From unknown Sat Aug 16 21:02:05 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#36817 <36817@debbugs.gnu.org> To: bug#36817 <36817@debbugs.gnu.org> Subject: Status: Guix Download Fails When SSL_CERT_DIR is a Colon-Separated Path Reply-To: bug#36817 <36817@debbugs.gnu.org> Date: Sun, 17 Aug 2025 04:02:05 +0000 retitle 36817 Guix Download Fails When SSL_CERT_DIR is a Colon-Separated Pa= th reassign 36817 guix submitter 36817 Katherine Cox-Buday severity 36817 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 26 12:48:49 2019 Received: (at submit) by debbugs.gnu.org; 26 Jul 2019 16:48:49 +0000 Received: from localhost ([127.0.0.1]:43293 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hr3Oh-0007nY-TW for submit@debbugs.gnu.org; Fri, 26 Jul 2019 12:48:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:41235) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hr3Of-0007nN-Vv for submit@debbugs.gnu.org; Fri, 26 Jul 2019 12:48:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58385) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hr3Oe-00010Y-1e for bug-guix@gnu.org; Fri, 26 Jul 2019 12:48:44 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hr3Oc-0002CQ-25 for bug-guix@gnu.org; Fri, 26 Jul 2019 12:48:43 -0400 Received: from mail-io1-xd2a.google.com ([2607:f8b0:4864:20::d2a]:39420) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hr3Ob-00025c-SO for bug-guix@gnu.org; Fri, 26 Jul 2019 12:48:42 -0400 Received: by mail-io1-xd2a.google.com with SMTP id f4so106153528ioh.6 for ; Fri, 26 Jul 2019 09:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:user-agent:mime-version; bh=JhdpZRT+HvOT8R1Fl864U2Y4OxesJjne0XItN/LDGSE=; b=OiXR82IMVYXlSsLEBKdQTNl2mujPVG8xYeluz6803Ovmpcv+LhQACfen3EX4TXlfxK nUNGo775SlQGzINQDKpUb4eupRcH0UWKkEhKw3NCTEbzFtmSoaPvYDHwI2B3mA0BiXnl KNNAj2T8sfm2xRPbpXCqfIFSxGpehGB0AU1PrzrxoDFgFUHVgnA72FGEUfcj7WW4gaPT IbYWGhBV3po8f6GcbrRXLVJQWXucmJbVwxrvBKg6sWQdcZy2aVjPau3OOif6YwYhShJI sUcfWoRqSBzwbrTEKMURahqVQwyUlI+zoFx7T5gyCqPGrh6dNG7+coFsyYcUr0936baL qFnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :mime-version; bh=JhdpZRT+HvOT8R1Fl864U2Y4OxesJjne0XItN/LDGSE=; b=X94hDeTGhmrca+UI/CJBMkUngE1FoP3aqg7sQzv5haJglQOY/GlS6OzNymuqUUlRcd sFafmZBFgujaDvrcid5tNFDp+X3iExClm7OqgoOS7wJ7qlY7f4UnI+7a86DK+CFFenf7 ol4eqvZXy46V/srOO3rXk7aoxYlWTyf44k5aHv9isuYTQSbH8LQyp2e2KVenYYHUOP2q /pTd64Uh/rCGQ0K3JqziXzOIeI7Mi2TByTtYQjcWMdNIiA3B/5GKWPr2s7sPjSCtSJFO vsrGoZYHMHYbjI6p0aIBOTsSf7VjK5UR4S0r/jGoUGlFXwpFvzGuiPMJMk+9XIq6ZzBO wMsA== X-Gm-Message-State: APjAAAVgsYUkK1yaqWNprbtcTm97Hll0avReKEbAkl9eQ4kdvJFat2fy RVXzUafhbXxrEq+WqEvizBfIfXPP X-Google-Smtp-Source: APXvYqyLUTsqt8arjWwowrYOp/mRHKxzk9ZUCFLwqFYT8eBjZB0E/L8JjlR3j/RXn2lWDBeDFQEUHA== X-Received: by 2002:a6b:b843:: with SMTP id i64mr92970282iof.81.1564159718759; Fri, 26 Jul 2019 09:48:38 -0700 (PDT) Received: from gazelle-pro (172-221-246-205.dhcp.chtrptr.net. [172.221.246.205]) by smtp.gmail.com with ESMTPSA id b3sm45320275iot.23.2019.07.26.09.48.36 for (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 26 Jul 2019 09:48:37 -0700 (PDT) From: Katherine Cox-Buday To: bug-guix@gnu.org Subject: Guix Download Fails When SSL_CERT_DIR is a Colon-Separated Path Date: Fri, 26 Jul 2019 11:48:36 -0500 Message-ID: <87tvb8ivx7.