentor me?
As a start:
How do I check if nss-certs is installed?
This is the first thing we should do when handling https-URIs
(define tls-wrap is a quite complicated procedure, maybe an extra (if at
the body (of the let) will do?
something like
(if package-available? nss-certs
true; continue
false-> error nicely
--
Cheers
Swedebugia
Information forwarded
to
bug-guix <at> gnu.org:
bug#33272; Package
guix.
(Mon, 05 Nov 2018 20:28:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 33272 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Nov 05, 2018 at 12:16:08PM +0100, swedebugia wrote:
> I suggest we change it to fail nicely. I am willing to create a patch. Would
> somebody be willing to mentor me?
>
> As a start:
>
> How do I check if nss-certs is installed?
>
> This is the first thing we should do when handling https-URIs
>
> (define tls-wrap is a quite complicated procedure, maybe an extra (if at the
> body (of the let) will do?
>
> something like
>
> (if package-available? nss-certs
>
> true; continue
>
> false-> error nicely
IMO a better solution is to catch the error and print an informative
message. Already, the error message at the end is coming from Guix, but
we should hide the backtrace and add a hint towards a solution.
I think handling the TLS error gracefully is orthogonal to whether or
not nss-certs is installed.
There are other X.509 certificate collections available on the systems
that Guix supports, and even some Guix packages use their own
collections. Also, programs that need to look up certificates tend to
find them via environment variables, so if one wanted to use nss-certs,
it's not enough just to install it.
https://www.gnu.org/software/guix/manual/en/html_node/X_002e509-Certificates.html
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#33272; Package
guix.
(Mon, 05 Nov 2018 20:40:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 33272 <at> debbugs.gnu.org (full text, mbox):
Hi
On 2018-11-05 21:26, Leo Famulari wrote:
> On Mon, Nov 05, 2018 at 12:16:08PM +0100, swedebugia wrote:
> IMO a better solution is to catch the error and print an informative
> message. Already, the error message at the end is coming from Guix, but
> we should hide the backtrace and add a hint towards a solution.
>
> I think handling the TLS error gracefully is orthogonal to whether or
> not nss-certs is installed.
Agreed.
>
> There are other X.509 certificate collections available on the systems
> that Guix supports, and even some Guix packages use their own
> collections. Also, programs that need to look up certificates tend to
> find them via environment variables, so if one wanted to use nss-certs,
> it's not enough just to install it.
>
> https://www.gnu.org/software/guix/manual/en/html_node/X_002e509-Certificates.html
Sounds like a good idea.
How do we catch the error?
--
Cheers
Swedebugia
Information forwarded
to
bug-guix <at> gnu.org:
bug#33272; Package
guix.
(Mon, 05 Nov 2018 20:49:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 33272 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Nov 05, 2018 at 09:39:15PM +0100, swedebugia wrote:
> How do we catch the error?
I am basically a novice Schemer still, so you will have to figure out
most of this on your own, unless someone else brings more advice :)
In general, dealing with exceptions in Guile:
https://www.gnu.org/software/guile/manual/html_node/Exceptions.html
There are lots of examples of how to use those mechanisms in the Guix
source code — the error message in your original email comes from a
caught exception in (guix build download).
You'll need to find out what is crashing and generating the backtrace,
and then decide what counts as a failure mode that we want to catch in
that context.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#33272; Package
guix.
(Tue, 06 Nov 2018 11:37:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 33272 <at> debbugs.gnu.org (full text, mbox):
Hi
On 2018-11-05 21:48, Leo Famulari wrote:
> On Mon, Nov 05, 2018 at 09:39:15PM +0100, swedebugia wrote:
>> How do we catch the error?
> I am basically a novice Schemer still, so you will have to figure out
> most of this on your own, unless someone else brings more advice :)
Me too
> In general, dealing with exceptions in Guile:
>
> https://www.gnu.org/software/guile/manual/html_node/Exceptions.html
>
> There are lots of examples of how to use those mechanisms in the Guix
> source code — the error message in your original email comes from a
> caught exception in (guix build download).
>
> You'll need to find out what is crashing and generating the backtrace,
> and then decide what counts as a failure mode that we want to catch in
> that context.
Thank you for the tips. This sounds too complicated for me to bite at my
current skill level.
--
Cheers
Swedebugia
Information forwarded
to
bug-guix <at> gnu.org:
bug#33272; Package
guix.
(Tue, 06 Nov 2018 17:37:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 33272 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Nov 06, 2018 at 12:42:07PM +0100, swedebugia wrote:
> Thank you for the tips. This sounds too complicated for me to bite at my
> current skill level.
Perhaps, but you may be surprised what you can achieve with a few hours
of focused reading and trial-and-error experimentation. If you find the
time and motivation I recommend you give it a shot!
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 218 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.