From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 24 13:23:29 2019 Received: (at submit) by debbugs.gnu.org; 24 Jun 2019 17:23:30 +0000 Received: from localhost ([127.0.0.1]:57890 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfSgj-0006AM-KC for submit@debbugs.gnu.org; Mon, 24 Jun 2019 13:23:29 -0400 Received: from lists.gnu.org ([209.51.188.17]:44065) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfSgg-0006AC-PX for submit@debbugs.gnu.org; Mon, 24 Jun 2019 13:23:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44616) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hfSgf-0003VZ-ER for bug-guix@gnu.org; Mon, 24 Jun 2019 13:23:26 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hfSge-0003X6-4f for bug-guix@gnu.org; Mon, 24 Jun 2019 13:23:25 -0400 Received: from lepiller.eu ([2a00:5884:8208::1]:52646) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hfSgd-0003JP-Qd for bug-guix@gnu.org; Mon, 24 Jun 2019 13:23:24 -0400 Received: from tachikoma.lepiller.eu (89-92-10-229.hfc.dyn.abo.bbox.fr [89.92.10.229]) by lepiller.eu (OpenSMTPD) with ESMTPSA id bd913a00 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Mon, 24 Jun 2019 17:23:13 +0000 (UTC) Date: Mon, 24 Jun 2019 19:23:02 +0200 From: Julien Lepiller To: bug-guix@gnu.org Subject: let's encrypt hash mismatch Message-ID: <20190624192302.0eccdd72@tachikoma.lepiller.eu> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:5884:8208::1 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! trying to run guix pull on the overdrive at my place to try and fix a bug in openssh which doesn't start at boot, I get this error message: building /gnu/store/qvrwd6v9jy50j121f963v7rps8fc8qsa-isrgrootx1.pem.drv... building /gnu/store/3s8l6bg8gsfxrqallc5w02drl1m021ky-letsencryptauthorityx3= .pem.drv... Starting download of /gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem From https://letsencrypt.org/certs/isrgrootx1.pem... Starting download of /gnu/store/bcq7sqhg18b7b1q87j8z60d5hybsdafm-letsencryptauthorityx3.pem =46rom https://letsencrypt.org/certs/letsencryptauthorityx3.pem... downloading from https://letsencrypt.org/certs/isrgrootx1.pem... downloading from https://letsencrypt.org/certs/letsencryptauthorityx3.pem... letsencryptauthorityx3.pem 2KiB 385KiB/s 00:00 [##################] 100.0% sha256 hash mismatch for /gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem: expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y actual hash: 0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac hash mismatch for store item '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build of /gnu/store/qvrwd6v9jy50j121f963v7rps8fc8qsa-isrgrootx1.pem.drv failed View build log at '/var/log/guix/drvs/qv/rwd6v9jy50j121f963v7rps8fc8qsa-isrgrootx1.pem.drv.b= z2'. cannot build derivation `/gnu/store/03xigpq7w1ll67ydrwhjydmybdj5gd2i-le-certs-0.drv': 1 dependencies couldn't be built guix pull: error: build failed: build of `/gnu/store/03xigpq7w1ll67ydrwhjydmybdj5gd2i-le-certs-0.drv' failed Thanks! From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 24 14:44:20 2019 Received: (at 36363) by debbugs.gnu.org; 24 Jun 2019 18:44:20 +0000 Received: from localhost ([127.0.0.1]:57962 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfTwy-0001z4-0C for submit@debbugs.gnu.org; Mon, 24 Jun 2019 14:44:20 -0400 Received: from tobias.gr ([80.241.217.52]:37950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfTwv-0001yq-ME