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::d2a X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) I was receiving X.509 certificate errors when attempting to run `guix download`. After investigating, I found that it was because my `SSL_CERT_DIR` environmental variable had two paths separated by a colon. The two paths were actually the same. After removing the second path, `guix download` began working again. Wondering how the duplicate paths came to be, I discovered that `${GUIX_PROFILE}/etc/profile` had two exports defined for `SSL_CERT_DIR`. I discovered this was because I had both openssl and libressl installed (if memory serves, I needed openssl for some development task that relied on an idiosyncrasy of openssl). Removing openssl removed the duplicate entry. I think there may be two bugs: 1. `guix download` needs to respect colon-separated paths. 2. The profile mechanics in Guix should probably have some way to check if they're redefining the same thing before placing things in `etc/profile`. Thank you to everyone for all of your hard work, and for Guix. -- Katherine From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 09 20:12:05 2019 Received: (at 36817-done) by debbugs.gnu.org; 10 Nov 2019 01:12:05 +0000 Received: from localhost ([127.0.0.1]:50517 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iTblt-00044z-6O for submit@debbugs.gnu.org; Sat, 09 Nov 2019 20:12:05 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34645) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iTblq-00044U-FH for 36817-done@debbugs.gnu.org; Sat, 09 Nov 2019 20:12:03 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 82F65200E3; Sat, 9 Nov 2019 20:11:56 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 09 Nov 2019 20:11:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm1; bh=gkAqvoxjdXNN1hEyTqPqWtm+Oc sSyZD7Po9SGuDQWXo=; b=Nd+NMNIsq4urySfEVYhJdlhttkazj/ScNewRXPjXfB imF2ExCGSaQLbR6lXheH5uf3JJcsNoHRgkTaB54WDqoUZDcGhhcjnpPd7ngHKPTE lTAc8BZ0wdRnXmdRXY0KF87zhkdSMQTN3ZEA9vaGU0bzyr7TeaAoDvOb+7DYpRc7 FQxXUneZoCyoi07jbDati+HnPSFNaz5V8TWOnmg/9PZT0FpQHvx6EFbCNBb19VkD tzdQlM5Nqp5R+cYMddS+yezal6AhYV2QhAGtXBVOqj752We3adiiagDK24bQRSmS 6IXf4U2XGLZL5lpqIfm6Qj3lj/HOWMEA1JBm6rj2vATA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=gkAqvo xjdXNN1hEyTqPqWtm+OcsSyZD7Po9SGuDQWXo=; b=FIzopITaSJquAKjzpPvxIs DYQtIeiBsvVA+MDXeeYsVc2kSVZTD+F0BPEmPTuK1mDLAjVnGG0un8Kclpj9rDPL pBfU6UF0pdHagOeIB46u8uVZfGIBY0Uao4qERXInHfUqbFnWlztfMxuTMOoH/vJH AroVOOZXUPzpeKHhtsLgwdT8GUrAs03yv430o8BRaqsSDAmMu+om9HbS96wS5ad9 nUIN9KTB/HL+qVXr25JfgxZdj9qNz2AmxveXoum9LlnWTiFtZ8+w0ZuuRPw/T7jf 6jtpv1PpGc/V/pmqTgXVdIVGy1hjsaP8TkPVg29B0xIpbwwfMUAz4tgHpLBFfJ7w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddvgedgvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffujghffgffkfggtgesghdtre ertdertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghs thhmrghilhdrtghomheqnecukfhppeekgedrhedvrddvvdeirddutddvnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhs thgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (84-52-226.102.3p.ntebredband.no [84.52.226.102]) by mail.messagingengine.com (Postfix) with ESMTPA id E59E1306005B; Sat, 9 Nov 2019 20:11:55 -0500 (EST) From: Marius Bakke To: Katherine Cox-Buday , 36817-done@debbugs.gnu.org Subject: Re: bug#36817: Guix Download Fails When SSL_CERT_DIR is a Colon-Separated Path In-Reply-To: <87tvb8ivx7.fsf@gmail.com> References: <87tvb8ivx7.fsf@gmail.com> User-Agent: Notmuch/0.29.1 (https://notmuchmail.org) Emacs/26.3 (x86_64-pc-linux-gnu) Date: Sun, 10 Nov 2019 02:11:53 +0100 Message-ID: <87woc8leli.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 36817-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Katherine, (...sorry for the sloooooow response...) Katherine Cox-Buday writes: > I was receiving X.509 certificate errors when attempting to run `guix > download`. After investigating, I found that it was because my > `SSL_CERT_DIR` environmental variable had two paths separated by a > colon. The two paths were actually the same. After removing the second > path, `guix download` began working again. > > Wondering how the duplicate paths came to be, I discovered that > `${GUIX_PROFILE}/etc/profile` had two exports defined for > `SSL_CERT_DIR`. I discovered this was because I had both openssl and > libressl installed (if memory serves, I needed openssl for some > development task that relied on an idiosyncrasy of openssl). Removing > openssl removed the duplicate entry. The duplicate exports was because the search path specifications of OpenSSL and LibreSSL have slightly different "signatures": the former has a "singly entry" search path, whereas LibreSSLs native-search-paths have a TODO comment suggesting that they too should be single-entry. I've fixed it by resolving the TODO: now including both packages in the same profile will point SSL_CERT_DIR to the profile union. > I think there may be two bugs: > > 1. `guix download` needs to respect colon-separated paths. Adding support for multiple SSL_CERT_DIR paths could be useful, but I think the real problem was that LibreSSL and OpenSSL caused inconsistent entries. Thus, I'm closing this issue, but feel free to reopen if you disagree. :-) > 2. The profile mechanics in Guix should probably have some way to check > if they're redefining the same thing before placing things in `etc/profile`. Let's open a separate bug report for this if it turns out to be a recurring problem. > Thank you to everyone for all of your hard work, and for Guix. Thank you for the report, and the kind words! :-) Fixed in 04cfe91efd41a89d7d01d2cd7b736213059dde5a. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl3HY9kACgkQoqBt8qM6 VPoIHggAjKTh6lynQoclWe1k9k6vW0OtYZxHB94Edf7Y6a2woncpwtvp7KKiM5wl gTIVIibnTu63huvYatez/SADzdYzF+CIf2JA8UF2Q+SEaMKbUqZnqrE2VJhObmbu ZdyFev1Qs+D1CPpvSz9oX/kt1QR+teNx+Wvpruwn15jAmRq7RFtuOhqsSJ+XBAC1 h50QchuMDT9Lw8CskvORIJZsf1fE8HMeJnD5mvryPMNZbnhb6X7NMT3xTPQHRN8B p0g/fGJTxNYQX7MU3ux0VUyQaQGsRre0anGFGqavNycY7XqFah699a4KUz0V534n 39Pk0uwWsat6a3QGogzPSVj0HJVvYQ== =L1k5 -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Aug 16 21:02:05 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 08 Dec 2019 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator