From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 26 23:36:03 2020 Received: (at submit) by debbugs.gnu.org; 27 Jun 2020 03:36:03 +0000 Received: from localhost ([127.0.0.1]:43382 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jp1dL-0000Ef-C3 for submit@debbugs.gnu.org; Fri, 26 Jun 2020 23:36:03 -0400 Received: from lists.gnu.org ([209.51.188.17]:46460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jp1dI-0000EE-RC for submit@debbugs.gnu.org; Fri, 26 Jun 2020 23:36:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42956) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jp1dI-0001b1-KZ for bug-guix@gnu.org; Fri, 26 Jun 2020 23:36:00 -0400 Received: from mx1.riseup.net ([198.252.153.129]:34688) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jp1dG-0007lV-M7 for bug-guix@gnu.org; Fri, 26 Jun 2020 23:36:00 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49tztN47TgzFdXP for ; Fri, 26 Jun 2020 20:35:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1593228956; bh=m0CDgH6bJhrOBUozqne/YLwi1RnORejHsGr+EZkbJG0=; h=Date:From:To:Subject:From; b=eqfKXx5cKFWedfOZl/xbOllPW4lUh7dNZ7Io6gvZnCFQhJkqNEe/coQQIOaItjmXl iHjzd3P1KNBci/wwKfEJ1LZQgc+Z5SdVM+/jzcAIoadJV8Gt+WINX+SlFWc3cJpWf8 MPYqtOhe2GxxXEvc81Xm2AJtSSIrohbfB/aCdvYM= X-Riseup-User-ID: 79D5C6CC7D30461F5291FD13B3E04AE4B3984778D34109AE4DCFA241272C56DC Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49tztM62pqzJqVQ for ; Fri, 26 Jun 2020 20:35:55 -0700 (PDT) Date: Sat, 27 Jun 2020 05:35:51 +0200 From: raingloom To: Guix Bugs Subject: SSL_CERT_* variables and GVFS (and probably more) are not initialized if you don't use GDM Message-ID: <20200627053551.63452543@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/26 23:35:56 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) Hi all! As the subject says, the initialization of the all important environment variables that Guix is built around are rather lacking. I had a lot of SSL related errors for weeks until I figured out that it was caused by SSL_CERT_{DIR,FILE} not being set. I consider this rather serious as it makes it difficult to use git, download things, or even access the web to find help in debugging the issue. The other thing that is not set up is GVFS. This used to be an issue on the default GDM based setups as well, but has been fixed a few months ago. However, it was evidently not fixed universally, as seemingly every other way of logging in does not start GVFS. If users are expected to set this up for themselves, then we need proper documentation on where it should be done, but ideally these services should be working even in a plain console login. I hope we can actually fix this properly this time. My particular setup is SDDM+Sway+Zsh, but I've tested others as well and they all failed. My other machine uses GDM+i3 and that has no issues. From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 27 05:53:08 2020 Received: (at 42076) by debbugs.gnu.org; 27 Jun 2020 09:53:08 +0000 Received: from localhost ([127.0.0.1]:43497 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jp7WG-0003NO-IG for submit@debbugs.gnu.org; Sat, 27 Jun 2020 05:53:08 -0400 Received: from tobias.gr ([80.241.217.52]:33000) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jp7WD-0003NE-AS for 42076@debbugs.gnu.org; Sat, 27 Jun 2020 05:53:07 -0400 Received: by tobias.gr (OpenSMTPD) with ESMTP id bb41785b; Sat, 27 Jun 2020 09:53:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc :subject:references:in-reply-to:message-id:date:mime-version :content-type:content-transfer-encoding; s=2018; i=me@tobias.gr; bh=vWDGsmLNEUHbcKrc8qWV58jeRAodPLdrWSzk0AZtlFk=; b=h7HYMyLVfhYD qBISgJ5CL07RSQQRnc9EpwO6jmU60uzSYoR7d4Fl0qC6Xp0hZvzTVDZvy8ns2jTy 6JLiUECFQhMHge1Am3FwWXISXJ6V8FQIu0WYCj67owKXlMWoNZIMiWGXT3d5lBmw kB8sGTNxvd3x8/Y3Z5N1+y4IvngO3dItmhUl3JPOtKLSKDi5m4hIxZat7WpBaSgx A1JLWGi/c2uWQs0VcM/z4ypSKwtApWUDaazqyymZCLnlSanMmth6AtOnF8M8Exik e8ARK0RnuWJSu07eBLk3m1MxMELQ2pUQ0YDSrEwjgtuNEy+r9Y1ZIRKjFzZ5SoEc zn5B/sOYhw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 198c1a63 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sat, 27 Jun 2020 09:53:06 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: raingloom Subject: Re: bug#42076: SSL_CERT_* variables and GVFS (and probably more) are not initialized if you don't use GDM References: <20200627053551.63452543@riseup.net> In-reply-to: <20200627053551.63452543@riseup.net> Message-ID: <871rm0suma.fsf@nckx> Date: Sat, 27 Jun 2020 11:53:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42076 Cc: 42076@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Thanks for the bug report. How are these two things related? Did=20 GVFS start working when you fixed your certs? Is GVFS failing=20 because of other unset search paths? They should be tracked as=20 separate bug #s otherwise. It's not true that =E2=80=98SSL_CERT_* variables are not initialized if=20 you don't use GDM=E2=80=99: they're initialised if a package declares a=20 native-search-path requirement on them, and another package in the=20 same profile provides matching files. How were you failing to =E2=80=98download things=E2=80=99, =E2=80=98access = the web=E2=80=99? How=20 did you fix it? I see that wget doesn't declare any search-paths. That's odd=20 (bug?) but I don't use it. I prefer curl, which does declare SSL_CERT_* search-paths:=20 installing it will set SSL_CERT_{DIR,FILE} in the profile as long=20 as there are (nss-)certs in that same profile to point at. git, on the other hand, doesn't use SSL_CERT_*, but=20 GIT_SSL_CAINFO. Here too, users don't need to care about the=20 variable(s) because Guix sets them up as soon as certs are=20 installed alongside. If you install the (nss-)certs to a different profile than all=20 SSL_CERT_* consumers, this won't happen. An ugly hack-around=20 would be to add native-seach-paths entries to the providing=20 packages which would unconditionally set them. I'm not convinced=20 this case is worth supporting. I've not used GVFS & can't say anything sensible about it. Kind regards, T G-R From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 27 22:27:58 2020 Received: (at 42076) by debbugs.gnu.org; 28 Jun 2020 02:27:58 +0000 Received: from localhost ([127.0.0.1]:44891 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpN30-0007Lw-95 for submit@debbugs.gnu.org; Sat, 27 Jun 2020 22:27:58 -0400 Received: from mx1.riseup.net ([198.252.153.129]:34802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpN2x-0007Lm-Ll for 42076@debbugs.gnu.org; Sat, 27 Jun 2020 22:27:56 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49vZKQ678zzFd2c for <42076@debbugs.gnu.org>; Sat, 27 Jun 2020 19:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1593311274; bh=0FOIu7g31r4E+X+OuqeVHAWK00s9nZj5eSuD5DzYPcM=; h=Date:From:To:Subject:In-Reply-To:References:From; b=ligqpbhti/Gcm80fgVtXMWeH91b8UWA/JDdWi52VFsM2MN/nZJBIu5Oc0R/4v3ZjR qjaMPhmoqGHn9f87mdAX55xcXWLO0N58Vkwb2ptLCXUuzwe0YQQI5Svnu+bS3btw7h dDGiQdsXu8Gif/44vLxeoG2NrirPeChLQcg6hTZ8= X-Riseup-User-ID: 8A2DDA41679E97C270494AB3973C20CD767EA3762AC72ED8F97973ECB090DD95 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49vZKQ2Rs3zJnDp for <42076@debbugs.gnu.org>; Sat, 27 Jun 2020 19:27:53 -0700 (PDT) Date: Sat, 27 Jun 2020 22:16:05 +0200 From: raingloom To: 42076@debbugs.gnu.org Subject: Re: bug#42076: SSL_CERT_* variables and GVFS (and probably more) are not initialized if you don't use GDM Message-ID: <20200627221605.38116e75@riseup.net> In-Reply-To: <871rm0suma.fsf@nckx> References: <20200627053551.63452543@riseup.net> <871rm0suma.fsf@nckx> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.4 (/) X-Debbugs-Envelope-To: 42076 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.6 (/) On Sat, 27 Jun 2020 11:53:01 +0200 Tobias Geerinckx-Rice wrote: > Hi! >=20 > Thanks for the bug report. How are these two things related? Did=20 > GVFS start working when you fixed your certs? Is GVFS failing=20 > because of other unset search paths? They should be tracked as=20 > separate bug #s otherwise. No idea, I don't know enough about GVFS to know how it's initalized. But this falls into the same category for me, ie.: a bunch of things are not initalized. But actually I've already made a bug report about it, it's just that nobody replied to it. See 41927. > It's not true that =E2=80=98SSL_CERT_* variables are not initialized if=20 > you don't use GDM=E2=80=99: they're initialised if a package declares a=20 > native-search-path requirement on them, and another package in the=20 > same profile provides matching files. >=20 > How were you failing to =E2=80=98download things=E2=80=99, =E2=80=98acces= s the web=E2=80=99? How=20 > did you fix it? SSL errors. They can probably be worked around, but it's annoying. And turning SSL off isn't the solution. I fixed it by setting SSL_CERT_{DIR,FILE} to the entries in /etc. Having nss-certs in the ad-hoc environment was not enough. for instance, Netsurf still does not work. (guix environment --ad-hoc nss-certs netsurf -- netsurf-gtk3) > I see that wget doesn't declare any search-paths. That's odd=20 > (bug?) but I don't use it. >=20 > I prefer curl, which does declare SSL_CERT_* search-paths:=20 > installing it will set SSL_CERT_{DIR,FILE} in the profile as long=20 > as there are (nss-)certs in that same profile to point at. Putting curl in the ad-hoc environment does fix it for Netsurf. So that's a bug in the Netsurf package I guess. > git, on the other hand, doesn't use SSL_CERT_*, but=20 > GIT_SSL_CAINFO. Here too, users don't need to care about the=20 > variable(s) because Guix sets them up as soon as certs are=20 > installed alongside. Git did work with `guix environment --ad-hoc nss-certs`, but since nss-certs is installed globally, I don't understand why that should be necessary. Or, well, I kind of do understand now, but I consider this a bug. The templates in gnu/system/examples/ all imply that nss-certs is necessary for HTTPS and that installing it system wide is enough. And it should be enough. > If you install the (nss-)certs to a different profile than all=20 > SSL_CERT_* consumers, this won't happen. An ugly hack-around=20 > would be to add native-seach-paths entries to the providing=20 > packages which would unconditionally set them. I'm not convinced=20 > this case is worth supporting. I don't think having undocumented broken edge cases is a good idea. =20 > I've not used GVFS & can't say anything sensible about it. >=20 > Kind regards, >=20 > T G-R Thanks for the help! From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 13 23:36:14 2022 Received: (at 42076) by debbugs.gnu.org; 14 Jul 2022 03:36:14 +0000 Received: from localhost ([127.0.0.1]:48227 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBpeA-0004zL-ED for submit@debbugs.gnu.org; Wed, 13 Jul 2022 23:36:14 -0400 Received: from mail-qv1-f48.google.com ([209.85.219.48]:41714) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBpe7-0004z5-3U for 42076@debbugs.gnu.org; Wed, 13 Jul 2022 23:36:14 -0400 Received: by mail-qv1-f48.google.com with SMTP id v5so587393qvq.8 for <42076@debbugs.gnu.org>; Wed, 13 Jul 2022 20:36:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=jC/enhrnxPalpxbSTGAzdGCYVtNHZzh9WSTLr4xcIic=; b=DKIZUl0vuSjNKK0FOSJ5rF0+TgV6hFIs+f659C9YXI64UdONmgNsCnHz7EW4qMCTPS pB3NMzKGZIBidoE1fUBzORdSwmFz1J42gRKEAQmsT3Wkzu1mdIzXVrDMINMb92RGqfon BQsjyhhK70n1bq2CiH53uh+99iNe9j8ZrvS1FAG+OADX5fOKAe0HvZAWR6gNaTTGNQ92 1Vm40EI6z4yX6BMZEjN46HGtJBkcPPawreqlJcp0hGiNd90/Twr40yCbUOSOSR1jFPpE Sgb85TcZIvlnIvM92dtWsFU98FOqkC13sgGthTiafqmkkhhTUHQYSjXCGsnbM2FITY1B yuIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=jC/enhrnxPalpxbSTGAzdGCYVtNHZzh9WSTLr4xcIic=; b=dLfJNI0ZcaimO5l9jWAK9N+YjzT2wwA9yuJbDPUUXhCr+BArBkxNzSnqQpQGXlF1ni oWHYahANgGrHyvg7Lt7mTSm6KBcd3HNahckT+WDvAGUxbcK8RnbMIgHBSY1IAhPghnpU 8g/RwSO1OqxNvKVuu2UmBdWG6t9r1csgwVleo0klslj9NFA5z8q9CzkDUUj5bgcYkser kVHUVXvbVu014r3Ez5XXGTQd1coXxcmeC/4BgFp3jlNP8mF0PBdwvkjsD+XzPC7JvJQn lSckK3oUqCTAFkkGPzPwEIAi482C1VZ5uPcrcIJyLuE+9jxdFrJXUxjyQYhH0COR2j0J uxIA== X-Gm-Message-State: AJIora/6rBfj4NIOA+6STyLwZsKMKPwhfHRMl1prIFfFKH4cHTYqdm1+ f1adIM5rXysTMgl13MFOVvLbTdQibcbZ7NdP X-Google-Smtp-Source: AGRyM1sXczagevuq+bTaCA4TUtweDcUM8ztKTLX7lnu0RX1HbLfPxNpHidteV5OsdxV5FwMAK2JFwg== X-Received: by 2002:a05:6214:501c:b0:473:2f9:c2dd with SMTP id jo28-20020a056214501c00b0047302f9c2ddmr5923919qvb.50.1657769765294; Wed, 13 Jul 2022 20:36:05 -0700 (PDT) Received: from hurd (dsl-10-133-49.b2b2c.ca. [72.10.133.49]) by smtp.gmail.com with ESMTPSA id u12-20020a05620a454c00b006a716fed4d6sm436147qkp.50.2022.07.13.20.36.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Jul 2022 20:36:04 -0700 (PDT) From: Maxim Cournoyer To: raingloom Subject: Re: bug#42076: SSL_CERT_* variables and GVFS (and probably more) are not initialized if you don't use GDM References: <20200627053551.63452543@riseup.net> <871rm0suma.fsf@nckx> <20200627221605.38116e75@riseup.net> Date: Wed, 13 Jul 2022 23:36:03 -0400 In-Reply-To: <20200627221605.38116e75@riseup.net> (raingloom@riseup.net's message of "Sat, 27 Jun 2020 22:16:05 +0200") Message-ID: <87sfn4xt5o.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 42076 Cc: 42076@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi raingloom, raingloom writes: > On Sat, 27 Jun 2020 11:53:01 +0200 > Tobias Geerinckx-Rice wrote: > >> Hi! >> >> Thanks for the bug report. How are these two things related? Did >> GVFS start working when you fixed your certs? Is GVFS failing >> because of other unset search paths? They should be tracked as >> separate bug #s otherwise. > > No idea, I don't know enough about GVFS to know how it's initalized. > But this falls into the same category for me, ie.: a bunch of things > are not initalized. > But actually I've already made a bug report about it, it's just that > nobody replied to it. See 41927. I agree the user experience often suffers from the fact that: 1. it's not obvious that consumers applications are the ones typically causing environment variables to be defined. 2. the system and user profiles are not merged, which often lead to surprises (I have this in my operating-system, and that in my user profile, and they don't work together!). 1. would be (mostly?) addressed with #22138, and 2. with #20255. If you'd like to participate in fixing these, there are at least a patch to try in 20255, I believe. Given these issues are known and tracked already, I'll close this bug. Thanks, Maxim