GNU bug report logs -
#48325
update of julia to 1.6.1
Previous Next
Reported by: Jean-Baptiste Volatier <jbv <at> pm.me>
Date: Mon, 10 May 2021 00:43:02 UTC
Severity: normal
Done: Efraim Flashner <efraim <at> flashner.co.il>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Jean-Baptiste Volatier schreef op zo 04-07-2021 om 07:17 [+0000]:
> On Saturday, July 3rd, 2021 at 9:54 PM, Maxime Devos <maximedevos <at> telenet.be> wrote:
>
> > What are the reasons for adding "nss-certs" here?
>
> nss-certs is added to address this: https://github.com/JuliaLang/julia/issues/40185
> Quoting Sacha0 from github:
>
> > IIRC generate_precompile builds a mock registry to avoid going to network, but
> > the cert issue that nico202 mentioned breaks that mock setup, and downstream
> > operations subsequently try to go to network.
>
> It is only needed to build the julia package.
> Cheers,
> JB.
I see. The following still applies though:
‘Also, it should be possible to update the certificate bundle
(e.g. if it turns out some root was or became evil or something,
or was compromised) quickly, without going through a world rebuild.
So dependencies on "nss-certs" should be avoided.’
So perhaps you could define a "nss-certs-for-tests" variable
(currently just pointing to nss-certs), and add "nss-certs-for-tests" to
#:disallowed-references to prevent "nss-certs-for-tests" being used at
run-time?
I don't quite see _why_ Julia needs certificates at build time though ...
Also, I wonder if this causes reproducibility issues --- if we try to rebuild
julia after, say, 50 years, e.g. by using "guix time-machine", wouldn't the
certificates become invalid, and would therefore the build of Julia fail?
Greetings,
Maxime.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 349 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.