for 36363@debbugs.gnu.org; Mon, 24 Jun 2019 14:44:18 -0400 Received: by tobias.gr (OpenSMTPD) with ESMTP id 7dadd4f1; Mon, 24 Jun 2019 18:44:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc :subject:references:in-reply-to:date:message-id:mime-version :content-type; s=2018; i=me@tobias.gr; bh=vIeb8ZsXjt8hjA2FqVPjdu qmsBJxjaayyrJJDIeEqNM=; b=kqKi3CIDgteJjkQpivPxNxQ5NQFKaQ7QKtAMDR JYYGZ22wThAJAwHfSeNOfEpXLm1AifTomArQCuz8kArsRTE8k9BRTc4vAnqj3Fzi xsqcn3fpkpw8pI+3ZlQPHIFyVxs6grtWkNLby7vZs8X5v02LPPalDdVvh2TjJBTE ldoA9o2/QNNFr81RXzmn5Ej/fuVeSkaC2F7fpJPVnPfRRHDo96Kr1jfMEfIH9OHn svD3YvQ3NNBNuWaFUOgC1n1BtYVXu86ghylyMlDoStNcbjTUWu2m9w8ZBQSFW/9A /4GjaoqaRuXfiDil3Iq9k3Nnum1M9BiZ239JSO9kUTMuNHeQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 767b6289 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Mon, 24 Jun 2019 18:44:08 +0000 (UTC) From: Tobias Geerinckx-Rice To: julien lepiller Subject: Re: bug#36363: let's encrypt hash mismatch References: <20190624192302.0eccdd72@tachikoma.lepiller.eu> In-reply-to: <20190624192302.0eccdd72@tachikoma.lepiller.eu> Date: Mon, 24 Jun 2019 20:44:07 +0200 Message-ID: <87pnn2su14.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36363 Cc: 36363@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Julien, Julien Lepiller wrote: > trying to run guix pull on the overdrive at my place to try and=20 > fix a > bug in openssh which doesn't start at boot, I get this error=20 > message: [=E2=80=A6] > letsencryptauthorityx3.pem 2KiB 385KiB/s 00:00 > [##################] 100.0% sha256 hash mismatch > for /gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem: > expected hash:=20 > 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y > actual hash:=20 > 0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac This will keep happening until we find(/create) a versioned URL=20 for these files. Let's Encrypt like to change them in place. The last time this happened they'd added CR/LF line endings for no=20 reason at all, but this time I don't have the old version around=20 anymore=E2=80=A6 Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXREZ9wAKCRANsP+IT1Vt eb68AP9kHVa3N5XK+oVT5VWBbR0tESbh6hwE8xU+FpY/C0xi7QD+M1IwdZwag8Zz oQCHuZx4oKQuhwfOUDuhJCPvOxu5RA0= =hqxO -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 24 16:09:39 2019 Received: (at 36363) by debbugs.gnu.org; 24 Jun 2019 20:09:39 +0000 Received: from localhost ([127.0.0.1]:58077 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfVHX-0000zv-4T for submit@debbugs.gnu.org; Mon, 24 Jun 2019 16:09:39 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51921) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfVHS-0000zh-Ve for 36363@debbugs.gnu.org; Mon, 24 Jun 2019 16:09:35 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43351) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hfVHM-0002fa-F0; Mon, 24 Jun 2019 16:09:28 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43808 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hfVHK-0007Of-0c; Mon, 24 Jun 2019 16:09:27 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Julien Lepiller Subject: Re: bug#36363: let's encrypt hash mismatch References: <20190624192302.0eccdd72@tachikoma.lepiller.eu> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 6 Messidor an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 24 Jun 2019 22:09:23 +0200 In-Reply-To: <20190624192302.0eccdd72@tachikoma.lepiller.eu> (Julien Lepiller's message of "Mon, 24 Jun 2019 19:23:02 +0200") Message-ID: <874l4e4ufg.