GNU bug report logs - #38254
Download code should honor /etc/ssl/certs/*.crt

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Mon, 18 Nov 2019 09:33:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludovic.courtes <at> inria.fr>
Subject: bug#38254: closed (Re: bug#38254: Download code should honor
 /etc/ssl/certs/*.crt)
Date: Mon, 18 Nov 2019 11:22:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#38254: Download code should honor /etc/ssl/certs/*.crt

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 38254 <at> debbugs.gnu.org.

-- 
38254: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=38254
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: 38254-done <at> debbugs.gnu.org
Subject: Re: bug#38254: Download code should honor /etc/ssl/certs/*.crt
Date: Mon, 18 Nov 2019 12:21:38 +0100

Ludovic Courtès <ludovic.courtes <at> inria.fr> skribis:

> Some distros such as CentOS 7 with its ‘ca-certificates’ package provide
> nothing but a certificate bundle in /etc/ssl:
>
> $ ls -l /etc/ssl/certs/
> total 12
> lrwxrwxrwx. 1 root root   49  8 nov.  16:44 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> lrwxrwxrwx. 1 root root   55  8 nov.  16:44 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> -rwxr-xr-x. 1 root root  610 30 oct.   2018 make-dummy-cert
> -rw-r--r--. 1 root root 2516 30 oct.   2018 Makefile
> -rwxr-xr-x. 1 root root  829 30 oct.   2018 renew-dummy-cert
>
> As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, ‘guix download’ &
> co. (anything that relies on (guix build download)) fail because they
> looks for /etc/ssl/certs/*.pem by default and there’s no such file.

Fixed in 0d78d0f09c10f5c7a25ac2ab4da4197913cd3321.

Ludo'.


[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
To: bug-Guix <at> gnu.org
Subject: Download code should honor /etc/ssl/certs/*.crt
Date: Mon, 18 Nov 2019 10:29:06 +0100

Hello,

Some distros such as CentOS 7 with its ‘ca-certificates’ package provide
nothing but a certificate bundle in /etc/ssl:

--8<---------------cut here---------------start------------->8---
$ ls -l /etc/ssl/certs/
total 12
lrwxrwxrwx. 1 root root   49  8 nov.  16:44 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55  8 nov.  16:44 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rwxr-xr-x. 1 root root  610 30 oct.   2018 make-dummy-cert
-rw-r--r--. 1 root root 2516 30 oct.   2018 Makefile
-rwxr-xr-x. 1 root root  829 30 oct.   2018 renew-dummy-cert
--8<---------------cut here---------------end--------------->8---

As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, ‘guix download’ &
co. (anything that relies on (guix build download)) fail because they
looks for /etc/ssl/certs/*.pem by default and there’s no such file.

Thanks,
Ludo’.
This bug report was last modified 5 years and 269 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.