From unknown Fri Jun 13 10:29:53 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#49369 <49369@debbugs.gnu.org>
To: bug#49369 <49369@debbugs.gnu.org>
Subject: Status: Duplicated SSL_CERT_DIR value, and the cuirass service
Reply-To: bug#49369 <49369@debbugs.gnu.org>
Date: Fri, 13 Jun 2025 17:29:53 +0000

retitle 49369 Duplicated SSL_CERT_DIR value, and the cuirass service
reassign 49369 guix
submitter 49369 Vivien Kraus <vivien@planete-kraus.eu>
severity 49369 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 03 18:35:53 2021
Received: (at submit) by debbugs.gnu.org; 3 Jul 2021 22:35:53 +0000
Received: from localhost ([127.0.0.1]:40048 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lzoEr-0000RL-Hb
	for submit@debbugs.gnu.org; Sat, 03 Jul 2021 18:35:53 -0400
Received: from lists.gnu.org ([209.51.188.17]:43734)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <vivien@planete-kraus.eu>) id 1lzoEo-0000RD-H6
 for submit@debbugs.gnu.org; Sat, 03 Jul 2021 18:35:52 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34006)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <vivien@planete-kraus.eu>)
 id 1lzoEo-0006hM-70
 for bug-guix@gnu.org; Sat, 03 Jul 2021 18:35:50 -0400
Received: from planete-kraus.eu ([2a00:5881:4008:2810::309]:48388)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
 (Exim 4.90_1) (envelope-from <vivien@planete-kraus.eu>)
 id 1lzoEm-0001hT-Hm
 for bug-guix@gnu.org; Sat, 03 Jul 2021 18:35:50 -0400
Received: from planete-kraus.eu (localhost.lan [127.0.0.1])
 by planete-kraus.eu (OpenSMTPD) with ESMTP id 01edee39
 for <bug-guix@gnu.org>; Sat, 3 Jul 2021 22:35:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h=
 message-id:subject:from:to:date:content-type:mime-version
 :content-transfer-encoding; s=*; bh=kbB7tez1vqWNXEo5lQYtQOYi7h8=; b=
 msKTTYdqDwGEf3Br7C6dJEXeN/xcv2ossVQLSnrBOWD1XvH4AbtbwWkNbP2h/hmw
 GHtZShfGMt3rNhpcqZugNcV0olkXEUqW7ovHmHYyotapyQ1L0XT7vJHgxwuHoZMx
 Q9A7x4sClv4GFwWihZTIYkMlC7FDNld7tuetzhDPxCo=
Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id cea12773
 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO)
 for <bug-guix@gnu.org>; Sat, 3 Jul 2021 22:35:25 +0000 (UTC)
Message-ID: <1395ae41f9e93ee1c489d1eaa17032b0a640098e.camel@planete-kraus.eu>
Subject: Duplicated SSL_CERT_DIR value, and the cuirass service
From: Vivien Kraus <vivien@planete-kraus.eu>
To: bug-guix@gnu.org
Date: Sun, 04 Jul 2021 00:35:35 +0200
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:5881:4008:2810::309;
 envelope-from=vivien@planete-kraus.eu; helo=planete-kraus.eu
X-Spam_score_int: -16
X-Spam_score: -1.7
X-Spam_bar: -
X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Dear guix,

When I set up the cuirass service, my /run/current-
system/profile/etc/profile file goes from:

export SSL_CERT_DIR="${GUIX_PROFILE:-
/gnu/store/v7yks560hnm9zkjw1ynsavfdgwbvkq9w-
profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"

to:

export SSL_CERT_DIR="${GUIX_PROFILE:-
/gnu/store/4zby6gn6kv92mn4mck4jw3jxcs82821p-profile}/etc/ssl/certs"

Notice how with cuirass, the variable is expanded to potentially
multiple values.

As a result (I don’t fully understand why), with the cuirass service in
place, my $SSL_CERT_DIR is set to:

/run/current-system/profile/etc/ssl/certs:/run/current-
system/profile/etc/ssl/certs

(notice the duplicated entry)

Due to that, the guile web client is broken because guile does not
support a colon-separated path in SSL_CERT_DIR.

Attributing the blame to this breakage is tricky, because guile is not
100% clean (it should support a path), it’s not clear to me why cuirass
needs to re-define SSL_CERT_DIR, but maybe guix should not consider
that cuirass is installed when it is used as a service.

Best regards,

Vivien