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36363 Cc: 36363@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Julien, Julien Lepiller skribis: > expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y > actual hash: 0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac > hash mismatch for store item > '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build I believe you=E2=80=99d be fine if substitutes were enabled, but they=E2=80= =99re not. In the meantime, you can fetch those files with something like: wget -O /tmp/isrgrootx1.pem \ http://berlin.guix.gnu.org/file/isrgrootx1.pem/sha256/0zhd1ps7sz4w1x52x= k3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y guix download file:///tmp/isrgrootx1.pem But yeah, like Tobias writes, it=E2=80=99s a bit of a problem. Should we m= irror them somewhere? Does Let=E2=80=99s Encrypt have them under a versioned URL elsewhere? HTH, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 21 19:12:43 2019 Received: (at 36363) by debbugs.gnu.org; 21 Jul 2019 23:12:44 +0000 Received: from localhost ([127.0.0.1]:59675 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hpL0V-00081M-HC for submit@debbugs.gnu.org; Sun, 21 Jul 2019 19:12:43 -0400 Received: from mail-pf1-f180.google.com ([209.85.210.180]:33674) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hpL0R-00080p-4o for 36363@debbugs.gnu.org; Sun, 21 Jul 2019 19:12:39 -0400 Received: by mail-pf1-f180.google.com with SMTP id g2so16450265pfq.0 for <36363@debbugs.gnu.org>; Sun, 21 Jul 2019 16:12:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=26rNDn52TYsW0/3MWq+psC/WONAqFSbXoFXWbW+OndQ=; b=n4aMZTbZgyNmibocBqsbhCb96FR9sJHli4g4OIrLm3K3X2VHKoAu2HZSpo3DMd2yNs V2enENE3HYpJmyB9u6ErJfkGvtpQ+xqcLJf6+EiMW883bz26nVRedCy05DI8Lzj6sDzZ XR6pN5nVqYv+LGyHXsee3JT2PJCgxmobqYQvBsmjUDjF8cp1Ag+/kuw4NMW4qQFxJ8dX vVp5lmh2t8NKCi+FGntI5oEcqH1n+by13E2sn48ICJZsk33RorGlVMjkn4s2eXdTQ5E7 gbFtmFUFC/7DeR8dg8cf7mWxz/s+WydSY7ClRtAtExzaZCJKpr10YRHsWroEY+2NYUdp j4lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=26rNDn52TYsW0/3MWq+psC/WONAqFSbXoFXWbW+OndQ=; b=JLnKIu4II4qPfg5jQ19JqgePF+Q+fbbwqXNVHMsWWKj0e+X1Q3v92EsNcJDFQ81WjP quH7QT9mh+74UC9uNuDL8ffKWMfk+uxy26s/LtiKRQM5QEbsoLkUPdozykSdbt7KCFI8 wBqVR2JCzZO188BxrL/VCFlZFgfhO5onI+wTynPJfsVgiWDVbmPa5GUkdD7Fd/WwHiBB GMUNnVaFk0gFuvHCEgINRx1wrJhS/Z42KgLgQr1xqbYQD+3TVFwU9BeKAF8TLdamfVp9 zq7pGBK+SYn/0IMsmpadCUVXDIHfHGDWlUX8nbHsaSxJix30D+z1NQIbof32i4z1IkvP Jlag== X-Gm-Message-State: APjAAAWmaSjA22DVikMsBefuRKOvotkHFOSty8RErQjAMNk2Hp5seSz0 i6GkKciYMNgAnW8ONOylK/WRpw3o X-Google-Smtp-Source: APXvYqy/emfNKDE3qFRQcySK3ScAJvl6aZITz5AQW7zqZSF9aCeVEsNsaeTLTY7qfic9lM/Pb+FN1g== X-Received: by 2002:a17:90a:3225:: with SMTP id k34mr72684400pjb.31.1563750752769; Sun, 21 Jul 2019 16:12:32 -0700 (PDT) Received: from garuda.local ([2601:601:9d80:25b2::d12]) by smtp.gmail.com with ESMTPSA id 22sm43364485pfu.179.2019.07.21.16.12.30 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 21 Jul 2019 16:12:31 -0700 (PDT) From: Chris Marusich To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#36363: let's encrypt hash mismatch References: <20190624192302.0eccdd72@tachikoma.lepiller.eu> <874l4e4ufg.fsf@gnu.org> Date: Sun, 21 Jul 2019 16:12:25 -0700 In-Reply-To: <874l4e4ufg.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 24 Jun 2019 22:09:23 +0200") Message-ID: <87y30rugme.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 36363 Cc: 36363@debbugs.gnu.org, Julien Lepiller X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Julien Lepiller skribis: > >> expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y >> actual hash: 0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac >> hash mismatch for store item >> '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build > > I believe you=E2=80=99d be fine if substitutes were enabled, but they=E2= =80=99re not. > > In the meantime, you can fetch those files with something like: > > wget -O /tmp/isrgrootx1.pem \ > http://berlin.guix.gnu.org/file/isrgrootx1.pem/sha256/0zhd1ps7sz4w1x5= 2xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y > guix download file:///tmp/isrgrootx1.pem > > But yeah, like Tobias writes, it=E2=80=99s a bit of a problem. Should we= mirror > them somewhere? Does Let=E2=80=99s Encrypt have them under a versioned U= RL > elsewhere? What is Guix using these files for? I realize it's got something to do with TLS, but it isn't clear to me why Guix downloads these certs. I don't have the full context, so please forgive me if my comments are unhelpful, but before deciding to use stale versions, I think it's worth asking, "Could using a stale version introduce any security risk?" Maybe there's a reason why LE doesn't publish the old versions. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl008VkACgkQ3UCaFdgi Rp2GNxAA0qvrADUFzZq1uMo9cV6oPXrNk+ujIWV5Cy2/O4CHQGJdguZUkARmg/bW BIxBTpCbZYNfwta0GfbruZWY22ukpRRTJYHpROUmYJFTrYmcC+Hb//J4jK3KYAGc WI38xcOblUTqIu3z4RebWo8/BzmR2Sf6RMOO6fyDuAHmDD4ifwMZaXbbWHpff5Qp ow+GguKurhC4ieknVN+kAHOdmPI39XZ9g+tPWsTVmWQ3Y7wqo4eBQkb0USI2aSM4 gQXeAZzc8cfvek1MWaw+KiJ4HLtYpu1FFJ9Jqic11jfY5DMtdva110+NKBPr0Y5C 5BRBOgRfGvbfO0HRa4Bt6R7QeiaqyKza01vS3vStIrp4gtkLH/NlDU5d5+OSP1wF 4PCDHb1cooKxumNr4lDc+t6RRIF3joHjEV+ZNaV+MtLSnLR3TJSx+GtnWPindAoo FQ+HWBFAo41WCMBvjkffFy26z4WfW7JqtEhMvkkNXcs/GONSS9rwwIoyG9+THI/a Kr+Vi4MswDi2wJAtayC/0LAgYE9k6ItJGIOeXjXNd10Y9fDqPwDCNP3SKrhxbB4L Q70+x6yBpjlgzo3JE2WG5glcT+j+S50F18XhVfdJ4wHsHYxceKfzo8U4edSwW3df IzBKjoCSgCML9vMXbe0/5Ndxtw1r9zV3b/gTX04uCSC3V88NHNc= =Jh12 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 22 06:34:22 2019 Received: (at 36363) by debbugs.gnu.org; 22 Jul 2019 10:34:22 +0000 Received: from localhost ([127.0.0.1]:59997 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hpVeA-0008VZ-7q for submit@debbugs.gnu.org; Mon, 22 Jul 2019 06:34:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51577) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hpVe8-0008VM-Cn for 36363@debbugs.gnu.org; Mon, 22 Jul 2019 06:34:20 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56184) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hpVe1-0005V6-DM; Mon, 22 Jul 2019 06:34:13 -0400 Received: from [2a01:e35:2ffd:930:d5d6:61ca:ae54:d991] (port=41454 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hpVdy-0007br-8n; Mon, 22 Jul 2019 06:34:12 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Chris Marusich Subject: Re: bug#36363: let's encrypt hash mismatch References: <20190624192302.0eccdd72@tachikoma.lepiller.eu> <874l4e4ufg.fsf@gnu.org> <87y30rugme.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 4 Thermidor an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 22 Jul 2019 12:34:05 +0200 In-Reply-To: <87y30rugme.fsf@gmail.com> (Chris Marusich's message of "Sun, 21 Jul 2019 16:12:25 -0700") Message-ID: <87tvbe2w9u.