GNU bug report logs - #46829
Let's Encrypt certificate store (le-certs) expired

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: Christopher Baines <mail <at> cbaines.net>, 46829 <at> debbugs.gnu.org
Subject: bug#46829: Fresh install of 1.2.0 can't guix pull
Date: Mon, 12 Apr 2021 14:25:11 +0200

Hi Leo,

Leo Famulari <leo <at> famulari.name> skribis:

> I couldn't figure out how to test an update of the Guix package, but
> here is my patch updating le-certs.

Cool!

> `make update-guix-package` segfaults for me, sometime after it updates
> the source tree but before adding the source checkout to the store.

Could you grab a backtrace, with:

  gdb $(which guile) core

where ‘core’ is the core file (it might live elsewhere on a foreign
distro).  It could be that the foreign distro packages being used are
buggy, or that a mixture of Guix- and distro-provided libraries are
being loaded.

In the meantime, you could also update the ‘guix’ package by hand for
testing purposes.

> From f0da45e7b78a6dd2b51dec1a948ea95866811c02 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo <at> famulari.name>
> Date: Mon, 12 Apr 2021 02:19:33 -0400
> Subject: [PATCH] gnu: le-certs: Update to new Let's Encrypt certificates.
>
> * gnu/packages/certs.scm (le-certs): Update the certificate store.
> [inputs]: Add isrgrootx2.pem, letsencryptauthorityr3.pem,
> letsencryptauthorityr4.pem, letsencryptauthoritye1.pem, and
> letsencryptauthoritye2.pem. Remove letsencryptauthorityx3.pem and
> letsencryptauthorityx4.pem.
> [arguments]: Adjust the builder accordingly.

Nice!  So how do we know if/when this has to be updated?  Maybe we can
add a ‘release-monitoring-url’ property?

I just checked that the files currently in use were still there, and
they are, but they’re outdated.

Thanks!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.