GNU bug report logs - #46829
Let's Encrypt certificate store (le-certs) expired

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#46829: closed (Let's Encrypt certificate store (le-certs)
 expired)
Date: Wed, 14 Apr 2021 01:09:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Tue, 13 Apr 2021 21:08:20 -0400
with message-id <YHZAhP90p6o49811 <at> jasmine.lan>
and subject line Re: bug#46829: Fresh install of 1.2.0 can't guix pull
has caused the debbugs.gnu.org bug report #46829,
regarding Let's Encrypt certificate store (le-certs) expired
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
46829: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=46829
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Christopher Baines <mail <at> cbaines.net>
To: bug-guix <at> gnu.org
Subject: Fresh install of 1.2.0 can't guix pull
Date: Sun, 28 Feb 2021 10:27:02 +0000

[Message part 3 (text/plain, inline)]

I believe there's TLS issues with pulling for the current 1.2.0 release.

root <at> horna ~# guix pull
substitute: updating substitutes from 'https://guix.cbaines.net'... 100.0%
0.0 MB will be downloaded
downloading from https://guix.cbaines.net/nar/lzip/zg72c146skpca45ijvjigqhqgx0mwiny-le-certs-0 ...
 le-certs-0  4KiB                                                                                                                                                           1.8MiB/s 00:00 [##################] 100.0%

Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix pull: error: Git error: the SSL certificate is invalid

root <at> horna ~# wget https://git.savannah.gnu.org/git/guix.git
--2021-02-28 11:22:49--  https://git.savannah.gnu.org/git/guix.git
Resolving git.savannah.gnu.org (git.savannah.gnu.org)... 209.51.188.201, 2001:470:142:5::201
Connecting to git.savannah.gnu.org (git.savannah.gnu.org)|209.51.188.201|:443... connected.
ERROR: The certificate of ‘git.savannah.gnu.org’ is not trusted.
ERROR: The certificate of ‘git.savannah.gnu.org’ doesn't have a known issuer.


This is probably possible to work around by doing:

  guix pull --url=http://git.savannah.gnu.org/git/guix.git

As the commit signatures are checked, the risk of not using HTTPS should
be reduced.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Leo Famulari <leo <at> famulari.name>
To: Christopher Baines <mail <at> cbaines.net>
Cc: 46829-done <at> debbugs.gnu.org
Subject: Re: bug#46829: Fresh install of 1.2.0 can't guix pull
Date: Tue, 13 Apr 2021 21:08:20 -0400

[Message part 6 (text/plain, inline)]

On Sun, Feb 28, 2021 at 10:27:02AM +0000, Christopher Baines wrote:
> root <at> horna ~# guix pull
> substitute: updating substitutes from 'https://guix.cbaines.net'... 100.0%
> 0.0 MB will be downloaded
> downloading from https://guix.cbaines.net/nar/lzip/zg72c146skpca45ijvjigqhqgx0mwiny-le-certs-0 ...
>  le-certs-0  4KiB                                                                                                                                                           1.8MiB/s 00:00 [##################] 100.0%
> 
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> guix pull: error: Git error: the SSL certificate is invalid

This should be fixed with commit
a758a8a3c20052c5f1228e1ec80068652bbc3849, which updates the Guix package
to include commit 15de49e60b255b98a53c6de4780e1ae95a8beada.

There's nothing we can do for the 1.2.0 release artifacts at this point.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.