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36363 Cc: 36363@debbugs.gnu.org, Julien Lepiller X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Chris, Chris Marusich skribis: > Ludovic Court=C3=A8s writes: > >> Julien Lepiller skribis: >> >>> expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y >>> actual hash: 0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac >>> hash mismatch for store item >>> '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build >> >> I believe you=E2=80=99d be fine if substitutes were enabled, but they=E2= =80=99re not. >> >> In the meantime, you can fetch those files with something like: >> >> wget -O /tmp/isrgrootx1.pem \ >> http://berlin.guix.gnu.org/file/isrgrootx1.pem/sha256/0zhd1ps7sz4w1x= 52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y >> guix download file:///tmp/isrgrootx1.pem >> >> But yeah, like Tobias writes, it=E2=80=99s a bit of a problem. Should w= e mirror >> them somewhere? Does Let=E2=80=99s Encrypt have them under a versioned = URL >> elsewhere? > > What is Guix using these files for? I realize it's got something to do > with TLS, but it isn't clear to me why Guix downloads these certs. This is used by (guix scripts pull) so we can always authenticate git.savannah.gnu.org when we fetch from the Git repo. It=E2=80=99s used if= and only if certificates aren=E2=80=99t available system-wide (see =E2=80=98honor-x509-certificates=E2=80=99.) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 09 08:04:32 2020 Received: (at 36363-done) by debbugs.gnu.org; 9 Oct 2020 12:04:32 +0000 Received: from localhost ([127.0.0.1]:34348 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kQr8S-000297-8B for submit@debbugs.gnu.org; Fri, 09 Oct 2020 08:04:32 -0400 Received: from tobias.gr ([80.241.217.52]:40198) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kQr8P-00028w-PO for 36363-done@debbugs.gnu.org; Fri, 09 Oct 2020 08:04:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=zv51U9CACWhls+wnPI2ldYd8mBW1qoqJIjuSFrfM5JU=; h=date:subject:to: from; b=Yw84OOQA+oLrr8b0CVPg7QeHBxPaT4Vj8AmWPunSxZ8r95Wci7vHMAJUT6MU7t twI6fBPSKYcKN8c58wMw+wKmes2GpSx2w8ce/Im7C0ggXEgPHBOGq9oDwf7Dd9iLYvPtps 1+4KmcV70/tDzcRExq2dEOnXh5s5SPHWTfZbEa/5Qh05U8KbF0qviPCONc6u7f4E5DJG2m tsj4IIlwG39qpEJGrc6ICEZyRzVOhTER10VVUnJ+Glk1VLuCTwe7IjqDkB+I3hGPvpMTn8 9gkpLkMcHA+2pUM9MjaYAb3rz+6wacPqsKmbwQFJNDRnSjnVJOZMUSkmy1w6mg2WcCRgYg == Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 9af75344 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO) for <36363-done@debbugs.gnu.org>; Fri, 9 Oct 2020 12:04:38 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: 36363-done@debbugs.gnu.org Subject: Re: let's encrypt hash mismatch Date: Fri, 09 Oct 2020 14:04:29 +0200 Message-ID: <87tuv3zjua.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36363-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; format=flowed Closing as this specific failure has passed and any wider discussion shouldn't happen here. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCX4BRzQ0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15NdcA/0uKQzqwnoNxf9CDppeyHLr0fekdsszfX6P0zc7H epkLAP92PCVCFiKNrIVTV5Aq5v32BqO8U3+4RXTijH5Qay3NAQ== =xegd -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Aug 16 13:49:11 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 06 Nov 2020 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator